view/configure access log of KeyCloak http server

Try adding the following <access-log> tag to the WildFly server configuration file, for example: standalone/configuration/standalone.xml.

        <subsystem xmlns="urn:jboss:domain:undertow:4.0">
            <buffer-cache name="default"/>
            <server name="default-server">
                ...
                <host name="default-host" alias="localhost">
                    <location name="/" handler="welcome-content"/>
                    <!-- Add the following line -->
                    <access-log worker="default" directory="${jboss.server.log.dir}" prefix="access." suffix="log"/>
                    <http-invoker security-realm="ApplicationRealm"/>
                    <filter-ref name="proxy-peer"/>
                </host>
            </server>

You can see access.log in your standalone/log/ directory.


To extend Kohei TAMURA answer:

In order configure the access log without reloading Keycloak:

  1. Add line <access-log worker="default" directory="${jboss.server.log.dir}" prefix="access." suffix="log"/> to standalone/configuration/standalone.xml or standalone/configuration/standalone-ha.xml if clustered configuration is used.

  2. Reload Wildfly server configuration without restarting it:

    jboss/keycloak/bin/jboss-cli.sh --connect
    [[email protected]:9990 /] reload
    

Tags:

Keycloak