[keycloak-user] Authentication failure logs at ERROR level

I'm implementing a custom authenticator, and I'm noticing that whenever I get an authentication failure I get a long exception in the log at level ERROR as well as one at level WARN: 19:08:16,592 WARN [org.keycloak.events] (default task-7) type=LOGIN_ERROR, realmId=CustomAuthTest, clientId=account, userId=null, ipAddress=127.0.0.1, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri='http://localhost:9080/auth/realms/CustomAuthTest/account/login-redirect', code_id=117bfe17-d8be-431d-9c7f-5fcfd4aaff19 19:08:16,593 ERROR [org.keycloak.services] (default task-7) KC-SERVICES0013: failed authentication: org.keycloak.authentication.AuthenticationFlowException at org.keycloak.authentication.DefaultAuthenticationFlow.processResult(DefaultAuthenticationFlow.java:207) at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:85) at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:756) at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:353) at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:335) at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:380) ...many more lines This seems open to a DOS vulnerability that would fill up logs by bombing the system with failed login attempts. In addition, logging the failure at ERROR means that the only way to keep the second log entry from showing up is to turn off all logging for org.keycloak.services. In my ideal world, we could set Keycloak so that login failures were simply recorded as events but don't show up in the server log at all. Is there a way to do that? -- http://www.fastmail.com - A fast, anti-spam email service.