Skip to main content

Log file encryption

When the logging level is set to Trace or Verbose, sections in a Replicate log file that might contain customer data will be encrypted while the rest of the log will remain in clear text.

Information note

Setting the logging level to Verbose for a prolonged period will consume a large amount of disk space and should therefore be avoided unless explicitly requested by Qlik Support.

In some support cases, R&D may require the ability to decrypt the log in order to analyze the problem. In such cases, Qlik Support will ask you to provide the task or environment-level encryption key. The encryption key is automatically generated and kept in a log.key file in the following locations:

  • For decrypting a task's log file: <REPLICATE_INSTALL_DIR>\data\tasks\<task-name>
  • For decrypting non-task related log files (e.g. server logs): <REPLICATE_INSTALL_DIR>\data

Should you wish to review the logs before sending to Qlik Support, you can decrypt them via the Replicate CLI as described below.

  1. Open the Replicate command line from Start menu (Qlik Replicate > Qlik Replicate Command Line) or open a command prompt “as administrator” and switch to the following directory:

    <REPLICATE_INSTALL_DIR>\bin>

  2. Run the following command:

    Syntax:

    repctl dumplog <log-file-path> <log.key-path> [> <path-to-output-file>]

    Example:

    repctl dumplog "C:\Program Files\Attunity\Replicate\data\logs\tasks\MyTask.log" "C:\Program Files\Attunity\Replicate\data\tasks\MyTask\log.key" > "C:\Program Files\Attunity\Replicate\data\decrypted.log
  1. Open the Qlik Replicate command line from Start menu (Qlik Replicate > Qlik Replicate Command Line) or open a command prompt “as administrator” and switch to the following directory:

    <REPLICATE_INSTALL_DIR>\bin>

  2. Run the following command:

    Syntax:

    repctl dumplog <log-file-path> <log.key-path> [> <path-to-output-file>]

    Example:

    repctl dumplog "C:\Program Files\Attunity\Replicate\data\logs\repsrv.log" "C:\Program Files\Attunity\Replicate\data\log.key" > "C:\Program Files\Attunity\Replicate\data\decrypted.log
Information note

The encryption key file (log.key file) can be used to decrypt any log that was encrypted with it, not just the log for which Qlik Support requested the encryption key file. If this is a concern, you can generate a log.key file that will only be valid for the specific log requested by Qlik Support.

To do this:

  1. Delete the log.key file.
  2. Restart the task or Replicate Server service (depending on the log type required) to generate a new log.key file.
  3. Send the requested log file and the log.key file to Qlik Support.
  4. Delete the log.key file.
  5. Repeat steps 2-4 if you need to provide additional encrypted logs.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!