Deployment Checklist
A checklist for deploying Seq in production
Seq is extremely fast and easy to set up in its default configuration, and going to production isn't much harder. There are a few things to take care of that will ensure smooth, secure operation of Seq as a critical part of your operations infrastructure.
Use the handy checklist below to make sure nothing is missed.
| Task | Description | Find out more |
|---|---|---|
| Purchase a Multi-User License | For deployments used by more than one person, a multi-user Seq license will be needed. | Seq Pricing |
| Provision Hardware | Seq needs enough hardware capacity to perform under the expected load. There are some rules of thumb to help make an initial estimate. | System Requirements |
| Software Prerequisites | Windows Server 2012 R2 or better and .NET 4.6 are needed. | System Requirements |
| Create a Service Account | It is best practice to use an unprivileged machine account to run the Seq service. This should be a local Windows account on the target server (by default Local System is used otherwise). | Service Account Requirements |
| Choose a Storage Location | Choose a location on disk where Seq will store log data. On cloud VMs, an option with local redundancy is recommended (e.g. an attached data disk on Azure). | |
| Obtain and Install an SSL Certificate | Unless SSL is terminated at a load balancer, a certificate will be needed for the domain Seq is hosted on. | SSL |
| Install Seq | Install Seq from MSI on the target server. Skip Install or start the Seq service when prompted, or run seq.exe stop && seq.exe uninstall afterwards to remove the default http://localhost:5341 service instance. | |
| Configure the Seq Service | Run seq.exe install passing appropriate --storage, --listen and --username arguments. | Storage, URLs |
| Bind the SSL Certificate | The SSL certificate must be associated with the port used by Seq. This is done with the seq.exe bind-ssl command-line. | SSL |
| Configure an Ingestion Port | If the server accepts events from the open Internet, setting up a dedicated port for ingestion can assist with firewall/load balancer/security group configuration. | api.ingestionPort |
| Save your Seq Master Encryption Key | On the Seq server, run seq.exe show-key and copy the resulting key to a secure location. | Backup and Restore |
| Start Seq | If you haven't already, run seq.exe start and view Seq in your browser. | |
| Import your Seq License | Paste your Seq license key into Settings > License and save changes. | |
| Enable Authentication | Under Settings > Users, enable authentication and set up the admin user account. | Managing Users, Active Directory, Azure Active Directory |
| Configure the Backup Location | Under Settings > Backup, make sure daily backups are stored to an appropriate drive. | Backup and Restore |
| Require API Keys | We recommend all apps logging to Seq use a distinct API key; enforce this under Settings > API Keys. | API Keys |
| Configure Retention Policies | Make sure at least one retention policy is configured, so that disk space isn't exhausted. | Retention Policies |
| Exclude Log Storage from Virus Scanning | Seq stores log data in the Stream subdirectory under its storage root path (by default, C:\ProgramData\Seq); excluding this location from virus scanners like Windows Defender can improve performance and prevent inadvertent screening of log data files. | Windows Defender Instructions |
Remember that we're here to help if you get stuck at any point!
Check out our Azure installation guide if you're installing Seq in Microsoft Azure.
Updated almost 4 years ago