[keycloak-dev] Audit finished

[Bill Burke]

I still think you are mixing up auditing with events.  We can't be 
writing to a database each and every request multiple times.  IMO most 
of these audits should be pushed to a text log file.  Audits include:

* login success/failure
* illegal access
* etc.

I just don't think it would be useful to view these types of audits in 
the admin console.  Once you get beyond a handful of users, this 
information will just be overbearing and will need a tool to make sense of.

Events would be different though.  These would be things that probably 
need action. i.e.

* Admin is notified of a brute force attack from an IP
* User is notified that somebody tried to log in from China

Those would be interesting to view from the admin console.


On 4/8/2014 8:08 AM, Stian Thorgersen wrote:
> Audit has been added. Quick summary of what's provided:
>
> * Audit Provider SPI, including implementations for JPA and Mongo (provider is configured with -Dkeycloak.audit=jpa or -Dkeycloak.audit=mongo)
> * Audit Listener SPI, including implementation for jboss-logging
> * Users can view events for their account through account management
> * Admins can view events for realm through admin console
> * Timer service that runs periodically to clear expired events (runs by default every 15 min, can be configured with -Dkeycloak.audit.expirationSchedule)
>
> By default the JPA audit provider is used, but realms have audit disabled. To enable audit for a realm:
>
> * Open the admin console
> * Select the realm
> * Click on Audit
> * Click on Config
> * Click on Enabled switch to enable
> * If you want events to be removed after an expiration time, set expiration time
>
> Now you can logout, login, update your users profile, etc, etc. to create some events to view ;)
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com