Tracking user ID through tomcat-access logs

Idea created by wt0069224 on May 16, 2018
    Under review
    Score0

    It would be useful if tomcat-access log entries identified the user that made the request. It is currently possible to do so manually, in a somewhat crude manner:

    1. For the log entry in question, find the "user:some-long-code" value in the BbRouter cookie.
    2. Search on that value to find all tomcat-access entries associated with that user.
    3. Find a request such as "GET /learn/api/v1/users/_<x>_1/memberships", then you know that the user ID is <x>.
    4. Search kibana with duid=<x>, and look at the value of the duser field to get the username.
    5. Reverse this process to find all tomcat-access entries for a given username (or use REST to get the uuid of the user you're interested in).

     

    It would be nice if the Kibana pipeline could do this for us, and associate a duid/duser with every tomcat-access log entry, so that we could search on duser:<y> to find all page accesses for a user. Notably, this includes quite a bit more information than the activity_accumulator.

     

    Presumably Kibana can pull in the BbRouter cookie's user value directly from the users DB table, since it's just the uuid there.

    Product Version (if applicable):1