Logging & Diagnostics
AppProfileSafe maintains two separate logging systems: an application log for operational diagnostics and an audit log for compliance-grade event tracking. Both write CSV files with automatic rotation and configurable retention. A diagnostics bundle feature collects all relevant data into a single ZIP archive for support scenarios.
Application Log
The application log records operational events such as startup messages, configuration loading, export/import progress, and errors. It is the primary resource for troubleshooting.
| Property | Details |
|---|---|
| File name | app.csv |
| Location | Configured via <LogFolder> in settings.xml. Default: %ProgramData%\IT-Consulting Kinner\AppProfileSafe\Log |
| Format | CSV (RFC 4180), UTF-8 without BOM. Columns: Timestamp, LogLevel, Component, Message |
| Rotation | When app.csv exceeds MaxLogSizeBytes, it is renamed to app.1.csv and a new file is created. Older files shift upward (app.1.csv → app.2.csv, etc.). Files beyond MaxLogFiles are deleted. |
Log Levels
Each log entry is tagged with one of four severity levels:
| Level | Purpose |
|---|---|
Debug |
Verbose trace output for detailed diagnostics (e.g. per-event SIEM/Webhook forwarding confirmations) |
Info |
Normal operational messages (startup, configuration loaded, operation completed) |
Warn |
Non-critical issues that may require attention (partial failures, subscriber errors) |
Error |
Failures that prevented an operation from completing |
Logging Configuration
Log rotation is controlled by two settings in settings.xml under the <Logging> element:
<Logging>
<MaxLogSizeBytes>10485760</MaxLogSizeBytes>
<MaxLogFiles>10</MaxLogFiles>
</Logging>| Setting | Default | Description |
|---|---|---|
MaxLogSizeBytes |
10485760 (10 MB) | Maximum size of app.csv before rotation is triggered |
MaxLogFiles |
10 | Maximum number of rotated log files to keep. Oldest files are deleted when this limit is exceeded. |
Both values must be at least 1. If a value below 1 is set, the default is used instead.
Audit Log
The audit log is a separate, compliance-grade trail of all security-relevant operations. Unlike the application log, it is designed for tamper detection and regulatory requirements (GDPR, ISO 27001, SOC 2, HIPAA).
| Property | Details |
|---|---|
| File name | audit_YYYY-MM.csv (one file per calendar month) |
| Location | Configured via <AuditFolder> in settings.xml. Default: %ProgramData%\IT-Consulting Kinner\AppProfileSafe\Audit |
| Integrity | Each entry contains a SHA-256 hash and a reference to the previous entry's hash, forming a hash chain. HMAC keys are stored in Windows Credential Manager. |
| Retention | Configurable via <Audit><RetentionDays> in settings.xml. Default: 365 days. |
Every audit entry records WHO (user, SID), WHAT (action, target, success/failure), WHEN (UTC timestamp, sequence number), and WHERE (machine, OS, app version, interface). For details, see Audit Logging.
Diagnostics Bundle
The diagnostics bundle creates a ZIP archive that collects all information needed for troubleshooting or support requests. The bundle includes:
- Configuration files — siem.xml, webhook.xml, redaction.xml, eventpipeline.xml, and all XSD schemas
- Health snapshot — Current result of all health checks (JSON)
- Event pipeline state — Queue summary and up to 100 recent dead-letter entries
- Recent log files — The 3 most recent application log files
- Recent reports — The 5 most recent report files
- Environment info — Machine name, user, OS version, .NET version, app version, available disk space
The output file is named diagnostics_YYYYMMDD_HHmmss.zip. For step-by-step instructions, see Creating a Diagnostics Bundle.
Topics in This Section
- Where to Find Logs — File locations for application logs and audit logs
- Audit Logging — Hash-chain integrity, CSV columns, audit actions, and compliance details
- Audit Log Viewer (GUI) — Browse, filter, and verify audit entries in the GUI
- Creating a Diagnostics Bundle — Generate a ZIP archive for support and troubleshooting