How to setup event logging

I have Keycloak setup and running locally as a docker container. I have configured an Identity Provider for handling SAML2 logins.

I am having trouble setting up logging in that the events I set as saved events are not appearing in the logs. I added all the “IDENTITY_PROVIDER_*” events and performed a few logins. The Login Events tab only has a few events (only LOGIN, LOGOUT and CODE_TO_TOKEN). I was hoping to view the SAML response packet coming back from the IDP (without having to set the log level to TRACE and view the console).

Am I missing something?

Thanks,

-Mike

The event-logging logs “_ERROR” events at WARN level. All other events (aka the “successful” events) are logged with DEBUG level. And as default root level is on INFO, you don’t see them in the log.

Set the root logging to DEBUG or at least the level for org.keycloak.events to DEBUG, then you should see the events appearing in the log.

Thanks for the response. Yes, I have tried that (below is the env vars for the Keycloak container) and do see the logs in console, just not it the UI nor database.

            - KEYCLOAK_LOGLEVEL=DEBUG
            - ROOT_LOGLEVEL=DEBUG
            - KEYCLOAK_USER=admin
            - KEYCLOAK_PASSWORD=***
            - PROXY_ADDRESS_FORWARDING=true
            - KEYCLOAK_HTTP_PORT=80
            - DB_ADDR=keycloak-data
            - DB_USER=root
            - DB_PASSWORD=***
            - DB_VENDOR=mysql
            - JDBC_PARAMS=useSSL=false

We are just looking for a way of viewing the Identity Provider SAML responses (and OIDC eventually) so our support team can coordinate with our SAML customers on setting up their IDPs and helping them to diagnose both error responses and success responses with missing attributes.

We will have tens of thousands of users every hour and logging at this level (and the backing store required for it) is not desirable.

If you set only logging for org.keycloak.events to DEBUG, this won’t yield in massive log sizes and doesn’t impact performance that much.
But they should also appear in the admin console if you set “save events”. Don’t know why these are not available there. If you have a look into the database, can you see them in the appropriate table?

No, they do not appear in the logs table. That’s why I’m thinking I’m missing something - like a logging listener perhaps - other than jboss-logging?

SELECT * FROM keycloak.EVENT_ENTITY where type not in (‘LOGIN’, ‘CLIENT_LOGIN’, ‘CODE_TO_TOKEN’, ‘LOGOUT’);

How it can be set through CLI?

See

and/or