[keycloak-dev] Do we need a RDMS/Mongo backed Audit Log?
Stian Thorgersen
stian at redhat.com
Fri Mar 28 13:19:50 EDT 2014
The way I'm currently implementing it is that there's two interfaces:
* AuditListener
* AuditProvider
An AuditListener listenes for audit events, but doesn't provide a way to read them. So far I've added an implementation using jboss-logging for this.
An AuditProvider listens for audit events, but also provides a way to query for events. This is used by the admin console and the account management to view audit events. I haven't done any implementations of this yet.
The idea was that a realm could have one or more listeners, but only a single provider.
Main issue with parsing rolling files would be to find events associated with particular users, or applications. Not sure we need to support finding events by-app, but we certainly need to be able to display events for a specific user.
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Friday, 28 March, 2014 4:05:49 PM
> Subject: [keycloak-dev] Do we need a RDMS/Mongo backed Audit Log?
>
> If you look at things like fail2ban, they parse logs in order to make
> decisions.
>
> Do we really need our Audit Log to be backed by an actual database?
> Yes, we need an "Event" or "Action" log that a user and/or admin sees of
> things they need to be aware of. But logging of successful logins,
> login failures, and the like should be pushed to a rolling log file, no?
> Then Keycloak could hook into things like fail2ban.
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list