Writing your own class that extends org.apache.catalina.valves.AccessLogValve would be the easiest way to enhance the access logs (to exclude sensitive information in selected URLs from the logs for instance). However AccessLogValve is marked "final" so it cannot be extended. Is there a good reason to make this class final?
Fix for next 5.5 release