DocumentationDiscussions
DocumentationDiscussions
Hey! These docs are for version 4.2, which is no longer officially supported. Click here for the latest version, 2022.1!

Server Configuration

Many Seq options can be configured through the Settings section of the web user interface. Lower-level settings, especially those that control the HTTP endpoint, or require a restart to be applied, are stored in the Seq.json configuration file, and manipulated using the seq config command-line.

The seq config command-line

From an administrative command prompt on the Seq server, running seq config will list the available settings and their values:

seq config

Setting values can be changed by specifying the setting name and value:

seq config -k api.listenUris -v https://example.com,https://example.com:45341
seq config -k cache.systemRamTarget -v 0.8
seq config -k storage.prefferedEngine --clear
seq restart

Settings that accept multiple values can be specified by listing values separated by a comma ,.

Values can be reset to their defaults by specifying --clear and the setting name.

📘

Seq reads settings Seq.json at startup, so the Seq service must be restarted before changes will take effect.

Settings

api.avoidLdap

If True, the Windows local security authority will be used instead of LDAP in some features (experimental).

api.corsAllowedOrigins

Origins from which the full API will be accessible using CORS. Note that this is not necessary for ingestion - events can always be sent to the ingestion endpoint using CORS.

api.frameAllowFrom

Origins that may embed the Seq UI within an <iframe>.

api.ingestionPort

If present, only event ingestion will be allowed on the specified port. Note that a corresponding entry must exist in api.listenUris.

👍

Make sure that an entry for the port including the protocol and hostname to listen on is present in api.listenUris in addition to the ingestionPort setting.

This setting is used to separate access to the Seq UI and API from the network endpoint that receives logs. The typical requirement is for log ingestion to come in on a different host name and port from the ones used for the API, and the api.ingestionPort is used to lock this down.

For example, if you browse logs on https://logs.example.com, port 443, you might ingest logs on https://ingest.example.com:45341.

This is configured as:

seq config -k api.listenUris -v https://logs.example.com,https://ingest.example.com:45341
seq config -k api.ingestionPort -v 45341
seq restart

It's then a case of configuring network access rules differently for the two domain names (ideally two different IP addresses). The ingest.example.com domain, port 45341 can be exposed to accept events from apps, and logs.example.com port 443 locked down for internal access only.

It pays to double-check that everything is configured correctly by attempting to access the UI on the ingestion port - if the configuration is successful, you'll get a 403 - Forbidden there, while event ingestion will still be accepted.

api.integratedAuthenticationScheme

The authentication scheme used for Windows authentication. IntegratedWindowsAuthentication (the default) and Negotiate are supported.

api.listenUris

The addresses that the server will listen on. The first entry listed will be used as the default when generating URIs for apps and notifications.

api.redirectHttpToHttps

Whether to redirect HTTP requests to the first HTTPS endpoint listed in api.listenUris. If set to True, the HSTS header will also be set.

cache.compactLargeObjectHeap

Periodically compact the .NET large object heap to reduce fragmentation. May result in short service availability pauses (experimental).

cache.systemRamTarget

Seq uses RAM heavily to speed up query processing. On shared machines (or local developer workstations) it may be desirable to limit this behavior. Specifying a smaller fractional value here (e.g. 0.5) will cause Seq to release memory once system memory usage surpasses the threshold (e.g. 50%).

diagnostics.internalLoggingLevel

Seq's own internal logging level. Modifying this value may cause significantly higher I/O load and is not recommended.

diagnostics.internalLogPath

The location for Seq's own internal log files.

diagnostics.internalLogServerUrl

Send Seq's internal logs to another Seq server.

diagnostics.telemetryServerUrl

Send Seq's error telemetry (if enabled) to another Seq server.

storage.lmdb.extentMapSize

The maximum size, in bytes, of the memory map used for each LMDB storage extent.

storage.masterKey

The master encryption key used to protect sensitive values in the Seq document store. This is the master encryption key used when creating backups.

This value is itself encrypted and must be retrieved using the seq show-key command for secure backup.

🚧

This value cannot be manipulated directly as DPAPI is used to protect the value stored in Seq.json. Use the seq.exe show-key command to retrieve the cleartext key for backup purposes.

storage.preferredEngine

The preferred storage engine for new extents.

Seq.json Example

Seq stores configuration in Seq.json under the storage root path.

An example Seq.json file is shown below.

{
  "cache": {
    "systemRamTarget": 0.9,
    "compactLargeObjectHeap": false
  },
  "diagnostics": {
    "internalLogPath": null,
    "internalLoggingLevel": "Verbose",
    "internalLogServerUrl": null,
    "telemetryServerUrl": null
  },
  "api": {
    "listenUris": [
      "https://seq.example.com",
      "https://seq.example.com:45341"
    ],
    "ingestionPort": 45341,
    "corsAllowedOrigins": [],
    "frameAllowFrom": [],
    "integratedAuthenticationScheme": null,
    "redirectHttpToHttps": false,
    "avoidLdap": false
  },
  "storage": {
    "masterKey": "pmk.ubqX+TAzV06KRxpQML3zAw==",
    "preferredEngine": null,
    "lmdb": {
      "extentMapSize": 200000000000
    }
  }
}

Did this page help you?