As part of a security auditing we are in need of enforcing TLS 1.2 to avoid vulnerability exploits from previous versions. Is there any way to configure this kind of enforcement in SEQ? Reference: https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls
Posted by Pablo Biasotti about a year ago
Hi, Would it be possible to add the functionality to allow more than one provisioning rule for more than one AD group. I.E User AD group has one set of permissions, and Admin AD group provisions something else. All access is managed via AD in order for it to be properly audited, currently we have to manually add privileges. I know you can change the new user default permissions but that shifts the problem, rather than solving it. Thanks
Posted by Chriss Barnard about a year ago
Hi, I get an eventlog message stating Seq could not do or took a long time to process maintenance. Our logging store isn't even 20% of what we need to in the end, so if it is already a concern, how can we speed things up? The machine should be fast enough (storage runs about 150MB/sec) I feel something else is up... Can you give us a bit more insights on the message? The message is: seq (2228) Seq-856c47b15a8144b3b9a791066b1a3b79: Database Maintenance has completed a full pass on database 'C:\ProgramData\Seq\Extents\2018-04-04_2018-04-11\extent.seq'. This pass started on 9/10/2018 and ran for a total of 1461671 seconds (16 days). This database maintenance task exceeded the 7 day maintenance completion threshold. One or more of the following actions should be taken: increase the IO performance/throughput of the volume hosting the database, reduce the database size, and/or reduce non-database maintenance IO. 1280 pages seen
Posted by Danny Pijl about a year ago
What is the filter syntax for specifying that a property that is a collection must be nonempty? This information is not in the Collections section of the Filter Syntax page .  https://docs.getseq.net/docs#collections
Posted by Tyson Williams about a year ago
Hi guys, we are loving Seq so far! We have some critical business applications running as Windows services and scheduled tasks which log to Seq. One use case is we would like to create downtime alerts if these systems ever fail to start when they're supposed to. e.g. one service typically runs once per week between 10am and 11am on Wednesday. So we need to be notified if the service does not log anything during this window. We are able to filter by time of day using TimeOfDay easily enough... e.g. Application = 'MyApplication' and TimeOfDay(@Timestamp, 10) >= TimeSpan('10:00') and TimeOfDay(@Timestamp, 10) <= TimeSpan('11:00') ... but we're struggling to also filter by specific day of the week. Any tips would be greatly appreciated! Thanks, Andy
Posted by Andy about a year ago
I'm trying to get the latest value of my backup log entry. Following this guide: https://blog.getseq.net/latest-value-charts/ I'm getting this error on the dashboard widget: > The query could not be executed. > The `for window()` directive cannot be applied to this query because of embedded temporal clauses. The SQL is: select Last(S3Key) as Last from stream where @EventType = 0xECB23E88 limit 1 This works just fine from the Events page, just not in a Dashboard.
Posted by Andrew Davey about a year ago
We have installed Seq log on Azure VM and inbound rules on Network settings for that VM is configured to accept the requests URI: https:/domain:5341" We were trying to log the errors on to the server (Azure VM) from On-prem server, initially it was not reachable with 401 and then we configured inbound rules on that VM to open the port 5431 and then we ran to 403 issue. We have set the Source Port ranges to *, still nothing works. Can you please help us on this issue, and any workaround / setting on Azure portal to fix 403
Posted by Sairam B about a year ago
Hello, does Seq support a UDP interface for accepting log events? Our use case is that we want to send logging data to Seq, but if Seq is down we don't want our production systems to be affected -- we'd rather lose log events in this case. Our specific case would be using the NLog adapter, but I'd also be interested in more general information. I couldn't find anything about it in the documentation, except for a very brief mention on https://blog.getseq.net/serilog-tutorial/. Thanks! Will
Posted by Will about a year ago
Hi, our employees are interested to use your software to quickly identify and diagnose problems in complex applications and microservices. In order to do so I have to receive an official quote and raise a PO on our system, however in order to do so I need to set you up on our system as a new vendor. Please contact me on my email so I can send you a form for completion. Kind regards Agnieszka
Posted by Agnieszka Kusmirek about a year ago
We are no longer receiving logs on SEQ since last Friday morning. Two changes occurred at that time.... TLS 1.0 was disabled on all servers. ….. (it is now re-enabled on the SEQ server only) Windows updates were run on all servers. …..(all have been removed on the SEQ server only) Full error: App host failed unexpectedly System.IO.FileLoadException: Could not load file or assembly 'Serilog.Sinks.File, Version=184.108.40.206, Culture=neutral, PublicKeyToken=24c2f752a8e58a10' or one of its dependencies. The media is write protected. (Exception from HRESULT: 0x80070013) File name: 'Serilog.Sinks.File, Version=220.127.116.11, Culture=neutral, PublicKeyToken=24c2f752a8e58a10' at Serilog.Sinks.RollingFile.RollingFileSink.Dispose() at Serilog.LoggerConfiguration.<CreateLogger>b__28_0() at Seq.App.FileArchive.ArchiveWriterReactor.Dispose() at Seq.Apps.GenericHost.Program.<Main>d__0.MoveNext() WRN: Assembly binding logging is turned OFF. To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1. Note: There is some performance penalty associated with assembly bind failure logging. To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog]. Do we need TLS 1.0 turned back on for each server from which we are gathering logs? Is there a technical guide to securing the service protocols? Many thanks...we are done.
Posted by Andrea Stub about a year ago
I've recently turned on AAD authentication and I get an error telling me that my return url is incorrect. I've followed the instructions and add "/aad" onto the end of the root url but I cannot login. It may be because there were no users configured when I turned on AAD and now I'm locked out. I've tried going back to using basic authentication using seq.exe, but as I didn't have any users setup at all, I'm unable to do so as each time I try to a command like seq auth --basic -u=admin -p=admin it tells me that a user with that username was not found. Help! How do I recover my seqlog install?
Posted by Paul Endersby about a year ago
Hi. I've added an enrichment property to my logs called 'runSession'. It is the ticks of the current time when my app starts. The idea was that it would be applied to all my logs so that I could quickly everything from the 'last run' (this is for dev time). I can read it in Seq with this query. select max(runSession) from stream I was hoping to create a signal that would run this query, get the result and then filter on that - thereby allowing a quick way to filter to logs from the last session. Is this possible? Thanks :-)
Posted by DAMIEN F SAWYER about a year ago
Hi! I log the duration of different things to SEQ. And now I'm trying to create a dashboard that will show how many logs there are in different duration ranges. For example, I'd like to have a plot for the number of logs with duration 0-5seconds, one plot for logs with 5-10seconds, one for 10-30seconds, etc. Is this possible? I'm trying something like this, but I cant get it to work select COUNT(*) as NumberOfInserts, SUM(duration > 5000) as slow, SUM(duration > 10000) as slower from stream where EventId.Id = 99 group by time(1h) limit 10000 Would it be possible?
Posted by Joel about a year ago
Hi I would love to be able to expose some Seq dashboards to people that is not users in Seq. To somehow be able to select a dashboard, or individual widgets from the dashboard to be made public. I would also like some way of creating mincharts or banners that could be embedded in other pages. E.g. i would like to write a query (connections per minute), and see the resulting number in a banner or small image in our TFS home page. This would be a bit like badges in sonarqube: https://docs.gitlab.com/ee/user/project/img/project_overview_badges.png
Posted by Henrik Jepsen Gering about a year ago