LoginSignup
1
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@rururu_kenken(nao)

DockerのKeycloakのログファイル設定変更方法の調査

Last updated at Posted at 2019-08-26

Amazon Linux2

git clone https://github.com/jboss-dockerfiles/keycloak.git
cd keycloak
cd server
vi ./tools/cli/loglevel.cli
loglevel.cli変更前
/subsystem=logging/logger=org.keycloak:add
/subsystem=logging/logger=org.keycloak:write-attribute(name=level,value=${env.KEYCLOAK_LOGLEVEL:INFO})

/subsystem=logging/root-logger=ROOT:change-root-log-level(level=${env.ROOT_LOGLEVEL:INFO})

/subsystem=logging/root-logger=ROOT:remove-handler(name="FILE")
/subsystem=logging/periodic-rotating-file-handler=FILE:remove

/subsystem=logging/console-handler=CONSOLE:undefine-attribute(name=level)

アクセスログ有効化
管理監査ロギング有効化
イベントログ設定

loglevel.cli変更後
/subsystem=logging/logger=org.keycloak:add
/subsystem=logging/logger=org.keycloak:write-attribute(name=level,value=${env.KEYCLOAK_LOGLEVEL:INFO})

/subsystem=logging/root-logger=ROOT:change-root-log-level(level=${env.ROOT_LOGLEVEL:INFO})

/subsystem=logging/root-logger=ROOT:remove-handler(name="FILE")
/subsystem=logging/periodic-rotating-file-handler=FILE:remove

/subsystem=logging/console-handler=CONSOLE:undefine-attribute(name=level)

# アクセスログ有効化
/subsystem=undertow/server=default-server/host=default-host/setting=access-log:add

# 管理監査ロギング有効化
/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)

/subsystem=logging/logger=org.keycloak.events:add
/subsystem=logging/logger=org.keycloak.events:write-attribute(name=level,value=DEBUG)
/subsystem=logging/size-rotating-file-handler=EVENTLOG:add(file={path=events.log,relative-to=jboss.server.log.dir})
/subsystem=logging/size-rotating-file-handler=EVENTLOG:write-attribute(name=level,value=DEBUG)
/subsystem=logging/size-rotating-file-handler=EVENTLOG:write-attribute(name=rotate-size, value=10M)
/subsystem=logging/size-rotating-file-handler=EVENTLOG:write-attribute(name=max-backup-index, value=5)
/subsystem=logging/size-rotating-file-handler=EVENTLOG:write-attribute(name=append,value=true)
/subsystem=logging/size-rotating-file-handler=EVENTLOG:write-attribute(name=formatter,value="%d{yyyy-MM-dd HH\:mm\:ss,SSS} %-5p [%c] (%t) %s%e%n")
/subsystem=logging/size-rotating-file-handler=EVENTLOG:write-attribute(name=autoflush,value=true)
/subsystem=logging/root-logger=ROOT:add-handler(name=EVENTLOG)

/subsystem=logging/size-rotating-file-handler=ACCESSLOG:add(file={path=access_log.log,relative-to=jboss.server.log.dir})
/subsystem=logging/size-rotating-file-handler=ACCESSLOG:write-attribute(name=level,value=INFO)
/subsystem=logging/size-rotating-file-handler=ACCESSLOG:write-attribute(name=rotate-size, value=10M)
/subsystem=logging/size-rotating-file-handler=ACCESSLOG:write-attribute(name=max-backup-index, value=5)
/subsystem=logging/size-rotating-file-handler=ACCESSLOG:write-attribute(name=append,value=true)
/subsystem=logging/size-rotating-file-handler=ACCESSLOG:write-attribute(name=formatter,value="%d{yyyy-MM-dd HH\:mm\:ss,SSS} %-5p [%c] (%t) %s%e%n")
/subsystem=logging/size-rotating-file-handler=ACCESSLOG:write-attribute(name=autoflush,value=true)
/subsystem=logging/root-logger=ROOT:add-handler(name=ACCESSLOG)

/subsystem=logging/size-rotating-file-handler=SERVERLOG:add(file={path=server.log,relative-to=jboss.server.log.dir})
/subsystem=logging/size-rotating-file-handler=SERVERLOG:write-attribute(name=level,value=INFO)
/subsystem=logging/size-rotating-file-handler=SERVERLOG:write-attribute(name=rotate-size, value=10M)
/subsystem=logging/size-rotating-file-handler=SERVERLOG:write-attribute(name=max-backup-index, value=5)
/subsystem=logging/size-rotating-file-handler=SERVERLOG:write-attribute(name=append,value=true)
/subsystem=logging/size-rotating-file-handler=SERVERLOG:write-attribute(name=formatter,value="%d{yyyy-MM-dd HH\:mm\:ss,SSS} %-5p [%c] (%t) %s%e%n")
/subsystem=logging/size-rotating-file-handler=SERVERLOG:write-attribute(name=autoflush,value=true)
/subsystem=logging/root-logger=ROOT:add-handler(name=SERVERLOG)

# イメージビルド
docker build -t keycloak-log .

# Dockerコンテナ起動
docker run -d -p 18080:8080 \
             -e KEYCLOAK_USER=admin \
             -e KEYCLOAK_PASSWORD=admin \
             --name keycloak \
             keycloak-log:latest

# コンテナに入る
docker exec -it keycloak bash

# ログ確認
[root@17525ee68503 jboss]# ls ./keycloak/standalone/data | grep audit-log.log
audit-log.log
audit-log.log2019-08-27_133654
audit-log.log2019-08-27_133947

# 確認
[root@17525ee68503 jboss]# ./keycloak/bin/jboss-cli.sh --connect --commands="/subsystem=logging/size-rotating-file-handler=ACCESSLOG:read-resource"

{
    "outcome" => "success",
    "result" => {
        "append" => true,
        "autoflush" => true,
        "enabled" => true,
        "encoding" => undefined,
        "file" => {
            "relative-to" => "jboss.server.log.dir",
            "path" => "access_log.log"
        },
        "filter" => undefined,
        "filter-spec" => undefined,
        "formatter" => "%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n",
        "level" => "INFO",
        "max-backup-index" => 5,
        "name" => "ACCESSLOG",
        "named-formatter" => undefined,
        "rotate-on-boot" => false,
        "rotate-size" => "10M",
        "suffix" => undefined
    }
}

[root@17525ee68503 jboss]# ./keycloak/bin/jboss-cli.sh --connect --commands="/subsystem=logging/size-rotating-file-handler=EVENTLOG:read-resource"

{
    "outcome" => "success",
    "result" => {
        "append" => true,
        "autoflush" => true,
        "enabled" => true,
        "encoding" => undefined,
        "file" => {
            "relative-to" => "jboss.server.log.dir",
            "path" => "events.log"
        },
        "filter" => undefined,
        "filter-spec" => undefined,
        "formatter" => "%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n",
        "level" => "DEBUG",
        "max-backup-index" => 5,
        "name" => "EVENTLOG",
        "named-formatter" => undefined,
        "rotate-on-boot" => false,
        "rotate-size" => "10M",
        "suffix" => undefined
    }
}

./keycloak/bin/jboss-cli.sh --connect --commands="/subsystem=logging/size-rotating-file-handler=SERVERLOG:read-resource"

{
    "outcome" => "success",
    "result" => {
        "append" => true,
        "autoflush" => true,
        "enabled" => true,
        "encoding" => undefined,
        "file" => {
            "relative-to" => "jboss.server.log.dir",
            "path" => "server.log"
        },
        "filter" => undefined,
        "filter-spec" => undefined,
        "formatter" => "%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n",
        "level" => "INFO",
        "max-backup-index" => 5,
        "name" => "SERVERLOG",
        "named-formatter" => undefined,
        "rotate-on-boot" => false,
        "rotate-size" => "10M",
        "suffix" => undefined
    }
}

# ブラウザでhttp://localhost:18080/にアクセス
[root@17525ee68503 jboss]# ls ./keycloak/standalone/log
access_log.log  audit.log  events.log  server.log

ロガーを設定してみる
WildFlyでアクセスログを有効化する
3.7. 管理監査ロギング
12. JBoss EAP を用いたロギング

1
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?