diff --git a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
index dbdbd2a8c2..c1a7726498 100644
--- a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
+++ b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
@@ -226,7 +226,7 @@ public void start() {
         valve.setMaxDays(EmbeddedServerUtil.getIntConfig(ACCESS_LOG_ROTATE_MAX_DAYS, 15));
         valve.setRenameOnRotate(EmbeddedServerUtil.getBooleanConfig(ACCESS_LOG_ROTATE_RENAME_ON_ROTATE, false));
 
-        String defaultAccessLogPattern = servername.equalsIgnoreCase(KMS_SERVER_NAME) ? "%h %l %u %t \"%m %U\" %s %b %D" : "%h %l %u %t \"%r\" %s %b %D";
+        String defaultAccessLogPattern = servername.equalsIgnoreCase(KMS_SERVER_NAME) ? "%h %l %u %t \"%m %U\" %s %b %D %{eek_op}r" : "%h %l %u %t \"%r\" %s %b %D";
         String logPattern              = EmbeddedServerUtil.getConfig(ACCESS_LOG_PATTERN, defaultAccessLogPattern);
 
         valve.setPattern(logPattern);
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
index 3116b46712..bb92a48800 100644
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
@@ -31,6 +31,7 @@
 import javax.servlet.http.HttpServletResponse;
 
 import java.io.IOException;
+import java.net.URLDecoder;
 
 /**
  * Servlet filter that captures context of the HTTP request to be use in the
@@ -40,6 +41,8 @@
 public class KMSMDCFilter implements Filter {
     static final String RANGER_KMS_REST_API_PATH = "/kms/api/status";
 
+    private static final String EEK_OP_CODE = "eek_op";
+
     private static final ThreadLocal<Data> DATA_TL = new ThreadLocal<>();
 
     public static UserGroupInformation getUgi() {
@@ -54,6 +57,10 @@ public static String getURL() {
         return DATA_TL.get().url;
     }
 
+    public static String getOperation() {
+        return DATA_TL.get().operation;
+    }
+
     @Override
     public void init(FilterConfig config) throws ServletException {
     }
@@ -62,6 +69,7 @@ public void init(FilterConfig config) throws ServletException {
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
         try {
             String              path = ((HttpServletRequest) request).getRequestURI();
+            HttpServletRequest  req  = (HttpServletRequest) request;
             HttpServletResponse resp = (HttpServletResponse) response;
 
             if (path.startsWith(RANGER_KMS_REST_API_PATH)) {
@@ -70,15 +78,32 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
                 DATA_TL.remove();
 
                 UserGroupInformation ugi         = HttpUserGroupInformation.get();
-                String               method      = ((HttpServletRequest) request).getMethod();
-                StringBuffer         requestURL  = ((HttpServletRequest) request).getRequestURL();
-                String               queryString = ((HttpServletRequest) request).getQueryString();
+                String               method      = req.getMethod();
+                StringBuffer         requestURL  = req.getRequestURL();
+                String               queryString = req.getQueryString();
+
+                // Extract operation from query parameters if present
+                String operation = null;
+                if (path.contains("/_eek") && queryString != null) {
+                    for (String param : queryString.split("&")) {
+                        String[] kv = param.split("=", 2);
+                        if (kv.length == 2 && "eek_op".equals(kv[0])) {
+                            operation = URLDecoder.decode(kv[1], "UTF-8");
+                            break;
+                        }
+                    }
+                }
 
                 if (queryString != null) {
                     requestURL.append("?").append(queryString);
                 }
 
-                DATA_TL.set(new Data(ugi, method, requestURL.toString()));
+                // Store opCode in request attribute for Tomcat access logs
+                if (operation != null) {
+                    req.setAttribute(EEK_OP_CODE, operation);
+                }
+
+                DATA_TL.set(new Data(ugi, method, requestURL.toString(), operation));
 
                 chain.doFilter(request, resp);
             }
@@ -95,11 +120,13 @@ private static class Data {
         private final UserGroupInformation ugi;
         private final String               method;
         private final String               url;
+        private final String               operation;
 
-        private Data(UserGroupInformation ugi, String method, String url) {
-            this.ugi    = ugi;
-            this.method = method;
-            this.url    = url;
+        private Data(UserGroupInformation ugi, String method, String url, String operation) {
+            this.ugi       = ugi;
+            this.method    = method;
+            this.url       = url;
+            this.operation = operation;
         }
     }
 }