# Logging {% hint style="info" %} Applicable to version 2.4 and above {% endhint %} ## AppConfig:LoggingConfig:WorkspaceId *Linux: AppConfig\_\_LoggingConfig\_\_WorkspaceId* **Value:** Guid **Description:** The WorkspaceID of your Log Analytics Workspace (shown in the Overview of the workspace). This is a required setting if you want to use Azure Monitor together with [SharedKey](#appconfig-loggingconfig-sharedkey). {% hint style="warning" %} This logging method is deprecated and Microsoft has announced to retire this logging API. Switch to AppConfig:LoggingConfig:DataCollectionEndpointUri and AppConfig:LoggingConfig:RuleId instead, as described in the [Log Management](/azure-configuration/log-configuration.md) article. {% endhint %} ## AppConfig:LoggingConfig:SharedKey *Linux: AppConfig\_\_LoggingConfig\_\_SharedKey* **Value:** String **Description:** Use one of the two keys for the Log Analytics Workspace. They are displayed if you access the Log Analytics Workspace on portal.azure.com and navigate to Settings/Agents, where you can unfold the "Log Analytics agent instructions" section. Use either the Primary or the Secondary key. This is a required setting if you want to use Azure Monitor, together with WorkspaceId. {% hint style="warning" %} This logging method is deprecated and Microsoft has announced to retire this logging API. Switch to AppConfig:LoggingConfig:DataCollectionEndpointUri and AppConfig:LoggingConfig:RuleId instead, as described in the [Log Management](/azure-configuration/log-configuration.md) article. {% endhint %} {% hint style="info" %} SCEPman Certificate Master does not support storing configuration values in Key Vault in the same way that the SCEPman core component does. There is a generic way to store App Service settings in Key Vault, though, which [Mika Berglund](https://mikaberglund.com/store-your-app-service-configuration-settings-in-azure-key-vault/) describes in his blog. In short, you must add Secrets-Get permission to the Certificate Master Managed Identity and, for the SharedKey, you would use `@Microsoft.KeyVault(SecretUri=https://YOURKEYVAULTNAMEHERE.vault.azure.net/secrets/appconfig--loggingconfig--sharedkey/)` as value for AppConfig:LoggingConfig:SharedKey. {% endhint %} ## AppConfig:LoggingConfig:DataCollectionEndpointUri *Linux: AppConfig\_\_LoggingConfig\_\_DataCollectionEndpointUri* **Value:** String **Description:** Used in conjunction with AppConfig:LoggingConfig:RuleId to log to a Log Analytics Workspace, authenticating with the Managed Identity of the App Service. This is the URI of the Data Collection Endpoint (DCE) of Azure Monitor. ## AppConfig:LoggingConfig:RuleId *Linux: AppConfig\_\_LoggingConfig\_\_RuleId* **Value**: String **Description:** Used in conjunction with AppConfig:LoggingConfig:DataCollectionEndpointUri to log to a Log Analytics Workspace, authenticating with the Managed Identity of the App Service. This setting is the immutable Id of the Data Collection Rule (DCR) resource. The Managed Identities of the App Services logging to the DCR need to be assigned the *Monitoring Metrics Publisher* role on the DCR. Usually, you won't configure this setting manually, as the SCEPman PS Module or Terraform Module do it for you and also assign the required role automatically when they create the DCR and DCE. ## AppConfig:LoggingConfig:AzureOfferingDomain *Linux: AppConfig\_\_LoggingConfig\_\_AzureOfferingDomain* **Value:** String **Description:** If the workspace is not in the Global Azure Cloud, you can configure the offering domain here. The default is 'azure.com'. {% hint style="danger" %} Changes can harm your service! {% endhint %} ## AppConfig:LoggingConfig:LogLevel *Linux: AppConfig\_\_LoggingConfig\_\_LogLevel* **Value:** Trace, Debug, Info, Warn, Error, Fatal **Description:** The minimum log level to be logged. The default is 'Info'. Only log entries with a log level equal or higher than the configured log level will be logged. Note that if you configure this setting to 'Trace' or 'Debug', log output might contain personal data like UPNs or IP addresses of users. If you want to avoid personal data in the log output, you should configure this setting to 'Info' or higher. ## AppConfig:LoggingConfig:AzureEventHubConnectionString *Linux: AppConfig\_\_LoggingConfig\_\_AzureEventHubConnectionString* {% hint style="info" %} Logging to Azure Event Hub is possible in version 2.7 and above {% endhint %} **Value:** String **Description:** The connection string to your Azure Event Hub. This is a required setting if you want to use Azure Event Hub. ## AppConfig:LoggingConfig:AzureEventHubName *Linux: AppConfig\_\_LoggingConfig\_\_AzureEventHubName* {% hint style="info" %} Logging to Azure Event Hub is possible in version 2.7 and above {% endhint %} **Value:** String **Description:** The name of your Azure Event Hub. This is a required setting if you want to use Azure Event Hub. ## AppConfig:LoggingConfig:AzureEventHubPartitionKey *Linux: AppConfig\_\_LoggingConfig\_\_AzureEventHubPartitionKey* {% hint style="info" %} Logging to Azure Event Hub is possible in version 2.7 and above {% endhint %} **Value:** String **Description:** The partition key of your Azure Event Hub. Setting this is optional. If you don't set this, this defaults to '0'. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.scepman.com/scepman-configuration/application-settings/logging.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.