Logging Overview
The various PolicyServer components emit both log entries as well as audit records.
Logs are typically for troubleshooting and internal use and use a level of Trace or Debug.
Anything with a level of Information, Warning or Error is a fully structured event that can be used for auditing,
and can be indexed and queried by tools like Elastic Search, Seq or Splunk.
The underlying library for emitting this data is Serilog which supports a wide range of logging systems. See this list of sinks here for a complete list.
Configuring Logging
The logging configuration can be found in a file called logging.json.
By default, this defines some standard log levels and adds a console logger:
{
"Serilog": {
"MinimumLevel": {
"Default": "Information",
"Override": {
"Microsoft": "Warning",
"System": "Warning",
"IdentityServer4": "Warning"
},
"WriteTo": [
{
"Name": "Console",
"Args": {
"outputTemplate": "[{Timestamp:HH:mm:ss} {Level}] {SourceContext}{NewLine}{Message:lj}{NewLine}{Exception}{NewLine}"
}
}
]
}
}
}
This configures the logging system to emit PolicyServer logs with a
level of Information and above,
and low-level system logs like ASP.NET Core or IdentityServer only with a
level of Warning and above.
The full configuration schema can be found here.
Note
Console and file-based logging configurations are not always suitable for production deployments. Consider your PolicyServer logging strategy holistically with the rest of your solutions. You can configure the appropriate logging sink for each environment.
Adding a Logging Sink
PolicyServer can be configured for any logging sink supported by Serilog, including Console, File-based, Elasticsearch, ApplicationInsights and AMQP.
Below is a sample configuration for logging to a file:
{
"Serilog": {
"MinimumLevel": {
"Default": "Information",
"Override": {
"Microsoft": "Warning",
"System": "Warning",
"IdentityServer4": "Warning"
},
"WriteTo": [
{
"Name": "File",
"Args": {
"path": "c:\\logs\\policyserver.txt",
"fileSizeLimitBytes": "100000",
"rollOnFileSizeLimit": true,
"shared": true,
"flushToDiskInterval": "00:00:01"
}
}
]
}
}
}
Note
More information about the file sink can be found here.
Adding ElasticSearch
The following is a sample to connect logging to ElasticSearch:
{
"Name": "Elasticsearch",
"Args": {
"nodeUris": "https://elasticsearchserver",
"autoRegisterTemplate": true,
"autoRegisterTemplateVersion": "ESv6"
}
}
Adding ApplicationInsights
The following is a sample to connect logging to ApplicationInsights:
{
"Name": "ApplicationInsights",
"Args": {
"instrumentationKey": "<MyApplicationInsightsInstrumentationKey>",
"telemetryConverter": "Serilog.Sinks.ApplicationInsights.TelemetryConverters.TraceTelemetryConverter, Serilog.Sinks.ApplicationInsights"
}
}
Adding AMQP
The following is a sample to connect logging to AMQP:
{
"Name": "Logger",
"Args": {
"configureLogger": {
"Filter": [
{
"Name": "ByIncludingOnly",
"Args": {
"expression": "PolicyServerEventType = 'Audit'"
}
}
],
"WriteTo": [
{
"Name": "AMQP",
"Args": {
"amqpOptions": {
"ConnectionString": "amqps://username:password@servicebus.windows.net",
"SenderLinkName": "policyserver",
"Entity": "<queue name>",
"PeriodicBatchingSinkOptions": {
"QueueLimit": 20,
"BatchSizeLimit": 2,
"Period": "00:00:02",
"EagerlyEmitFirstEvent": false
}
}
}
}
]
}
}
}
Multiple Sinks
Serilog also supports logging to multiple sinks simultaneously.
Simply add additional loggers to the WriteTo collection.