K
Q

Keycloak logging to JSON format message field

2/13/2020

I have been trying to set up keycloak logging to be scraped by fluentd to be used in elasticsearch. So far I have used the provided CLI string to use in my helm values script.

  cli:
    # Custom CLI script
    custom: |
      /subsystem=logging/json-formatter=json:add(exception-output-type=formatted, pretty-print=true, meta-data={label=value})
      /subsystem=logging/console-handler=CONSOLE:write-attribute(name=named-formatter, value=json)

Keycloak logs

However, as you can see in the picture provided, the logs that are generated seem to be completely json apart from the core of the log, the message field. Currently the message field is provided as comma separated key-value pairs. Is there any way to tell keycloak, jboss or wildfly that it needs to provide the message in JSON too? This allows me to efficiently search through the data in elastic.

-- Pim Schwippert
jboss
json
keycloak
kubernetes
wildfly

Similar Questions

JMS 2.0 durable subscriptions topic best practice in Kubernetes
How to mock the Kubernetes cluster/server?
Using ssl in Ingress without cert-manager
return types for clientcmd.BuildConfigFromFlags

1 Answer

2/15/2020

Check this project on GitHub: keycloak_jsonlog_eventlistener: Outputs Keycloak events as JSON into the server log.

Keycloak JSON Log Eventlistener

Primarily written for the Jboss Keycloak docker image, it will output Keycloak events as JSON into the keycloak server log.

The idea is to parse logs once they get to logstash via journalbeat.

Tested with Keycloak version 8.0.1

-- Yasen
Source: StackOverflow