# Keycloak

### Prerequisites

* [ ] Keycloak installed and running
* [ ] Radiant Security Agent installed and running
* [ ] Access to the Keycloak configuration file (`keycloak.conf`)

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data** **Connectors** and click **+ Add Connector.**&#x20;
3. Search for and select the **Radiant Agent** option and then click **Data** **Feeds.**
4. Under **Select your data feeds**, select **Keycloak** and click **Credentials**.
5. Under **Credential** **Name**, give your Radiant Agent integration an identifiable name (e.g. `Radiant Agent Integration`).
6. Click **Add** **Connector**.

### Configure a local Radiant Security Agent

Refer to the [Install the Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up a local agent to collect the logs.

Before you begin the [Configure log forwarding in Keycloak](#configure-log-forwarding-in-keycloak) section, ensure you have the following information from your agent installation:

* The **IP address** or **hostname** of the server on which the agent is installed.
* The **port** configured for receiving Keycloak data.

### Configure log forwarding in Keycloak

There are two options to configure log forwarding in Keycloak:

1. Configure the Keycloak configuration file (recommended)
2. Start Keycloak with the logging options

#### **Configure the Keycloak configuration file**

1. Access your Keycloak installation and navigate to the configuration file.
2. Add the following lines to your Keycloak configuration file (`keycloak.conf`):

{% hint style="warning" %}
**Important note:** Don't forget to replace the placeholder values for **Radiant Agent IP** (`radiant-agent-ip` ) and for **port** (`radiant-agent-keycloak-port`).
{% endhint %}

```bash
# Enable the syslog handler. Use log=console,syslog to enable both console and syslog.
log=syslog

# Set the syslog endpoint (IP and port)
log-syslog-endpoint=<radiant-agent-ip>:<radiant-agent-keycloak-port>

# Enable JSON output format
log-syslog-output=json

# Set the log level for specific categories
log-syslog-level=org.keycloak.events:INFO
```

3. Restart Keycloak.

#### **Start Keycloak with the logging options**

Optionally, you can start Keycloak with the following logging options:

```bash
bin/kc.sh start --log="console,syslog" --log-syslog-endpoint=<radiant-agent-ip>:<radiant-agent-keycloak-port> --log-syslog-output=json --log-syslog-level="org.keycloak.events:INFO"
```

For more information about the logging options, refer to the [Keycloak documentation](https://www.keycloak.org/server/logging#_centralized_logging_using_syslog).