DocumentationDiscussions
DocumentationDiscussions

Deployment Checklist

A checklist for deploying Seq in production

Seq is extremely fast and easy to set up in its default configuration, and going to production isn't much harder. There are a few things to take care of that will ensure smooth, secure operation of Seq as a critical part of your operations infrastructure.

Use the handy checklist below to make sure nothing is missed.

Task

Description

Find out more

Purchase a Multi-User License

For deployments used by more than one person, a multi-user Seq license will be needed.

Seq Pricing

Provision Hardware

Seq needs enough hardware capacity to perform under the expected load. There are some rules of thumb to help make an initial estimate.

System Requirements

Software Prerequisites

Windows Server 2012 R2 or better is needed.

System Requirements

Choose a Storage Location

Choose a location on disk where Seq will store log data. On cloud VMs, an option with local redundancy is recommended (e.g. an attached data disk on Azure).

Obtain and Install an SSL Certificate

Unless SSL is terminated at a load balancer, a certificate will be needed for the domain Seq is hosted on.

SSL

Install Seq

Install Seq from MSI on the target server.

Storage, URLs

Set up a Service Account

It is best practice to use an unprivileged machine account to run the Seq service. This should be a local Windows account on the target server (by default Local System is used otherwise).

Service Account Requirements

Bind the SSL Certificate

The SSL certificate must be associated with the port used by Seq. This is done with the seq bind-ssl command-line.

SSL

Configure an Ingestion Port

If the server accepts events from the open Internet, setting up a dedicated port for ingestion can assist with firewall/load balancer/security group configuration.

api.ingestionPort

Set a Canonical URI

If the server is behind a load balancer/reverse proxy, set api.canonicalUri so that generated URLs point back to the public address, rather than the internal address of the Seq instance.

Server Configuration

Save your Secret Encryption Key

On the Seq server, run seq.exe show-key and copy the resulting key to a secure location.

Backup and Restore

Start Seq

If you haven't already, run seq service start and view Seq in your browser.

Import your Seq License

Paste your Seq license key into Settings > License and save changes.

Enable Authentication

Under Settings > Users, enable authentication and set up the admin user account.

Managing Users, Active Directory, Azure Active Directory

Configure the Backup Location

Under Settings > Backup, make sure daily backups are stored to an appropriate drive.

Backup and Restore

Require API Keys

We recommend all apps logging to Seq use a distinct API key; enforce this under Settings > API Keys.

API Keys

Configure Retention Policies

Make sure at least one retention policy is configured, so that disk space isn't exhausted.

Retention Policies

Exclude Log Storage from Virus Scanning

Seq stores log data in the Stream subdirectory under its storage root path (by default, C:\ProgramData\Seq); excluding this location from virus scanners like Windows Defender can improve performance and prevent inadvertent screening of log data files.

Windows Defender Instructions

Open ports in Windows Firewall

For the Seq UI and ingestion endpoints to be visible across the network, the ports on which Seq is served need to be opened in Windows Firewall (or your chosen firewall software)

Windows Firewall Instructions

Remember that we're here to help if you get stuck at any point.

👍

Check out our Azure installation guide if you're installing Seq in Microsoft Azure.


Did this page help you?