Configure Logging

By default, the Keyfactor Cloud Gateway outputs logging information to both the Windows event log and the local file system, places file system log files in the c:\cms\logs directory, generates file system logs at the Info logging level, and stores file system logs for two days before deleting them. If you wish to change these defaults:

  1. On the Keyfactor Cloud Gateway server where you wish to adjust logging, open a text editor (e.g. Notepad) using the “Run as administrator” option.

  2. In the text editor, browse to open the Nlog.config file in the directory in which you installed the Keyfactor Cloud Gateway. By default, this is the following directory:

    C:\Program Files\Keyfactor\Keyfactor Managed CA Gateway

  3. Your Nlog.config file may have a slightly different layout than shown here, but it will contain the four fields highlighted in the below figure. The fields you may wish to edit are:

    • The path and file name of the active CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. gateway log file:

      fileName="C:\cms\logs\CA_Gateway_Log.txt"
      Important:  If you choose to change the path for storage of the log files, you will need to create the new directory (e.g. D:\GatewayLogs) and grant the service account(s) under which the CA gateway services run full control permissions on this directory.
      Tip:  If you're using clustering, you may want to set the path to a location on your shared storage disk accessible to all nodes so that all nodes in the cluster will write logs to the same location.

    • The path and file name of previous days' CA gateway log files:

      archiveFileName="c:\cms\logs\CA_Gateway_Log_Archive_{#}.txt"

      The CA gateway rotates log files daily and names the previous files using this naming convention.

      Tip:  If you're using clustering, you may want to set the path to a location on your shared storage disk accessible to all nodes so that all nodes in the cluster will archive logs to the same location.

    • The number of archive files to retain before deletion:

      maxArchiveFiles="2"

    • The level of log detail that should be generated:

      name="*" minlevel="Info"

      The default Info level logs error and some informational data but at a minimal level to avoid generating large log files. For troubleshooting, it may be desirable to set the logging level to Debug or Trace. Available log levels (in order of increasing verbosity) are:

      • OFF – No logging

      • FATAL – Log severe errors that cause early termination

      • ERROR – Log severe errors and other runtime errors or unexpected conditions that may not cause early termination

      • WARN – Log errors and use of deprecated APIs, poor use of APIs, almost errors, and other runtime situations that are undesirable or unexpected but not necessarily wrong

      • INFO – Log all of the above plus runtime events (startup/shutdown)

      • DEBUG – Log all of the above plus detailed information on the flow through the system

      • TRACE – Maximum log information—this option can generate VERY large log files

Figure 705: NLog.config File for the Keyfactor Cloud Gateway

Tip:  The NLog.config file also contains a few filters that eliminate log messages of certain types from logging at debug and trace level as they can be chatty and may not be helpful except in special cases. You may find it helpful to emulate these with filters of your own when troubleshooting.