Skip to content

Instantly share code, notes, and snippets.

@dasniko

dasniko/keycloak-events-logging-cli.md

Last active April 24, 2025 06:50
Show Gist options
  • Save dasniko/ff86c335414d5c5fe3af7fa303bb1ab1 to your computer and use it in GitHub Desktop.
Save dasniko/ff86c335414d5c5fe3af7fa303bb1ab1 to your computer and use it in GitHub Desktop.
Download ZIP
How to log Keycloak authentication related events...
Raw
keycloak-events-logging-cli.md

Keycloak Events Logging CLI commands

The default Keycloak jboss-logging events listener logs the SUCCESS-events on level DEBUG and all ERROR-events on level WARN. The default logging level of the root logger is INFO, so the SUCCESS-events won't occur in the log output.

To change this and to be able to read all the events in the log output, there are 2 options (choose one of them!):

  1. Change log level of the org.keycloak.events category logger:
/subsystem=logging/logger=org.keycloak.events/:add(category=org.keycloak.events,level=DEBUG)
  1. Configure the jboss-logging listener accordingly:

As per default, there is no eventsListener SPI config in the Keycloak configuration. To be able to configure the jboss-logging listener, we'll have to create the proper SPI node in the keycloak-server subsystem first, then add the desired log levels.

/subsystem=keycloak-server/spi=eventsListener:add
/subsystem=keycloak-server/spi=eventsListener/provider=jboss-logging:add(enabled=true)
/subsystem=keycloak-server/spi=eventsListener/provider=jboss-logging:write-attribute(name=properties.success-level,value=info)
/subsystem=keycloak-server/spi=eventsListener/provider=jboss-logging:write-attribute(name=properties.error-level,value=warn)

Now the events will occur in the log output, as soon as they are emitted by Keycloak.

Comments are disabled for this gist.