Keycloak’s default logger is console logger. If you want your logs to be persisted, you have to explicitly enable file logger.
# using CLI
bin/kc.sh start-dev --log=file
# using environment variable
export KC_LOG=file
bin/kc.sh start-devOnce file logger enabled, log files will be created in the below directory
$KEYCLOAK_HOME/data/log/To learn how to use logs effectively, continue reading to discover more.
How to use multiple log handlers?
Keycloak supports 3 types of log handlers.
- console
- file
- syslog
Above 3 types are supported by Keycloak version 26. Supported log handlers can be changed with the Keycloak version that you are using.
To set multiple log handlers, you can add them together, separated with a comma.
# using CLI
bin/kc.sh start-dev --log="file,console"
# using environment variables
export KC_LOG="file,console"
bin/kc.sh start-devHow to set log file location?
# using CLI
bin/kc.sh start-dev --log="file" --log-file=<path-to>/<your-file.log>
# using environment variables
export KC_LOG="file,console"
export KC_LOG_FILE=<path-to>/<your-file.log>
bin/kc.sh start-devHow to set log levels?
| Level | Description |
|---|---|
| FATAL | Critical failures with complete inability to serve any kind of request. |
| ERROR | A significant error or problem leading to the inability to process requests. |
| WARN | A non-critical error or problem that might not require immediate correction. |
| INFO | Keycloak lifecycle events or important information. Low frequency. |
| DEBUG | More detailed information for debugging purposes, such as database logs. Higher frequency. |
| TRACE | Most detailed debugging information. Very high frequency. |
| ALL | Special level for all log messages. |
| OFF | Special level to turn logging off entirely (not recommended). |
Setting root log level
# using CLI
bin/kc.sh start-dev --log-level=DEBUG #set root level
# using environment variables
export KC_LOG_LEVEL=DEBUG #set root level
bin/kc.sh start-devSetting log level for each handler
# using CLI
bin/kc.sh start-dev --log-console-level=warn --log-file-level=debug --log-syslog-level=info
# using environment variables
export KC_LOG_FILE_LEVEL=DEBUG
export KC_LOG_CONSOLE_LEVEL=WARN
export KC_LOG_SYSLOG_LEVEL=INFO
bin/kc.sh start-devNote that above handler level loggers never override the root log level. Handler specific log levels should always be lower or equal to the root log level
Setting category specific log levels
You can set different log levels for different areas ( java package) of the Keycloak code.
Package based different log levels should be comma separated. Log level is added after the semicolon.
# using CLI
bin/kc.sh start-dev --log-level="INFO,org.hibernate:debug,org.hibernate.hql.internal.ast:info"
# using environment variables
export KC_LOG_LEVEL="INFO,org.hibernate:debug,org.hibernate.hql.internal.ast:info"
bin/kc.sh start-devExplanation to the above snippet
Root level logger is set to INFO
Different log levels are set to each package
How to set log format?
| Symbol | Summary | Description |
|---|---|---|
| %% | % | Renders a simple % character. |
| %c | Category | Renders the log category name. |
| %d{xxx} | Date | Renders a date with the given date format string.String syntax defined by java.text.SimpleDateFormat |
| %e | Exception | Renders a thrown exception. |
| %h | Hostname | Renders the simple host name. |
| %H | Qualified host name | Renders the fully qualified hostname, which may be the same as the simple host name, depending on the OS configuration. |
| %i | Process ID | Renders the current process PID. |
| %m | Full Message | Renders the log message and an exception, if thrown. |
| %n | Newline | Renders the platform-specific line separator string. |
| %N | Process name | Renders the name of the current process. |
| %p | Level | Renders the log level of the message. |
| %r | Relative time | Render the time in milliseconds since the start of the application log. |
| %s | Simple message | Renders only the log message without exception trace. |
| %t | Thread name | Renders the thread name. |
| %t{id} | Thread ID | Render the thread ID. |
| %z{<zone name>} | Timezone | Set the time zone of log output to <zone name>. |
| %L | Line number | Render the line number of the log message. |
# using CLI
bin/kc.sh start-dev --log-console-format="'%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n'"
# using environment variables
export KC_LOG_CONSOLE_FORMAT="'%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n'"
bin/kc.sh start-dev Thank you for reading to the end of the post. I hope you gained a basic understanding of Keycloak logs. If you want to learn more, you can check Keycloak’s documentation on logging.
Thank you . . .