admin管理员组

文章数量:1289528

Can Keycloak log incoming IP addresses before authentication? Also can these logs then be forwarded to Splunk for ingestion? I have a Cyber person on our team that insists that it can't.

Can Keycloak log incoming IP addresses before authentication? Also can these logs then be forwarded to Splunk for ingestion? I have a Cyber person on our team that insists that it can't.

  • logging
  • ip
Share Improve this question asked Feb 20 at 22:36 user7716257user7716257 11 bronze badge
Add a comment  | 

1 Answer 1

Reset to default 0

Yes, to both (here is how to shove some more cyber into that person):

  1. Keycloak Admin Console > Realm Settings > Events: (SaveEvents, SaveAdminEvents, IncludeRepresentation) + EventTypes: (LOGIN_ERROR,AUTH_ERROR,CODE_TO_TOKEN_ERROR,CLIENT_LOGIN)

  2. check for ipAddress in logs tail -f /opt/keycloak/standalone/log/server.log (or in keycloak event db)

  3. forward using Syslog (easiest), Fluentd/Logstash, or SplunkUniversalForwarder.

<custom-handler name="SYSLOG" class=".jboss.logmanager.handlers.SyslogHandler">
    <level name="INFO"/>
    <formatter>
        <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss} %-5p [%c] (%t) %s%E%n"/>
    </formatter>
    <syslog-host name="your-splunk-syslog-server"/>
    <port name="514"/>
    <protocol name="UDP"/>
</custom-handler>

本文标签: Keycloak IP LoggingStack Overflow

版权声明:本文标题:Keycloak IP Logging - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741404360a2376855.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。