Logging configuration

Logging features

Unit4 Identity Services (U4IDS) has two logging related features:

• Development-time logging
• Production-time events

Development-time logging produces an extensive output and is mostly useful for developers, but can provide valuable diagnostics data for production. Note that development logging might store sensitive data and thus is typically not suitable for production use.

Serilog library

U4IDS uses the Serilog library for logging. By default U4IDS reads the Serilog from the AppSettings, so you can apply any setting that is recognized by Serilog. See the Serilog AppSettings documentation for details.

An example of how you could configure the log is shown below:

<add key="serilog:minimum-level" value="Debug" />
<add key="serilog:enrich:with-property:Version" value="1.0" />
<add key="serilog:write-to:Trace.outputTemplate" value="{Company} {Application} {Version} {Timestamp:yyyy-MM-dd HH:mm:ss.fff zzz} [{Level}] {Message}{NewLine}{Exception}" />

Note that the minimum level should be set to Information or higher when you run in production. See supported values here.

Production time events are forwarded to Serilog.

By default the logging to trace output is set with U4IDS. This is done with the following configuration entry:

<add key="serilog:using:Trace" value="Serilog.Sinks.Trace" />

Application Insights Serilog sink

U4IDS is prepared to use Azure's Application Insights collecting the trace logs. To use it one must add the Serilog sink to web.config:

<add key="serilog:using:ApplicationInsightsTraces" value="Serilog.Sinks.ApplicationInsights" />

and optionally the value of iunstrumentation key of the Application Insights object must be passed as below if it is different than the value of the site itself ApplicationInsightsInstrumentationKey:

<add key="serilog:write-to:ApplicationInsightsTraces.instrumentationKey" value="{key value}" />

IdentityServer3 logging options

By default U4IDS configures the diagnostics capabilities of IdentityServer3. You can override the default configuration using the following application settings:

• logging:enable-web-api-diagnostics - If enabled, Web API internal diagnostic logging will be forwarded to the log provider.
• logging:web-api-diagnostics-is-verbose - If enabled, the Web API diagnostics logging will be set to verbose.
• logging:enable-http-logging - If enabled, HTTP requests and responses will be logged.
• logging:enable-katana-logging - If enabled, the Katana log output will be logged (this is often useful to troubleshoot problems with external identity providers).

<add key="logging:enable-web-api-diagnostics" value="True" />
<add key="logging:web-api-diagnostics-is-verbose" value="False" />
<add key="logging:enable-http-logging" value="True" />
<add key="logging:enable-katana-logging" value="True" />

Cloud deployment

For cloud deployment, writing to trace and application insights is a good option as Azure provides infrastructure to view the trace log. U4IDS does not provide any advanced options such as writing log to blob or table storage when hosting the service in the cloud.