Docker logging to file

How can I expose keycloak log to file on host from container to able to parse it with fail2ban?
I tried volume mounting but I am getting permission denied errors

That should be done on your docker level, where you “redirect/store” logs from the container. It depends on used docker log driver, but default json-file log to the file. See docker inspect <keycloak-container> | grep LogPath. Hacking with volumes is also possible, but it requires to configure logging of the Keycloak itself + it may be a mess when you will be scaling and all Keycloak containers will be writing to the same log file.

You can put the following in your jail

logpath = /var/lib/docker/containers/*/*-json.log

But this includes logs of all containers on the host, not just Keycloak container.

Yes, this fits my use case because the containers that I am running are also the only ones I need to check.
If his use case is different he can off course be more detailed in his configuration.

ok i managed to volume mount the server.log file from /opt/jboss/keycloak/standalone/log/server.log but login errors are not being written in that file only in docker log, any idea what to change?
Activated saving login events from admin audit and events section also.

This project might also be of interest:

I have the same issue,
did you find some solution?