Royal Server is providing extensive information about its internals by logging into the Windows Event Log or a file. Depending on the configured Log Level, you see more or less entries in the log. 


Sometimes, you might want to configure Log Level INFORMATION or even DEBUG but don't want to see all those chatty log messages ending up in the log or, even worse,  getting imported into a centralised logging database.


Royal Server supports the manipulation of Log Entries by using Expressions. This feature is basically provided by the logging framework SeriLog.


Note: This feature requires Royal Server version 5.02.50228.0 or newer.


These expressions are configured in the application configuration file appsetings.json.


Warning: Before you continue, make sure you backup %programdata%\royalserver\appsettings.json.

Royal Server relies on a valid appsettings.json file - if you don't enter valid JSON, Royal Server won't start.


At the end of the file, before the last closing curly bracket copy the following structure. 


Note the "," at the beginning which is important.
 
,
  "LoggingOptions": {
    "Using": [
      "Serilog.Expressions"
    ],
    "Filter": [
      {
        "Name": "ByExcluding",
        "Args": {
          "expression": "Category = 'SECG' and @l = 'Information' and StartsWith(@m, 'Connecting: ')"
        }
      },
      {
        "Name": "ByExcluding",
        "Args": {
          "expression": "Category = 'SECG' and (Info.RemotePort = 80 or Info.RemotePort = 443)"
        }
      },
      {
        "Name": "ByExcluding",
        "Args": {
          "expression": "Category = 'AUTH' and @l = 'Debug' and Contains(@m, ' for SSHServer_Authentication ...' )"
        }
      },
      {
        "Name": "ByExcluding",
        "Args": {
          "expression": "Category = 'SECG' and Info.SessionId is not Null and Info.Username is Null and Info.DestinationHost is Null and RemoteHost is Null"
        }
      }
    ]
  }

The previous rules are filtering ("ByExcluding") the following log entries:

  • All Secure Gateway Log Entires with Log level "Information" that starts with "Connecting: "
  • All Secure Gateway Log Entries with RemotePort = 80 or RemotePort = 443
  • All Authentication Log Entries with Log Level Debug that contains " for SSHServer_Authentication ..."
  • All Secure Gateway Log Entries with SessionId is not null and Username is null and DesstinationHost is null and RemoteHost is null


Note: You need to write syntactically complete json. If there is a syntax error, Royal Server will not start.

Please find the list of allowed Properties, Literals, Operators and Functions here:
https://github.com/serilog/serilog-expressions