[keycloak-dev] Audit finished
Bill Burke
bburke at redhat.com
Tue Apr 8 23:51:16 EDT 2014
I still think you are mixing up auditing with events. We can't be
writing to a database each and every request multiple times. IMO most
of these audits should be pushed to a text log file. Audits include:
* login success/failure
* illegal access
* etc.
I just don't think it would be useful to view these types of audits in
the admin console. Once you get beyond a handful of users, this
information will just be overbearing and will need a tool to make sense of.
Events would be different though. These would be things that probably
need action. i.e.
* Admin is notified of a brute force attack from an IP
* User is notified that somebody tried to log in from China
Those would be interesting to view from the admin console.
On 4/8/2014 8:08 AM, Stian Thorgersen wrote:
> Audit has been added. Quick summary of what's provided:
>
> * Audit Provider SPI, including implementations for JPA and Mongo (provider is configured with -Dkeycloak.audit=jpa or -Dkeycloak.audit=mongo)
> * Audit Listener SPI, including implementation for jboss-logging
> * Users can view events for their account through account management
> * Admins can view events for realm through admin console
> * Timer service that runs periodically to clear expired events (runs by default every 15 min, can be configured with -Dkeycloak.audit.expirationSchedule)
>
> By default the JPA audit provider is used, but realms have audit disabled. To enable audit for a realm:
>
> * Open the admin console
> * Select the realm
> * Click on Audit
> * Click on Config
> * Click on Enabled switch to enable
> * If you want events to be removed after an expiration time, set expiration time
>
> Now you can logout, login, update your users profile, etc, etc. to create some events to view ;)
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list