Re: [keycloak-dev] Audit finished
I still think you are mixing up auditing with events. We can't be
writing to a database each and every request multiple times. IMO most
of these audits should be pushed to a text log file. Audits include:
* login success/failure
* illegal access
* etc.
I just don't think it would be useful to view these types of audits in
the admin console. Once you get beyond a handful of users, this
information will just be overbearing and will need a tool to make sense of.
Events would be different though. These would be things that probably
need action. i.e.
* Admin is notified of a brute force attack from an IP
* User is notified that somebody tried to log in from China
Those would be interesting to view from the admin console.
On 4/8/2014 8:08 AM, Stian Thorgersen wrote:
Audit has been added. Quick summary of what's provided:
* Audit Provider SPI, including implementations for JPA and Mongo (provider is configured
with -Dkeycloak.audit=jpa or -Dkeycloak.audit=mongo)
* Audit Listener SPI, including implementation for jboss-logging
* Users can view events for their account through account management
* Admins can view events for realm through admin console
* Timer service that runs periodically to clear expired events (runs by default every 15
min, can be configured with -Dkeycloak.audit.expirationSchedule)
By default the JPA audit provider is used, but realms have audit disabled. To enable
audit for a realm:
* Open the admin console
* Select the realm
* Click on Audit
* Click on Config
* Click on Enabled switch to enable
* If you want events to be removed after an expiration time, set expiration time
Now you can logout, login, update your users profile, etc, etc. to create some events to
view ;)
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com