[keycloak-dev] Do we need a RDMS/Mongo backed Audit Log?

[Bill Burke]

If you look at things like fail2ban, they parse logs in order to make 
decisions.

Do we really need our Audit Log to be backed by an actual database? 
Yes, we need an "Event" or "Action" log that a user and/or admin sees of 
things they need to be aware of.  But logging of successful logins, 
login failures, and the like should be pushed to a rolling log file, no? 
  Then Keycloak could hook into things like fail2ban.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com