Dark theme | Light theme

November 23, 2022

Change Log Level For Events In Keycloak

When running Keycloak it can be useful to log events like a login or logout event using the jboss-logging event listener. This is a built-in event listener that will use JBoss logging to log events. For example we can configure our JBoss logging to log to the standard output streams and when we run Keycloak we can see in the console output details about events when they happen. The event listener jboss-logging is enabled by default for a realm. We can check it from the Events Config page where it is listed in the Event Listeners field.

By default the log level of error events is set to warn and for successful events to log level debug. If we want to change the log level we can use two configuration properties to achieve this:

  • spi-events-listener-jboss-logging-success-level to set the log level for events that are a success. The default value is debug, but we can change it to for example info. Valid values for the log levels are fatal, error, warn, info, debug and trace.
  • spi-events-listener-jboss-logging-error-level to set the log level for events that went wrong. The default value is warn. We can any of the valid log level values here as well.

To pass the configuration property with a value to Keycloak we can use the command-line version where we for prefix the property with two dashes (--). For example:

$ start \
 --spi-events-listener-jboss-logging-success-level=info \

Or we can use the environment variables KC_SPI_EVENTS_LISTENER_JBOSS_LOGGING_SUCCESS_LEVEL and KC_SPI_EVENTS_LISTENER_JBOSS_LOGGING_ERROR_LEVEL and given them the correct log level values. In the following example we use the environment variables:


Written with Keycloak 18.0.2.