Tim Holloway wrote:No, you don't need to muck around with your Tomcat or JVM settings - and especially not the security settings.
It is better, however, if you give an absolute pathname and not a relative name for your logfile, and yes, the log4j.properties file must be located in the WEB-INF/classes directory of your WAR. Whether Tomcat exploded it out or not, it does have to be in the orignal WAR that you deploy.
Incidentally, just in case you didn't know - and it's not well documented - when an exploded WAR is detected in the Tomcat webapps directory and an unexploded WAR is present in the same directory, the exploded WAR is the one that gets used. Even if the unexploded WAR is newer than the exploded WAR! The safest way to deploy is either to delete both exploded and unexploded copies before updating or to turn off the option to explode.