To enable a standard web access log for Tomcat, you must uncomment the 'AccessLogValve' directive in the Tomcat server.xml file. Under JBoss, this file is typically found at:
server\default\deploy\jbossweb-tomcat50.sar\server.xml
Note that the valve does not report the authenticated user if you are using the JCIFS NTLM filter.