Configure Logging for the Universal Orchestrator

Keyfactor Universal OrchestratorClosed The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with servers and devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can provide certificate management capabilities on a variety of platforms and devices (e.g. Amazon Web Services (AWS) resources, Citrix\NetScaler devices, F5 devices, IIS stores, JKS keystores, PEM stores, and PKCS#12 stores) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux servers or Linux containers. provides extensive logging for visibility and troubleshooting. For more information about troubleshooting, see Troubleshooting.

By default, the Keyfactor Universal OrchestratorClosed Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. generates logs at the INFO logging level and stores logs for two days before deleting them. If you wish to change these defaults, follow the directions below for your installation type.

Understanding Log Files

Log files by default are generated using the following layout:

  • Timestamp: The date and time the log was generated, in ISO 8601 extended format.

    Example: 2025-07-30 12:34:01.1029
  • Correlation ID: A randomly generated GUID that identifies all log messages from a single request. It typically appears immediately after the timestamp.

    Example: 725B42F2-F4B5-46CD-959C-CCD7DD15B2F9

    The correlation ID appears at all logging levels.

  • Audit History ID: The audit history ID for the job, which correlates to the AuditId in the orchestrator job status record.

    Example: 590300
  • Logger Name: The fully qualified class or namespace where the log message originated. Useful for filtering or tracing specific components.

    Example: Keyfactor.Orchestrators.JobExecutors.OrchestratorJobExecutor
  • Log Level: Indicates the severity of the message—ranging from Trace and Debug (low-level detail) to Info, Warn, Error, and Fatal (critical failures).

  • Message: The main content of the log entry. This may include descriptive text, data values, or stack traces in the case of errors.

    Example: The 'Keyfactor.Extensions.Orchestrator.RemoteFile.Inventory' job with Id '725b42f2-f4b5-46cd-959c-ccd7dd15b2f9' finished successfully under session '054b2df7-64f9-4b78-8ecb-d63839bb254f'
    Note:  At Trace level, a message appears indicating that the orchestrator ID has been added to the request headers for delivery to the orchestrator APIClosed An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command.. For example:
    Adding the orchestrator id, 'ae32ef01-cdcd-43f9-b507-852a83316da3', to the request headers for session, '054b2df7-64f9-4b78-8ecb-d63839bb254f'

    This ID can then be found in messages in the Orchestrator API log.

The above references as found in a full log entry would look like:

2025-07-30 12:34:01.1029 725B42F2-F4B5-46CD-959C-CCD7DD15B2F9 590300 Keyfactor.Orchestrators.JobExecutors.OrchestratorJobExecutor [Info] - The 'Keyfactor.Extensions.Orchestrator.RemoteFile.Inventory' job with Id '725b42f2-f4b5-46cd-959c-ccd7dd15b2f9' finished successfully under session '054b2df7-64f9-4b78-8ecb-d63839bb254f'
Modify Logging Configuration