PVWA-Vault logger

This topic describes the PVWA-Vault logger (Logic Container logger).

Overview

The Logic Container is a service in the Vault that is responsible for running application logic for reading/writing to the Vault database. This logic is part of any API request (initiated by an action in the PVWA UI or directly by a script).

Logging enables you to track all the activities carried out by the Logic container and to identify problems, if they occur.

The log file contains the appropriate correlation ID of the request initiated from the PVWA, running through the Logic Container, and eventually reaching the Vault database.

The following log file contains the activities of the Logic container:

  • BLServiceApp.log

The log file is created by the Logic Container and stored in the Vault. The log file is located in the $InstallationDirectory$\Logs folder, by default. You can set the location of the log file in the LogFolder parameter in the BLServiceApp.exe.config file.

 

If you change the location of the log file, make sure to manually add the log file to the log collection tool. For more information about this tool, see Collect Log Files.

A new log file is created when the Logic Container is started. The BLServiceApp.log file provides the ability to track business flows in the log file. It is built on top of a standard logging library, and has a clear log structure that enables troubleshooting failures without enabling debug mode.

File structure

Each line in the log has the following format:

<Date> <Severity> [<ThreadID>] <username> <CorrelationID> <Message> <Exception Details> [<Source>]

The following table describes the log fields.

Field

Description

Date

The date and time that the log entry was created.

Severity

The severity (log level) of the log entry. Valid levels (low to high): Debug, Info, Warning, Error, Critical.

ThreadID

The ID of the thread running the process that created the log entry.

Username

The name of the logged on user (when relevant).

CorrelationID

A unique ID attached to each request handled by the application. For details, see Correlate log entries.

Message

The log message itself.

Exception Details

Exception message and stack trace, when relevant.

Source

The class from which the log entry was written.

Log file example:

 
2021-05-23 21:49:28,448 INFO [7] AdminUser2 86edf03f-f11d-4d9f-8d21-8ee3a167b574 RunService | Logic container finished running service GetAllActivePlatforms from suite PIM | End [InfraBLService.BLService]

Log file rotation

The log file is rotated when reaching a maximum size defined in the logger configuration. For details, see Configure the logger.

When rotated, the closed file is renamed to Arc-{yyyyMMdd-HHmmss}.LC.log and archived, and a new BLServiceApp.log file is created.

Correlate log entries

You can correlate different log entries created from the same context between the PVWA and the Logic Container to distinguish between the different requests handled by the server.

When a new request arrives, a new context is created and is attached to the thread handling the request. This context contains a CorrelationID (GUID), and from that point it will be assigned to each log entry created on this thread.

 

Example

2021-05-26 17:06:46, 737 INFO [22] AdminUser1 7a40a459-61f6-41d2-bae5-d499a9f48ea0 The changes to the database were committed successfully [CyberArk.Server.Packages.Base.Executers.SqlCommandsExecuter] 2021-05-26 17:06:46, 784 INFO [22] AdminUser1 7a40a459-61f6-41d2-bae5-d499a9f48ea0 RunService | Logic container finished running service CreateAccountsCommand from suite PIM | End [InfraBLService.BLService]

Queue log entries

The BLServiceApp.log file queues all log entries created in a context (based on a Correlation ID), and flushes them to the file only when the execution of the request ends.

You can disable this feature in the configuration file, as described in Configure the logger. When disabled, each log entry is written to the file immediately.

When queuing is enabled and is combined with log entry severity, you can configure the logger to flush entries only when there is an entry that is equal to or higher than the one configured.

This is useful when troubleshooting failed requests because the log file contains all log entries created in that request's context, even without enabling a higher debug level.

Configure the logger

You can change the logger functionality by modifying the following values in the BLServiceApp.exe.config file.

 

We recommend that you back up the BLServiceApp.exe.config file before making any changes to the file.

Field

Description

IsNewLoggerEnabled

Determines whether the logger is enabled.

Default value: True

LogFolder

The location of the log files.

Default value: $InstallationDirectory$\Logs

QueueLogs

Determines whether log entries are queued in the context of each request before being written to the log.

When set to True, all log entries of specific context are written to the log if at least one log entry matches the value defined in the DebugLevel configuration.

When set to False, log entries are written to the log immediately, according to the value in the DebugLevel configuration. For more information, see Queue log entries.

Default value: True

DebugLevel

Set to one of the following levels:

  • None: MinSeverityToFlush = 3 (Warning - the default setting)

  • Low: MinSeverityToFlush = 2 (Info)

  • High/Profiling: MinSeverityToFlush =1 (Debug)

MaximumFileSize

Determines the maximum size in MB of a single log file. When a log file reaches this size, a new file is created.

Default value: 200 MB