Keycloak

Overview

Keycloak is an open-source identity and access management solution offering SSO, user management, and support for OAuth 2.0, OpenID Connect, and SAML. It simplifies authentication and authorization for apps with features like social login, multi-factor authentication, and a user-friendly admin console.

Supported data types

Keycloak Application Logs

Table name: keycloak_application_logs

Keycloak application logs provide detailed information about the server's activities, including authentication events, user operations, and system behavior. These logs are crucial for monitoring, debugging, and auditing. Keycloak supports configurable log levels (e.g., INFO, DEBUG, ERROR) and can integrate with logging frameworks like Log4j or external tools for centralized log management.

Send data to Hunters

Hunters supports the ingestion of Keycloak logs via an intermediary AWS S3 bucket.

To connect Keycloak logs:

1. Follow this Keycloak guide to export your logs from the data lake to an AWS S3 bucket.

2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Logs are expected in JSON format.

{
  "@timestamp": "2024-06-13T15:52:03.145+02:00",
  "log_type": "application_log",
  "severity": "INFO",
  "description": "user_name=actual_email_address_is_here@test.com;ip_address=157.25.20.179 EVENT type=LOGIN, realm_id=test, client_id=frontend-authorizer-test, ip_address=157.25.20.179, error=null, user_id=b721e42e-2df7-4cfe-ae3c-4afa03dcd490",
  "class": "org.jboss.logmanager.ExtLogRecord",
  "thread": "threadID: 23499",
  "correlation_id": "request_id=4843287c-444c-4ed7-a73d-7ba4c50dd28c;http_session_id=c65bffc7-3802-4628-93eb-d7654c9f6192;ravelin_device_id=rjs-c61a890e-5238-4f65-b09a-0f118b19a8ad;realm=zooplus;client_id=frontend-authorizer-test;user_id=b721e42e-2df7-4cfe-ae3c-4afa03dcd490;event_type=LOGIN;session_id=e0c04d01-f4c0-4912-8664-6bcc9ca426e6;error=;caller=;caller_version="
}