Logs - Bulksign Documentation

Application Logs

Using the default configuration, Bulksign logs on the file system. The default log files path is :

c:\Program Files\Bulksign\Logs\

The log files configuration location is located at

c:\Program Files\Bulksign\Settings\

Each Bulksign component has its own logging configuration file :

dashboard.xml : log configuration file for Bulksign Dashboard

api.xml : log configuration file for WebApi

sign.xml : log configuration file for WebSign

service.xml : log configuration file for background service

adshim.xml : log configuration for ADShim project (if used)

Configure number of days to keep logs

To save disk space, it's possible to configure the number of days for which to keep the log files. By default Bulksign is configured to keep the log file for the last 300 days. This can be changed by editing the file c:\Program Files\Bulksign\Settings\Tasks\LogFileCleaner.ps1

$limit = (Get-Date).AddDays(-300)

Edit "-300" and set you desired value (please make sure the entered value is negative).

Configure a different path to keep the logs

Open each log configuration file (mentioned ta the previous step) and edit the path properties :

fileName="c:\Program Files\Bulksign\Logs\api.log"

archiveFileName="c:\Program Files\Bulksign\Logs\api_{#}.log"

Logs access for support scenarios

To ease up the support scenarios (when logs are needed for troubleshooting), we provide customers with a small web application that needs to be deployed on your server and allows our support team to access the application logs.

Installing this application is OPTIONAL and can be done by running install_logviewer.ps1 As part of the installation process, a login with random strong credentials is generated.

Other logging sources ?

Bulksign is using the NLog library for logging, here is a list of additional logging targets that can be configured . These include integrations with Splunk, CloudWatch, SNS, Loki, ElasticSearch etc.

Sensitive user information in logs

Using the default log level INFO, the logs are guaranteed to NOT contain sensitive user informations. The only exception to this is when using OIDC provider for signer authentication. In this case the logs with contain the FULL response from IDP server which will include the user name/email/other informations which might be sensitive.

Switching to DEBUG level logs, due to the nature of this particular log level and required information, there is NO guarantee that the logs will not contain sensitive user information. So please use DEBUG for troubleshooting but switch back to INFO after finishing the troubleshooting process.