OpenFin

Log Management

Overview

Application logging allows applications to have their own, separate logs that can be retrieved for later use by the App Provider. When enabled, anything logged to the console by the app will go to a separate folder and file in the OpenFin installation directory. OpenFin App Log Management, enables App Providers to encrypt and deliver their logs to a designated remote location. Log owners are able to download and decrypt their logs with a private key via OpenFin’s Log Management command line tool or Log Management Service API.

How it works

All app messages written to the console are written to a log in the RVM’s installation directory in the app’s subfolder.

Examples: console.log, console.info, console.warn, console.error

  • Enable App Log Management via your App Manifest setting:
{
  "startup_app": {
    "licenseKey": "valid_license_key",
    "enableAppLogging": true,
    "logManagement": {
      "enabled": true
    }
  }
}
  • Logs are queued by the runtime and written periodically to the file by the RVM.

  • On App close, the RVM zips up an app log file and places it in an archive folder in the app’s subfolder under the RVM’s installation directory then uploads the zipped file to the specified remote app log manager server.

  • Alternatively logs can be sent on-demand via the runtime API sendApplicationLog (not yet stable, will be available in runtime 10+) (RVM 4.6+)

  • (Optional) Logs can be associated with a developer-specified username in order to retrieve app logs by a specific username using the setAppLogUsername runtime API (RVM 4.6+, Runtime 9.61.37.46+). If a username is set, logs for the session can be retrieved by username from the Log Management CLI.

Usage

Log management requires RVM 4.4.0.13+ and a valid OpenFin licenseKey.

Sample app config to enable log management:

{
  "licenseKey": "valid_license_key",
  "runtime": {
    "version": "9.61.31.76"
  },
  "startup_app": {
    "name": "MyApp",
    "uuid": "33aa9062-9eb0-4875-b819-c90f38ef03ea",
    "url": "http://localhost:8000/index.html",
    "autoShow": true,
    "defaultWidth": 500,
    "defaultHeight": 500,
    "enableAppLogging": true,
    "logManagement": {
      "enabled": true,
      "encryptionKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgwkcjRyJlC8kqcUEFKgX+krQBzi7Vq8wppBmIdGRZw1u89z33PfgzPbls8PoOvR7y5e21RgDMCWQA82iIPl0S0EVuTh2KaAd+t/H5uad/P+7WWKOzPBLXGJ8F3wh+DArblDEwe4E4QTYqBgVK3w7+ImI2T+AwGN900jM73uE2D5qUlGMgbtejEd+QF990hoPGP9wc4Uwx2Unn6354eTZQCJmJFQ5lQRFKGrWvP+k3/2Z7rrYvuuA/0uadqWuiJYVlMDrtcWgEfO7JWIl0zMi8g63OkewnSqV8m2JJxyCN1YVUBHvKkLxBne5nAAxKC/Ud3DlOtLLTm1VevcM4P7YQIDAQAB"
    }
  }
}

Storage

All logs are stored on AWS S3 in the us-east-1 region replicated in multiple zones and us-west-1 for increased availability. Data in S3 is encrypted by Amazon. If encryption is enabled, a private key set by the desktop is required to view the logs in human-readable form. OpenFin will never delete the logs; only the customer will.

Privacy

OpenFin does not consume personally identifiable information from machines using this feature.

API keys

Please contact support@openfin.co to get an API key.

Encryption

To encrypt application logs, the App Provider needs to create a public and private RSA key pair, and supply the public key in the app manifest as the startup_app.logManagement.encryptionKey property, encoded in base64.

The following procedure is followed for encryption of the zipped log file:

  1. An AES-256-CBC key K and initialization vector IV are randomly generated.
  2. K and IV are used to encrypt the file, resulting in the ciphertext C_F.
  3. K and IV are encrypted with the user’s RSA public key using RSAES-OAEP with SHA-1, resulting in the encrypted key C_K, and encrypted initialization vector C_IV.
  4. C_F, C_K, and C_IV are uploaded to the log manager.

Thus, the decryption process is as follows:

  1. C_F, C_K, and C_IV are retrieved from the log manager with a GET request.
  2. C_K and C_IV are decrypted with the user’s RSA private key, giving the decrypted K and IV.
  3. K and IV are used to decrypt C_F, giving the decrypted file.

Encryption:

Decrypting a file:

Log Management


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.