Orchestrator Diagnostic Logs
These are diagnostic logs generated by UiPath Orchestrator regarding its behavior.
Enabling UiPath Orchestrator Diagnostic Logs
The UiPath Orchestrator Diagnostic Logs are enabled once UiPath Orchestrator is successfully installed. They rely on the NLog infrastructure and their configuration can be found in the UiPath.Orchestrator.dll.config
file, under the <nlog>
tag.
Note
Please keep in mind that both server exceptions from Orchestrator, and the stack trace on the Job Details window, are logged in English, regardless of what language was chosen by the user.
Targets of the UiPath Orchestrator Diagnostic Logs
All application logs are logged to the Event Viewer at the minimum logging level of Information. This is specified by the following lines in the UiPath.Orchestrator.dll.config
file:
<target xsi:type="EventLog" name="eventLog" layout="${message}" source="Orchestrator" log="Application" />
<logger name="*" minlevel="Info" writeTo="eventLog" />
Logs generated by business and other validation rules have a separate target and logger:
<target xsi:type="EventLog" name="businessExceptionEventLog" layout="${message}${onexception:${exception:format=tostring:maxInnerExceptionLevel=5:innerFormat=tostring}}" source="Orchestrator.BusinessException" log="Application" />
<logger name="BusinessException.*" minlevel="Info" writeTo="businessExceptionEventLog" final="true" />
These types of error messages are logged in the Event Viewer in the following cases:
- validation issues such as:
Invalid username/email address or password.
The machine name DOC is already taken
- business conflicts such as:
License expired!
The floating robot's session is already active on machine ROQADOCS06!
The robots already have pending jobs for this Process.
- not found exceptions such as:
QueueName1 does not exist.
Orchestrator Execution Logs
The Orchestrator Execution Logs are sent by the Robots connected to it and are displayed in the Logs section of the Jobs or Robots pages. The application receives the data from the Robots, adds its own parameters (TenantID, FolderID, and forwards the messages to different targets, as specified in the <nlog>
section from the UiPath.Orchestrator.dll.config
file.
Targets of the Orchestrator Execution Logs
By default, all Robot logs are sent to the Logs table of the Default Orchestrator Database, where UiPath Orchestrator stores other information, but the UiPath.Orchestrator.dll.config
file can be configured to send them to a different Database as well.
The Logs page displays information from the Logs table of the Default Database. So, if this section does not exist, or the logs are saved to a different database, the page is empty. All parameters should be according to the table schema, which looks like this:
<target xsi:type="Database" name="database" connectionString="${ui-connection-strings:item=Default}" keepConnection="true">
<commandText>
insert into dbo.Logs (OrganizationUnitId, TenantId, TimeStamp, Level, WindowsIdentity, ProcessName, JobKey, Message, RawMessage)
values (@organizationUnitId, @tenantId, @timeStamp, @level, @windowsIdentity, @processName, @jobId, @message, @rawMessage)
</commandText>
<parameter name="@organizationUnitId" layout="${event-properties:item=organizationUnitId}" />
<parameter name="@tenantId" layout="${event-properties:item=tenantId}" />
<parameter name="@timeStamp" layout="${date}" />
<parameter name="@level" layout="${event-properties:item=levelOrdinal}" />
<parameter name="@windowsIdentity" layout="${event-properties:item=windowsIdentity}" />
<parameter name="@processName" layout="${event-properties:item=processName}" />
<parameter name="@jobId" layout="${event-properties:item=jobId}" />
<parameter name="@message" layout="${message}" />
<parameter name="@rawMessage" layout="${event-properties:item=rawMessage}" />
</target>
<logger name="Robot.*" writeTo="database" final="true" />
Other targets can be added to the logs by configuring the UiPath.Orchestrator.dll.config
file. A list of available targets can be found here.
Nlog target reset
When upgrading Orchestrator, Nlog targets are deleted and recreated, as follows:
- Upon upgrade to 2022.4, Nlog database targets are reverted to their default values.
- Upon upgrade to 2022.10, Nlog database targets are deleted and replaced with new and improved targets.
This covers
database
,monitoring
, andinsightsRobotLogs
targets.
If the number of Robot logs stored in the table is higher than 1 million, we recommend creating the following index for improved search performance:
CREATE NONCLUSTERED INDEX [IX_Search] ON [dbo].[Logs]
(
[TenantId] ASC,
[OrganizationUnitId] ASC,
[Level] ASC,
[TimeStamp] DESC
)WITH (STATISTICS_NORECOMPUTE = OFF, DROP_EXISTING = OFF, ONLINE = OFF, OPTIMIZE_FOR_SEQUENTIAL_KEY = OFF) ON [PRIMARY]
GO
Elasticsearch Server
By default, there’s an Elasticsearch target configured from the installation script. The index is different for each tenant, but this can be configured from the specified target in the <nlog>
section.
For Elasticsearch versions lower than 8.0:
<target name="robotElasticBuffer" xsi:type="BufferingWrapper" flushTimeout="5000">
<target xsi:type="ElasticSearch" name="robotElastic" uri="uritoelasticsearchnode" index="${event-properties:item=indexName}-${date:format=yyyy.MM}" documentType="logEvent" includeAllProperties="true" layout="${message}" excludedProperties="agentSessionId,tenantId,organizationId,indexName" />
</target>
</target>
For Elasticsearch versions 8.0 and higher:
<target name="robotElasticBuffer" xsi:type="BufferingWrapper" flushTimeout="5000">
<target xsi:type="ElasticSearch" name="robotElastic" uri="uritoelasticsearchnode" index="${event-properties:item=indexName}-${date:format=yyyy.MM}" documentType="" enableApiVersioningHeader="true" includeAllProperties="true" layout="${message}" excludedProperties="agentSessionId,tenantId,organizationId,indexName" />
</target>
</target>
In order for Elasticsearch versions 8.0 and higher to work properly, these parameters are set as follows:
documentType
is empty.enableApiVersioningHeader
is set totrue
.
Elasticsearch versions previous to 7.16.3
While Elasticsearch version 7.16.3 is preferred, you can choose to use an earlier version by setting the disableProductCheckStatus
parameter to true
in the Nlog target (<target xsi:type="ElasticSearch"
).
This parameter is hidden, and its default value is false
.
X-PACK Authentication
Note:
By default, the Elasticsearch security features are disabled if you have a basic or trial license. We strongly recommend that you enable them.
Username-and-password authentication
To enable authentication via a username and password, you need to take the following steps:
- Configure the Elasticsearch server as follows:
- Add the
xpack.security.enabled
setting to theelasticsearch.yml
configuration file. - Set up a username and password.
For more details on this, see the Elasticsearch documentation.
- Add the
- Configure Orchestrator's
UiPath.Orchestrator.dll.config
file as follows:
-
Option 1: If you do not use an NLog target, you need to configure the following parameters:
Logs.Elasticsearch.Username
andLogs.Elasticsearch.Password
. Make sure their values match the Elasticsearch settings from Step 1. -
Option 2: If
Logs.RobotLogs.ReadTarget
is set to an NLog target (for example,robotElasticBuffer
), and theLogs.Elasticsearch.Nodes
setting is not specified, configure the target by adding the following:requireAuth="true" username="XPACKuser" password="p@$$w0rd"
. Make sure these parameter values match the Elasticsearch settings from Step 1.
For more on these parameters, see theUiPath.Orchestrator.dll.config
page.
For a configuration example, see the following:
<target name="robotElasticBuffer" xsi:type="BufferingWrapper" flushTimeout="5000">
<target xsi:type="ElasticSearch" name="robotElastic" uri="" requireAuth="true" username="XPACKusername" password="p@$$w0rd" index="${event-properties:item=indexName}-${date:format=yyyy.MM}" documentType="logEvent" includeAllProperties="true" layout="${message}" excludedProperties="agentSessionId,tenantId,indexName" />
</target>
- Option 3: If
Logs.RobotLogs.ReadTarget
is set to an NLog target ( for example,robotElasticBuffer
), and an Elasticsearch node is specified via theLogs.Elasticsearch.Nodes
setting, you need to explicitly configure it (as it overrides the NLog target settings), and make sure to also add the following:requireAuth="true" username="XPACKuser" password="p@$$w0rd"
. Make sure these parameter values match the Elasticsearch settings from Step 1.
OAuth2 authentication
To switch to OAuth2 as an authentication method for Elasticsearch, you need to take the following steps. Note that you need to provide your current credentials to switch to this token-based authentication method.
- Configure the Elasticsearch server as follows:
a. Enable TLS (HTTPS) for the transport layer.
b. Update the following settings in theelasticsearch.yml
configuration file:xpack.security.authc.token.enabled: true
xpack.security.enabled: true
xpack.security.authc.token.timeout
- This settings is optional and controls for how long a token is valid. By default, its value is set to 20 minutes.
For more details on this, see the Elasticsearch documentation.
- Update the following parameters in Orchestrator's
UiPath.Orchestrator.dll.config
file to reflect the settings you opted for at Step 1.Logs.Elasticsearch.TlsEnabled = ”true”
- By default, this parameter is set totrue
and ensures TLC (HTTPS) is enabled.Logs.Elasticsearch.OAuthEnabled = ”true”
- By default, this parameter is set tofalse
. For more on this, see Logs.Elasticsearch.OAuthEnabled.Logs.Elasticsearch.OAuthExpireInSeconds = ”1200”
- This parameter is optional unless the default value of1200
is changed in the Elasticsearchxpack.security.authc.token.timeout
setting. This parameter must have the same value as in the Elasticsearch configuration. For more on this, see Logs.Elasticsearch.OAuthExpireInSeconds.
Note:
The first two steps help you configure a token-based authentication mechanism for reading logs. If you use NLog, an additional step is needed.
- To enable OAuth2 for Nlog, make sure to also configure the following parameter in Orchestrator's
UiPath.Orchestrator.dll.config
file. Note that you must fill in the username and password for authentication in Elasticsearch because the initial token is generated based on those credentials.OAuthEnabled = “true”
- By default, it is set tofalse
. For more on this, see the UiPath.Orchestrator.dll.config page.
Important
If
Logs.RobotLogs.ReadTarget
is set to an NLog target (for example,robotElasticBuffer
), and theLogs.Elasticsearch.Nodes
setting is not specified, then theLogs.Elasticsearch.OAuthEnabled
is filled from the NLog target configuration. Same logic is applied for username and password.
Updated a day ago