Keycloak collection is not banning

modem7 · December 20, 2023, 5:10am

Collection:
inherent-io/keycloak

Acquiss:

---
filenames:
 - /logs/keycloak/*.log
labels:
  type: keycloak
---

Metrics:

Acquisition Metrics:
+----------------------------------+------------+--------------+----------------+------------------------+
|              Source              | Lines read | Lines parsed | Lines unparsed | Lines poured to bucket |
+----------------------------------+------------+--------------+----------------+------------------------+
| file:/logs/bookstack/access.log  | 241        | 121          | 120            | -                      |
| file:/logs/keycloak/keycloak.log | 21         | -            | 21             | -                      |
| file:/logs/traefik/access.log    | 138        | 138          | -              | 33                     |
| file:/logs/xbackbone/access.log  | 113        | 113          | -              | -                      |
+----------------------------------+------------+--------------+----------------+------------------------+

Log file:

2023-12-20 04:53:36,132 WARN  [org.keycloak.events] (executor-thread-3) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=null, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=expired_code, restart_after_timeout=true
2023-12-20 04:53:43,495 WARN  [org.keycloak.events] (executor-thread-3) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=user_not_found, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=Hbbvv
2023-12-20 04:53:47,880 WARN  [org.keycloak.events] (executor-thread-3) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=user_not_found, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=Hbbvv
2023-12-20 04:53:51,738 WARN  [org.keycloak.events] (executor-thread-3) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=user_not_found, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=Hbbvv
2023-12-20 04:54:25,743 WARN  [org.keycloak.events] (executor-thread-3) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=user_not_found, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=Hbbvv
2023-12-20 04:54:28,625 WARN  [org.keycloak.events] (executor-thread-3) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=user_not_found, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=Hbbvv
2023-12-20 04:54:31,437 WARN  [org.keycloak.events] (executor-thread-3) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=user_not_found, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=Hbbvv
2023-12-20 04:54:35,696 WARN  [org.keycloak.events] (executor-thread-3) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=user_not_found, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=Hbbvv
2023-12-20 04:58:12,079 WARN  [org.keycloak.events] (executor-thread-4) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=user_not_found, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=Tesr
2023-12-20 04:58:15,749 WARN  [org.keycloak.events] (executor-thread-4) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=user_not_found, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=Tesr
2023-12-20 04:58:18,807 WARN  [org.keycloak.events] (executor-thread-4) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=user_not_found, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=Tesr
2023-12-20 04:58:21,558 WARN  [org.keycloak.events] (executor-thread-4) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=user_not_found, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=Tesr
2023-12-20 04:58:29,607 WARN  [org.keycloak.events] (executor-thread-4) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=user_not_found, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=Test
2023-12-20 04:58:34,998 WARN  [org.keycloak.events] (executor-thread-4) type=REFRESH_TOKEN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=88468bc3-d6cb-4565-8ca6-f53d7988475c, ipAddress=xxx.xxx.xxx.xxx, error=invalid_token, grant_type=refresh_token, refresh_token_type=Refresh, refresh_token_id=eeb52d26-ad9f-4be5-84b7-1f4e033cfdef, client_auth_method=client-secret
2023-12-20 04:59:21,653 WARN  [org.keycloak.events] (executor-thread-5) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=27a68865-41dc-4200-a715-389df291529f, ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=test
2023-12-20 04:59:23,427 WARN  [org.keycloak.services] (Brute Force Protector) KC-SERVICES0053: login failure for user 27a68865-41dc-4200-a715-389df291529f from ip xxx.xxx.xxx.xxx
2023-12-20 04:59:42,811 WARN  [org.keycloak.events] (executor-thread-5) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=27a68865-41dc-4200-a715-389df291529f, ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=test
2023-12-20 04:59:44,171 WARN  [org.keycloak.services] (Brute Force Protector) KC-SERVICES0053: login failure for user 27a68865-41dc-4200-a715-389df291529f from ip xxx.xxx.xxx.xxx
2023-12-20 04:59:46,471 WARN  [org.keycloak.events] (executor-thread-5) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=27a68865-41dc-4200-a715-389df291529f, ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=test
2023-12-20 04:59:47,934 WARN  [org.keycloak.services] (Brute Force Protector) KC-SERVICES0053: login failure for user 27a68865-41dc-4200-a715-389df291529f from ip xxx.xxx.xxx.xxx
2023-12-20 04:59:53,274 WARN  [org.keycloak.events] (executor-thread-5) type=LOGIN_ERROR, realmId=dcd4ae00-e424-48ba-a7c5-1852b21913fe, clientId=security-admin-console, userId=27a68865-41dc-4200-a715-389df291529f, ipAddress=xxx.xxx.xxx.xxx, error=user_temporarily_disabled, auth_method=openid-connect, redirect_uri=https://auth.mydomain.com/admin/master/console/, code_id=f277c4ed-eeb6-40e9-a6ff-495fff201844, username=test

iiAmLoz · December 20, 2023, 3:11pm

Hey

Seems the parser is not expecting anything between the [], I believe we should update the parser to support the parsekv helper, however, there is one caveat since all values have a , following it will be picked up in the value. I can spend sometime creating an update to the parser to get this working.

Topic		Replies	Views
Question about how to read the metrics	11	2778	January 27, 2021
Crowdsec and Traefik crowdsec	7	3921	March 13, 2022
Acquis.yaml questions and other things crowdsec	5	2261	March 24, 2022
New install, postfix / IMAP	22	4415	March 4, 2021
Is my setup correct?	10	1343	February 18, 2021

Keycloak collection is not banning

Related Topics