It is my understanding that the log format is supposed to match apache2. However, escaping is not the same. As a concrete example, if there is a " in the User-Agent and you use the combined format, apache2 gives 127.0.0.1 - - [27/Feb/2017:14:31:48 +0000] "GET / HTTP/1.1" 401 17277 "-" "Agent \"Test\"" While Tomcat gives 127.0.0.1 - - [27/Feb/2017:14:31:48 +0000] "GET / HTTP/1.1" 401 17277 "-" "Agent "Test"" The latter cannot be parsed safely.
Created attachment 34787 [details] Escape characters like httpd I am not sure about the correct handling of chars with values out of the ASCII range. I believe they are double encoded now. But quotes and alike should be escaped correctly. My first thought was to combine this escaping with ExtendedAccessLogValve, but it seems, that the quotes are explicitly coded as "" instead of \".
Created attachment 34788 [details] Escape characters like httpd Use ISO-8859-1 to decode String into bytes.
Using Felix's patch as a starting point, I've put together this PR: https://github.com/apache/tomcat/pull/384
Fixed in: - 10.0.x for 10.0.1 onwards - 9.0.x for 9.0.42 onwards - 8.5.x for 8.5.62 onwards