[keycloak-user] Monitoring Keycloak

[Schuster Sebastian (INST-CSS/BSV-OS2)]

Hi Niko,

For Metrics, we use the JMX exporter (https://github.com/prometheus/jmx_exporter) to push stuff into Prometheus and use Grafana to view it.

We add it to the docker image (under /opt/jboss/custom/monitoring/jmx_exporter) and when starting Keycloak, we add
-javaagent:/opt/jboss/custom/monitoring/jmx_exporter/jmx_prometheus_javaagent-0.11.0.jar=8787:/opt/jboss/custom/monitoring/jmx_exporter/wildfly-10.yaml "
You will have to adapt the yaml file to describe what metrics should be pulled. 

You also have to generate the metrics in the first place, e.g. for enabling infinispan cache metrics we use:
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens:write-attribute(name=statistics-enabled,value=true)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=statistics-enabled,value=true)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:write-attribute(name=statistics-enabled,value=true)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=statistics-enabled,value=true)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:write-attribute(name=statistics-enabled,value=true)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=statistics-enabled,value=true)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=statistics-enabled,value=true)
/subsystem=infinispan/cache-container=keycloak/local-cache=keys:write-attribute(name=statistics-enabled,value=true)
/subsystem=infinispan/cache-container=keycloak/local-cache=realms:write-attribute(name=statistics-enabled,value=true)
/subsystem=infinispan/cache-container=keycloak/local-cache=users:write-attribute(name=statistics-enabled,value=true)
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization:write-attribute(name=statistics-enabled,value=true)
/subsystem=infinispan/cache-container=keycloak/replicated-cache=work:write-attribute(name=statistics-enabled,value=true)                   

Don’t forget to open port 8787 on the container.

Best regards,
Sebastian

Mit freundlichen Grüßen / Best regards

Dr.-Ing. Sebastian Schuster

Open Source Services (INST-CSS/BSV-OS2) 
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch-si.com
Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Fax +49 30 726112-100 | Sebastian.Schuster at bosch-si.com

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B 
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn, Dr. Aleksandar Mitrovic 



-----Ursprüngliche Nachricht-----
Von: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> Im Auftrag von Niko Köbler
Gesendet: Mittwoch, 13. März 2019 09:45
An: keycloak-user <keycloak-user at lists.jboss.org>
Betreff: [keycloak-user] Monitoring Keycloak

Hi,

is there any documentation about how and what is possible to monitor in Keycloak via an API or something?
I don't find anything about a special Keycloak monitoring in the docs.
Customers are in general curious about the current session count, cache size (and memory allocation) of Infinispan, error rates, etc.

Do we have to use standard Wildfly/Infinispan APIs? JMX?
How do others solve this? Any ideas?

Thanks and regards,
- Niko


_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user