Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

NLog - how decrypt the log file

Tags:

c#

encryption

nlog

I have logging on my website and I want to have log file encrypted. To have log file encrypted I just add attribute fileAttributes="Encrypted" to config file, how you can see here:

    <target name="file" xsi:type="File"
        layout="${longdate} | ${pad:padding=-5:inner=${level:uppercase=true}} | ${message} ${onexception:inner=${newline}   ${exception:format=ToString}}"
        fileName="${basedir}/Log/log_info.log"
        fileAttributes="Encrypted"
        archiveFileName="${basedir}/Log/log_info_{#}.log"
        archiveAboveSize="1048576"
        archiveNumbering="Rolling"
        maxArchiveFiles="2"
        concurrentWrites="true"
        keepFileOpen="false" />

Problem: How can I decrypt the file to see logging?

like image 274
Petofi Avatar asked Feb 09 '23 10:02

Petofi

2 Answers

NLog does not encrypt the file itself, it simply asks the operating system to take care of it. Exposed in .NET with the FileOptions.Encrypted enum value. Whose comment describes well what it does:

Indicates that a file is encrypted and can be decrypted only by using the same user account used for encryption.

"Same user account" being the most typical hangup, IIS normally runs with it own account, details are covered well in this existing Q+A. The operating system implementation is covered in detail in this MSDN page.

Use of this option on a web server should give a little pause. The only person that has an easy time reading the log file is the attacker that compromises the machine from the outside. He has no trouble reading the file, its content is readily available in cleartext since he's using the IIS account. The people that need the log file to stop such an attacker will have a pretty hard time reading the file since they'll use their own account to access the machine.

This is not an ideal security practice.

like image 186
Hans Passant Avatar answered Feb 12 '23 00:02

Hans Passant

fileAttributes="Encrypted" means that the file will have NTFS attribute Encrypted. https://github.com/nlog/NLog/wiki/File-target

To decrypt it - go to file properties -> attributes -> advanced and uncheck "Encrypt content to secure data".

It works on the same computer where the file was encrypted. So copy of the file can not be decrypted on another computer.

like image 36
Alex Lebedev Avatar answered Feb 12 '23 00:02

Alex Lebedev
Sign in to Comment

Related questions

Searching in text files until specific string

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!