Log File Management

Body

KeyServer's essential software usage and computer logon data is recorded in a single structured file called "Usage Log" which is located at the top level of the KeyServer Data Folder. This file is used to produce reports in KeyConfigure or the Web UI.

The "Log File Management" dialog in the Config Menu is unrelated to the Usage Log - rather, it controls what is written to two types of text log. One is a diagnostic log and should only be used when requested by Sassafras Software Support. The other "Legacy Logs" duplicate much of the information which is written to the Usage Log, but in a much older and less useful format.

Finally there is an Admin Journal that records certain types of Events. Conceptually this is a bit similar to a Log File, but is named distinctly and should not lead to any confusion.

Diagnostic Log

The diagnostic log can be useful to Sassafras Software Support but won't be very informative to the KeyServer Administrator. The options in this pane control how much data is written to the diagnostic log. The default values are Verbose, 1024, and Notice for all remaining drop-downs. Write to Disk Immediately is unchecked by default. You should not change any of these settings unless instructed by Sassafras Software Support. This log is saved as diagnostic.log in the KeyServer Data Folder.

  • Level sets the overall maximum logging level. Even if individual items are set to a higher level, they will be overridden by this setting as a cap, but this does not override granular items set to a lower level. For example, if you set Helpers to Verbose but Level is set to Notice, Helpers will only log at Notice level not Verbose. If however Helpers is set to Notice and Level is Verbose, Helpers will log at Notice.
  • Max Size sets the maximum size of the diagnostic.log file, after which it will be cleared and new events are written to a fresh file. The previous full file is renamed to diagnostic.log~, which is overwritten when the next rollover would occur. This prevents an infinite fill up of logging on the hard drive.
  • Included Diagnostics allows you to set the various components of the KeyServer to log at different levels. In this way you can keep certain parts quiet while one specific area of troubleshooting is verbose. This can be capped by the top Level setting.
  • Write to Disk Immediately is very useful for troubleshooting as events are written live rather than being held in memory and written in chunks at intervals based on memory buffer.

Legacy Logs

There are several options available for organizing your log files. KeyServer's default is to swap log files every month, and to save old logs until there is no more disk space. It may be more useful to maintain separate logs for each day or week, depending on your KeyServer's usage load. You may also want to throw out old logs, by using the Delete on Auto-Swap option. The auto-swap options start a new log file at midnight after a specified number of days have passed, or alternately, after a log file has grown to a certain size. These logs are saved in the Log Files folder in the KeyServer Data Folder.

You may also want to use this dialog to change what information is written to the log, since much of it is now repeated in the more flexible Usage Log. See the section on Log File Contents below for more information.

Auto-Swap

KeyServer's log files grow with any client activity, and might eventually use up all disk space on the KeyServer computer. Before this happens, you must make room for a new log file either by using the Delete... button, or by telling KeyServer to automatically delete old log files (you may also manually delete old log files). You may wish to keep a compression utility on the KeyServer machine, and periodically compress old log files. However, you will not be able to delete compressed log files from within KeyConfigure.

The Auto-Swap at nnn Kbytes option keeps the size of your log files reasonable. When used with the Delete on Auto-Swap option, the KeyServer limits the amount of space used for its log files. This may be especially important when the KeyServer is running on the same computer as a file server.

You may also instruct the KeyServer to auto-swap the log file on a certain day. For example, you might want the swap to take place every Sunday night. The swap will always take place immediately after midnight on the date specified. To do this, check the Auto-Swap on button.

Whenever the log files are auto-swapped, the KeyServer performs the following steps:

  • If the Delete on Auto-Swap option is set, the previous log file is deleted (assuming it is still in the KeyServer Data Folder).
  • The active log file is demoted to previous log file.
  • A new log file is created and becomes the new active log file.

To maintain a complete record of KeyServer log transactions, leave the Delete on Auto-Swap option un-checked. To always keep a limited amount of log data, check off this option.

Log File Contents

The Log File Contents section contains a menu of settings, each of which enables a certain amount of information to enter the log file. You should select a setting that best suits your needs and desired use of the log file. The more information saved in the log file, the faster it will fill up your disk.

The following list details the information that is placed in the log file:

  • No Info Written to Log - New log files are created, but they remain empty as long as this option is selected. To avoid clutter in the KeyServer Data Folder, select Never Auto-Swap, so only one empty log file is created.
  • Diagnostic Info Only - Information pertaining to policy creation, policy configuration, server status, etc is written to the log. These types of information are not written to the Usage Log, so this option lets you use the Usage Log for reporting purposes, while still saving diagnostic information to the log file.
  • Program Specific Info Only - Information pertaining to specific programs (like launches and quits) is written in the log file when this option is selected.
  • Write All Information to Log - Both network specific and program specific information is written in the log file when this option is selected. This is KeyServer's default.

A large KeyServer installation with many Policies will find that their log files can quickly grow large. Since the events recorded in the KSUsage database are used by reports, you may want to configure Log Files for Diagnostic Info Only.

Details

Details

Article ID: 169550
Created
Thu 11/13/25 10:00 PM
Modified
Tue 11/25/25 11:47 PM