DocumentationDiscussions
DocumentationDiscussions

Deployment Checklist

A checklist for deploying Seq to Windows in production

Seq is extremely fast and easy to set up in its default configuration, and going to production isn't much harder. There are a few things to take care of that will ensure smooth, secure operation of Seq as a critical part of your operations infrastructure.

Use the handy checklist below to make sure nothing is missed.

TaskDescriptionFind out more
Provision HardwareSeq needs enough hardware capacity to perform under the expected load. There are some rules of thumb to help make an initial estimate.System Requirements
Software PrerequisitesWindows Server 2012 R2 or better is needed.System Requirements
Choose a Storage LocationChoose a location on disk where Seq will store log data. On cloud VMs, an option with local redundancy is recommended (e.g. an attached data disk on Azure).
Obtain and Install an SSL CertificateUnless SSL is terminated at a load balancer, a certificate will be needed for the domain Seq is hosted on.SSL
Install SeqInstall Seq from MSI on the target server. Use the Seq Service Administration wizard to select a URI to listen on, and to bind the SSL certificate. Set a strong password.Storage, URLs, HTTPS (TLS/SSL)
Configure an Ingestion PortIf the server accepts events from the open Internet, setting up a dedicated port for ingestion can assist with firewall/load balancer/security group configuration.api.ingestionPort
Set a Canonical URIIf the server is behind a load balancer/reverse proxy, set api.canonicalUri so that generated URLs point back to the public address, rather than the internal address of the Seq instance.Server Configuration
Save your Secret Encryption KeyOn the Seq server, run seq.exe show-key and copy the resulting key to a secure location.Backup and Restore
Connect your Seq SubscriptionPaste your Seq subscription license key into Settings > License and save changes.
Configure the Backup LocationUnder Settings > Backup, make sure daily backups are stored to an appropriate drive. Make sure that the Seq service account (SeqDefaultInstance, by default), is granted write access to this location.Backup and Restore
Require API KeysWe recommend all apps logging to Seq use a distinct API key; enforce this under Settings > API Keys.API Keys
Configure Retention PoliciesMake sure at least one retention policy is configured, so that disk space isn't exhausted.Retention Policies
Exclude Log Storage from Virus ScanningSeq stores log data in the Stream subdirectory under its storage root path (by default, C:\ProgramData\Seq); excluding this location from virus scanners like Windows Defender can improve performance and prevent inadvertent screening of log data files.Windows Defender Instructions
Open ports in Windows FirewallFor the Seq UI and ingestion endpoints to be visible across the network, the ports on which Seq is served need to be opened in Windows Firewall (or your chosen firewall software).Windows Firewall Instructions
Consider Configuring an Authentication Provider with 2FASeq's built-in username/password authentication provider does not support two-factor authentication; configuring a provider with 2FA is highly recommended, whenever possible.OpenID Connect Authentication, Azure Active Directory Authentication

The Seq support team is here to help if you have questions, or if you run into any trouble.

👍

Check out our Azure installation guide if you're installing Seq in Microsoft Azure.