Today keycloak writes below log message for successful and Failed LOGIN attempt
2024-03-06 13:33:10,192 DEBUG [org.keycloak.events] (executor-thread-12) type=LOGIN, realmId=xxx, clientId=xxx, userId=yyy, ipAddress=zzz, auth_method=openid-connect, auth_type=code, response_type=code, redirect_uri=https://ip/redfish/v1/SNF/redirect, consent=no_consent_required, code_id=xxx, username=sfmadmin, response_mode=query, authSessionParentId=xxx, authSessionTabId=xxx
2024-03-06 14:50:36,991 WARN [org.keycloak.events] (executor-thread-3) type=LOGIN_ERROR, realmId=xxx, clientId=xxx, userId=xxx, ipAddress=xxx, error=invalid_user_credentials, auth_method=openid-connect, redirect_uri=https://ip/redfish/v1/SNF/redirect, code_id=xxx, username=sfmadmin
Can we modify the logs to have a more user-friendly format, such as:
- 2024-03-06 13:33:10,192 INFO [org.keycloak.events] User xxxx successfully logged in.
- 2024-03-06 13:33:10,192 INFO [org.keycloak.events] Login failure for user xxxx
Of course you can! We also changed the log format to JSON for example with the following approach (do not have the code at hand so will give a brief description). First of all I need to state that the logging in keycloak is done using an event listener. So with this in mind:
- first of all you can add your own event listener which will execute a piece of code on any event (so you can do anything you want with that event, even push it do a data store)
- we had multiple listeners, but in one of them we simply copy-pasted the code in Keycloak which logs in the default format and change it so the output will actually be a JSON object
- then we enabled the newly added listener and disabled the default one and everything worked like a charm.
But in order to achieve this you need to add a custom extension to keycloak. That means put your code in a jar and add that jar in Keycloak as a custom provider. You can see here how to do that Running Keycloak in a container - Keycloak