Configure Logging

By default, the Keyfactor Remote CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. Gateway ConnectorClosed The Keyfactor Gateway Connector is installed in the customer forest to provide a connection between the on-premise CA and the Azure-hosted, Keyfactor managed Hosted Configuration Portal to provide support for synchronization, enrollment and management of certificates through the Azure-hosted instance of Keyfactor Command for the on-premise CA. It is supported on both Windows and Linux. places its log files in the logs directory under the installed directory, generates logs at the "Info" logging level and stores logs for two days before deleting them. If you wish to change these defaults, follow the directions below for your installation type.

  1. On the Windows server where you wish to adjust logging, open a text editor (e.g. Notepad) using the "Run as administrator" option.

  2. In the text editor, browse to open the Nlog.config file for the Keyfactor Remote CA Gateway Connector. The file is located in the configuration directory within the install directory, which is the following directory by default:

    C:\Program Files\Keyfactor\Keyfactor Gateway Connector\configuration

  3. Your Nlog.config file may have a slightly different layout than shown here, but it will contain the four fields highlighted in Figure 5: Keyfactor Remote CA Gateway Connector on Windows NLog.config File. The fields you may wish to edit are:

    • fileName="C:\Program Files\Keyfactor\Keyfactor Gateway ConnectorClosed The Keyfactor Gateway Connector is installed in the customer forest to provide a connection between the on-premise CA and the Azure-hosted, Keyfactor managed Hosted Configuration Portal to provide support for synchronization, enrollment and management of certificates through the Azure-hosted instance of Keyfactor Command for the on-premise CA. It is supported on both Windows and Linux.\logs\Gateway_Connector_Log.txt"

      The path and file name of the active gateway connector log file.

      Important:  If you choose to change the path for storage of the log files, you will need to create the new directory (e.g. D:\ConnectorLogs) and grant the service account under which the Keyfactor Remote CA Gateway Connector is running full control permissions on this directory.

    • archiveFileName="C:\Program Files\Keyfactor\Keyfactor Gateway Connector\logs\Log_Archive_{#}.txt"

      The path and file name of previous days' gateway connectorr log files. The gateway connector rotates log files daily and names the previous files using this naming convention.

    • maxArchiveFiles="2"

      The number of archive files to retain before deletion.

    • name="*" minlevel="Info" writeTo="logfile"

      The level of log detail that should be generated and output to the log file. The default "Info" level logs error and some informational data but at a minimal level to avoid generating large log files. For troubleshooting, it may be desirable to set the logging level to "Debug" or "Trace". Available log levels (in order of increasing verbosity) are:

      • OFF—No logging

      • FATAL—Log severe errors that cause early termination

      • ERROR—Log severe errors and other runtime errors or unexpected conditions that may not cause early termination

      • WARN—Log errors and use of deprecated APIs, poor use of APIs, "almost" errors, and other runtime situations that are undesirable or unexpected but not necessarily "wrong"

      • INFO—Log all of the above plus runtime events (startup/shutdown)

      • DEBUG—Log all of the above plus detailed information on the flow through the system

      • TRACE—Maximum log information—this option can generate VERY large log files

Figure 5: Keyfactor Remote CA Gateway Connector on Windows NLog.config File

  1. On the Keyfactor Remote CA Gateway Connector machine where you wish to adjust logging, open a command shell and change to the directory in which the gateway connector is installed. By default this is /opt/keyfactor-gateway-connector.
  2. In the command shell in the directory in which the gateway connector is installed, change to the configuration directory.

  3. Using a text editor, open the nlog.config file in the configuration directory. Your nlog.config file may have a slightly different layout than shown here, but it will contain the five fields highlighted in the below figure. The fields you may wish to edit are:

    • fileName="/opt/keyfactor-gateway-connector/logs/Gateway_Connector_Log.txt"

      The path and file name of the active gateway connector log file.

      Important:  If you choose to change the path for storage of the log files, you will need to create the new directory (e.g. /opt/kyflogs) and grant the service account under which the keyfactor-gateway-connector-default service is running full control permissions on this directory.

    • archiveFileName="/opt/keyfactor-gateway-connector/logs/Log_Archive_{#}.txt"

      The path and file name of previous days' gateway connector log files. The gateway connector rotates log files daily and names the previous files using this naming convention.

    • maxArchiveFiles="2"

      The number of archive files to retain before deletion.

    • name="*" minlevel="Info" writeTo="logfile"

      The level of log detail that should be generated and output to the log file. The default "Info" level logs error and some informational data but at a minimal level to avoid generating large log files. For troubleshooting, it may be desirable to set the logging level to "Debug" or "Trace". Available log levels (in order of increasing verbosity) are:

      • OFF—No logging

      • FATAL—Log severe errors that cause early termination

      • ERROR—Log severe errors and other runtime errors or unexpected conditions that may not cause early termination

      • WARN—Log errors and use of deprecated APIs, poor use of APIs, "almost" errors, and other runtime situations that are undesirable or unexpected but not necessarily "wrong"

      • INFO—Log all of the above plus runtime events (startup/shutdown)

      • DEBUG—Log all of the above plus detailed information on the flow through the system

      • TRACE—Maximum log information—this option can generate VERY large log files

Figure 6: Keyfactor Remote CA Gateway Connector on Linux NLog.config File