There are three ways to enable access logging for a Spring Boot application.

1. Using application.yml or application.properties

For this option, simply add the following to your application.yml file:

server:
  tomcat:
    accesslog:
      enabled: true
      directory: "/dev"
      prefix: stdout
      buffered: false
      suffix:
      file-date-format:
      pattern: "[ACCESS] %{org.apache.catalina.AccessLog.RemoteAddr}r %l %t %D %F %B %r %s vcap_request_id:%{X-Vcap-Request-Id}i"

If you're using an application.properties file, add the following to the file: 

server.tomcat.accesslog.enabled: true
server.tomcat.accesslog.directory: "/dev"
server.tomcat.accesslog.prefix: stdout
server.tomcat.accesslog.buffered: false
server.tomcat.accesslog.suffix:
server.tomcat.accesslog.file-date-format:
server.tomcat.accesslog.pattern: "[ACCESS] %{org.apache.catalina.AccessLog.RemoteAddr}r %l %t %D %F %B %r %s vcap_request_id:%{X-Vcap-Request-Id}i"

Then build a new JAR or WAR file and `cf push` your new file to Cloud Foundry.

2. Using environment variables

If you do not want to modify the application or cannot modify the application, you can make the same configuration change using environment variables. To do this, edit your manifest.yml file and add an `env:` block with the following variables:

...
  env:
    SERVER_TOMCAT_ACCESSLOG_ENABLED: true
    SERVER_TOMCAT_ACCESSLOG_DIRECTORY: /dev
    SERVER_TOMCAT_ACCESSLOG_PREFIX: stdout
    SERVER_TOMCAT_ACCESSLOG_BUFFERED: false
    SERVER_TOMCAT_ACCESSLOG_SUFFIX:
    SERVER_TOMCAT_ACCESSLOG_FILE_DATE_FORMAT:
    SERVER_TOMCAT_ACCESSLOG_PATTERN: "[ACCESS] %{org.apache.catalina.AccessLog.RemoteAddr}r %l %t %D %F %B %r %s vcap_request_id:%{X-Vcap-Request-Id}i"

3. Using cf cli or Apps Manager 

Alternatively, you could run `cf set-env` once for each variable and set them this way. You could also set them through Apps Manager.

After setting the environment variables or adding them to your manifest.yml, run `cf push` to redeploy the application. After the app restarts, you should see access log entries for every request to the application through `cf logs`.

Access log entries

cf logs will have the following entries 

The RTR logs entry

  2025-08-06T15:40:10.31-0600 [RTR/0] OUT spring-app.example.com - [2025-08-06T21:40:10.138543543Z] "GET / HTTP/1.1" 200 0 27 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "192.192.192:40708" "192.192.192.192:61042" x_forwarded_for:"100.100.100.100, 192.192.192.192" x_forwarded_proto:"https" vcap_request_id:"abcdefg-1234-1234-428a-abcdefghijkl" response_time:0.176178 gorouter_time:0.000538 app_id:"871ba43d-e35f-43f3-8e99-df0e4c6d1d93" app_index:"0" instance_id:"16264735-1f07-427f-5c1c-00a6" x_cf_routererror:"-" x_b3_traceid:"f2629adc523348a2428ad56be25c78a1" x_b3_spanid:"428ad56be25c78a1" x_b3_parentspanid:"-" b3:"f2629adc523348a2428ad56be25c78a1-428ad56be25c78a1"
   

And the Access log entry

   2025-08-06T15:40:10.31-0600 [APP/REV/8/PROC/WEB/0] OUT [ACCESS] 100.100.100.100 - [06/Aug/2025:21:40:10 +0000] 167792 157 27 GET / HTTP/1.1 200 vcap_request_id:abcdefg-1234-1234-428a-abcdefghijkl

The format above contains the following information, which is the default information used by the Java buildpack when it configures Tomcat:

• %{org.apache.catalina.AccessLog.RemoteAddr}r - remote client IP (after adjustment by the remote ip valve)
• %l - remote user (usually just `-`)
• %t - timestamp of the request
• %D - Time taken to process the request in microseconds in tomcat 10.x
• %F - Time taken to commit the response, in millis
• %B - Bytes sent, excluding HTTP headers
• %r -  First line of the request (method and request URI)
• % s - HTTP status code of the response
• %{X-Vcap-Request-Id}i - VCAP Request ID (for tracing/correlation purposes)

Adjust this format by modifying the "pattern" configuration option. The list of values supported by Tomcat can be found here.