How to rotate tomcat logs so I only keep x number of logs.

How to change tomcat log retention in DLP.

Tomcat has 2 log files that you can enable rotation on.  First is the tomcat access log and the second is the localhost log itself.

Enable log rotation on Tomcat Access log:

To enable log rotation first open server.xml from 'C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<DLP Version>\Protect\tomcat\conf' with a text editor.  There are two values that you want to insert and in this example I will use 5 days.  You can use any number of days you would like to configure.

maxDays="5"

rotatable="true"

Next look for the line that starts with "Valve className" and insert the above two properties and save the file.  For example, the end result will look like the following:

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="C:/ProgramData/Symantec/DataLossPrevention/EnforceServer/<DLP Version>/logs/tomcat" maxDays="5" pattern="%h %l %{currentUser}s %t &quot;%r&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; %{com.vontu.manager.session.label}s %D %S" prefix="localhost_access_log" rotatable="true" resolveHosts="false" suffix=".txt"/>

Save and exit the file.

Enable log rotation on Tomcat localhost log:

To enable log rotation on the localhost log you will need to modify the ManagerLogging.properties file on the Enforce server.  You need to add the below line in the ManagerLogging.Properties file.

org.apache.juli.FileHandler.maxDays = NumberOfDaysToKeep

NumberOfDaysToKeep should be a numeric value for the number of days you want to keep the localhost file.  For example, if I wanted to keep the log for 5 days i would modify the above line to look like the following:

org.apache.juli.FileHandler.maxDays = 5

Now on where to put this entry.  You can actually add it to the bottem of the file but to make it look neat and tidy, I would recommend putting it with all the other config lines for the localhost file.  For example:

org.apache.juli.FileHandler.level = INFO
org.apache.juli.FileHandler.directory = C:/ProgramData/Symantec/DataLossPrevention/EnforceServer/<ver>/logs/tomcat
org.apache.juli.FileHandler.prefix = localhost.
org.apache.juli.FileHandler.formatter = com.vontu.logging.JuliNonLocalizingThreadLoggingFormatter
org.apache.juli.FileHandler.maxDays = 5

Above you can see all the configuration for the localhost file and at the end of that our new line is entered.  Save the file and exit.

Once the above changes are made, restart the Symantec DLP Manager Service.  Once it gets a chance to rotate the logs overnight, you should see the the same number of log files you configured in our setting.