mazenaissa
Reputation: 178
hide sensitive log from keycloak quarkus distribution
Prior to the keycloak quakus version distribution, we were hiding the ipadress & username from logs using this startup-script :
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
/subsystem=logging/console-handler=CONSOLE:write-attribute(name=filter-spec, value="all(substituteAll(\"(?<=ipAddress=|username=)(.*?)(?=[,\\n]|$)\",\"******\"))")
run-batch
stop-embedded-server
The startup scripts are no longer supported, any idea how can I achieve it on Keycloak 18?
Maybe with adding a replace function in the log format?
The log format is passed to keycloak through the env variable --log-console-format, the default value is %d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n. The ip-address and username value are coming from the %s (the simple log message).
Thanks
Upvotes: 2
Views: 406
Answers (0)
Related Questions
- Keycloak debug level logs with jboss are cluttered
- Make Keycloak log in JSON format
- Replacing sensitive data in logs in a Quarkus application
- Keycloak 17 logging to logstash
- Error when using the logs in Quarkus with logger jboss
- How to stop Kafka DEBUG logs when Kafka lib is used as Keycloak module
- How to disable Quarkus logging to a file (quarkus.log)?
- remove logging for certain JBOSS logger
- How to permanently disable logging in JBoss 7/EAP6?
- avoid logging on jboss