Application logs


Application logging allows applications to have their own, separate logs that can be retrieved for later use by the App Provider. When enabled, anything logged to the console by the app will go to a separate folder and file in the OpenFin installation directory. OpenFin App Log Management, enables App Providers to encrypt and deliver their logs to a designated remote location. Log owners are able to download and decrypt their logs with a private key via OpenFin’s Log Management command line tool or Log Management Service API.

How it works

All app messages written to the console are written to a login the RVM’s installation directory in the app’s subfolder.

Examples: console.log,, console.warn, console.error

  • Enable App Log Management via your App Manifest setting: (JSON)
  "licenseKey": "contract_identifier",
  "startup_app": {
    "enableAppLogging": true,
    "logManagement": {
      "enabled": true
  • Logs are queued by the runtime and written periodically to the file by the RVM.

  • On App close, the RVM zips up an app log file and places it in an archive folder in the app’s subfolder under the RVM’s installation directory then uploads the zipped file to the specified remote app log manager server.

  • Alternatively logs can be sent on-demand via the runtime API sendApplicationLog (available in runtime 10+) (RVM 4.6+)

  • (Optional) Logs can be associated with a developer-specified username in order to retrieve app logs by a specific username using the setAppLogUsername runtime API (RVM 4.6+, Runtime If a username is set, logs for the session can be retrieved by username from the Log Management CLI.


Log management requires RVM and a valid OpenFin licenseKey.

Sample app config to enable log management: (JSON)

  "licenseKey": "valid_license_key",
  "runtime": {
    "version": ""
  "startup_app": {
    "name": "MyApp",
    "uuid": "33aa9062-9eb0-4875-b819-c90f38ef03ea",
    "url": "http://localhost:8000/index.html",
    "autoShow": true,
    "defaultWidth": 500,
    "defaultHeight": 500,
    "enableAppLogging": true,
    "logManagement": {
      "enabled": true,
      "encryptionKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgwkcjRyJlC8kqcUEFKgX+krQBzi7Vq8wppBmIdGRZw1u89z33PfgzPbls8PoOvR7y5e21RgDMCWQA82iIPl0S0EVuTh2KaAd+t/H5uad/P+7WWKOzPBLXGJ8F3wh+DArblDEwe4E4QTYqBgVK3w7+ImI2T+AwGN900jM73uE2D5qUlGMgbtejEd+QF990hoPGP9wc4Uwx2Unn6354eTZQCJmJFQ5lQRFKGrWvP+k3/2Z7rrYvuuA/0uadqWuiJYVlMDrtcWgEfO7JWIl0zMi8g63OkewnSqV8m2JJxyCN1YVUBHvKkLxBne5nAAxKC/Ud3DlOtLLTm1VevcM4P7YQIDAQAB"


All logs are stored on AWS S3 in the us-east-1 region replicated in multiple zones and us-west-1 for increased availability. Data in S3 is encrypted by Amazon. If encryption is enabled, a private key set by the desktop is required to view the logs in human-readable form. OpenFin will never delete the logs; only the customer will.

API keys

Please contact [email protected] to get an API key.


To encrypt application logs, the App Provider needs to create a public and private RSA key pair, and supply the public key in the app manifest as the startup_app.logManagement.encryptionKey property, encoded in base64.

The following procedure is followed for encryption of the zipped log file:

  1. An AES-256-CBC key K and initialization vector IV are randomly generated.
  2. K and IV are used to encrypt the file, resulting in the ciphertext C_F.
  3. K and IV are encrypted with the user’s RSA public key using RSAES-OAEP with SHA-1, resulting in the encrypted key C_K, and encrypted initialization vector C_IV.
  4. C_F, C_K, and C_IV are uploaded to the log manager.

Thus, the decryption process is as follows:

  1. C_F, C_K, and C_IV are retrieved from the log manager with a GET request.
  2. C_K and C_IV are decrypted with the user’s RSA private key, giving the decrypted K and IV.
  3. K and IV are used to decrypt C_F, giving the decrypted file.

Encryption workflow

Decryption workflow

Did this page help you?