Skip to content

Instantly share code, notes, and snippets.

@dasniko

dasniko/keycloak-events-logging-cli.md

Last active September 6, 2023 14:35
Show Gist options
  • Save dasniko/ff86c335414d5c5fe3af7fa303bb1ab1 to your computer and use it in GitHub Desktop.
Save dasniko/ff86c335414d5c5fe3af7fa303bb1ab1 to your computer and use it in GitHub Desktop.
Download ZIP
How to log Keycloak authentication related events...
Raw
keycloak-events-logging-cli.md

Keycloak Events Logging CLI commands

The default Keycloak jboss-logging events listener logs the SUCCESS-events on level DEBUG and all ERROR-events on level WARN. The default logging level of the root logger is INFO, so the SUCCESS-events won't occur in the log output.

To change this and to be able to read all the events in the log output, there are 2 options (choose one of them!):

  1. Change log level of the org.keycloak.events category logger:
/subsystem=logging/logger=org.keycloak.events/:add(category=org.keycloak.events,level=DEBUG)
  1. Configure the jboss-logging listener accordingly:

As per default, there is no eventsListener SPI config in the Keycloak configuration. To be able to configure the jboss-logging listener, we'll have to create the proper SPI node in the keycloak-server subsystem first, then add the desired log levels.

/subsystem=keycloak-server/spi=eventsListener:add
/subsystem=keycloak-server/spi=eventsListener/provider=jboss-logging:add(enabled=true)
/subsystem=keycloak-server/spi=eventsListener/provider=jboss-logging:write-attribute(name=properties.success-level,value=info)
/subsystem=keycloak-server/spi=eventsListener/provider=jboss-logging:write-attribute(name=properties.error-level,value=warn)

Now the events will occur in the log output, as soon as they are emitted by Keycloak.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment