Narrative

If additional logging is required to troubleshoot an ongoing issue it is required to restart Keycloak at least twice. First to add additional logging specific to the issue, and a second restart to revert to the default logging. In reality it may be required to restart more than twice, as it is not a given that the first attempt at increasing log output provides sufficient information.

This can lead to service disruption as nodes are restarted. It can also lead to the inability to reproduce the issue after a restart if the issue was caused by some temporary state in Keycloak (for example caches).

Value Proposition

Ability to change log levels without restarting the server can help in debugging specific issues without . In some, but rare occasions, a given issue may be resolved or not easily reproducible after a re-start.

Goals

• It should be possible to temporarily override the log level for a specific logging category (for example `org.hibernate=DEBUG`)
• It should be possible to easily restore the log levels to the configured log levels
• Temporary changes to log levels should not be persisted/updated in configuration. It is expected restarting Keycloak reverts to the original log configuration
• The above should be achievable on the command-line from a given Keycloak server

Non-Goals

• It should not be possible to configure anything other than log levels. For example the default log level, enabling/disabling log handlers, etc.
• Implement the mechanisms to make changes to a running Keycloak server. This should be a pre-requisite that is added separately, and there needs to be more use-cases to justify adding it.
• The Admin API is not suitable for this use-case, as it is likely any issues being troubleshooted prevents authentication to Admin APIs