bitwarden · justindbaur · Oct 29, 2025
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -86,11 +86,7 @@
         "Microsoft.AspNetCore.Mvc.Testing",
         "Newtonsoft.Json",
         "NSubstitute",
-        "Sentry.Serilog",
-        "Serilog.AspNetCore",
-        "Serilog.Extensions.Logging",
         "Serilog.Extensions.Logging.File",
-        "Serilog.Sinks.SyslogMessages",
         "Stripe.net",
         "Swashbuckle.AspNetCore",
         "Swashbuckle.AspNetCore.SwaggerGen",

@@ -11,21 +11,8 @@ public static void Main(string[] args)
             .ConfigureWebHostDefaults(webBuilder =>
             {
                 webBuilder.UseStartup<Startup>();
-                webBuilder.ConfigureLogging((hostingContext, logging) =>
-                    logging.AddSerilog(hostingContext, (e, globalSettings) =>
-                    {
-                        var context = e.Properties["SourceContext"].ToString();
-
-                        if (e.Properties.TryGetValue("RequestPath", out var requestPath) &&
-                            !string.IsNullOrWhiteSpace(requestPath?.ToString()) &&
-                            (context.Contains(".Server.Kestrel") || context.Contains(".Core.IISHttpServer")))
-                        {
-                            return false;
-                        }
-
-                        return e.Level >= globalSettings.MinLogLevel.ScimSettings.Default;
-                    }));
             })
+            .AddSerilogFileLogging()
             .Build()
             .Run();
     }

@@ -94,11 +94,8 @@ public void ConfigureServices(IServiceCollection services)
     public void Configure(
         IApplicationBuilder app,
         IWebHostEnvironment env,
-        IHostApplicationLifetime appLifetime,
         GlobalSettings globalSettings)
     {
-        app.UseSerilog(env, appLifetime, globalSettings);
-
         // Add general security headers
         app.UseMiddleware<SecurityHeadersMiddleware>();
 

@@ -30,9 +30,6 @@
       "connectionString": "SECRET",
       "applicationCacheTopicName": "SECRET"
     },
-    "sentry": {
-      "dsn": "SECRET"
-    },
     "notificationHub": {
       "connectionString": "SECRET",
       "hubName": "SECRET"

@@ -1,5 +1,4 @@
 using Bit.Core.Utilities;
-using Serilog;
 
 namespace Bit.Sso;
 
@@ -13,19 +12,8 @@ public static void Main(string[] args)
             .ConfigureWebHostDefaults(webBuilder =>
             {
                 webBuilder.UseStartup<Startup>();
-                webBuilder.ConfigureLogging((hostingContext, logging) =>
-                logging.AddSerilog(hostingContext, (e, globalSettings) =>
-                {
-                    var context = e.Properties["SourceContext"].ToString();
-                    if (e.Properties.TryGetValue("RequestPath", out var requestPath) &&
-                        !string.IsNullOrWhiteSpace(requestPath?.ToString()) &&
-                        (context.Contains(".Server.Kestrel") || context.Contains(".Core.IISHttpServer")))
-                    {
-                        return false;
-                    }
-                    return e.Level >= globalSettings.MinLogLevel.SsoSettings.Default;
-                }));
             })
+            .AddSerilogFileLogging()
             .Build()
             .Run();
     }

@@ -100,8 +100,6 @@ public void Configure(
             IdentityModelEventSource.ShowPII = true;
         }
 
-        app.UseSerilog(env, appLifetime, globalSettings);
-
         // Add general security headers
         app.UseMiddleware<SecurityHeadersMiddleware>();
 

diff --git a/src/Admin/Program.cs b/src/Admin/Program.cs
@@ -16,19 +16,8 @@ public static void Main(string[] args)
                     o.Limits.MaxRequestLineSize = 20_000;
                 });
                 webBuilder.UseStartup<Startup>();
-                webBuilder.ConfigureLogging((hostingContext, logging) =>
-                logging.AddSerilog(hostingContext, (e, globalSettings) =>
-                {
-                    var context = e.Properties["SourceContext"].ToString();
-                    if (e.Properties.TryGetValue("RequestPath", out var requestPath) &&
-                        !string.IsNullOrWhiteSpace(requestPath?.ToString()) &&
-                        (context.Contains(".Server.Kestrel") || context.Contains(".Core.IISHttpServer")))
-                    {
-                        return false;
-                    }
-                    return e.Level >= globalSettings.MinLogLevel.AdminSettings.Default;
-                }));
             })
+            .AddSerilogFileLogging()
             .Build()
             .Run();
     }

diff --git a/src/Admin/Startup.cs b/src/Admin/Startup.cs
@@ -132,11 +132,8 @@ public void ConfigureServices(IServiceCollection services)
     public void Configure(
         IApplicationBuilder app,
         IWebHostEnvironment env,
-        IHostApplicationLifetime appLifetime,
         GlobalSettings globalSettings)
     {
-        app.UseSerilog(env, appLifetime, globalSettings);
-
         // Add general security headers
         app.UseMiddleware<SecurityHeadersMiddleware>();
 

diff --git a/src/Api/Program.cs b/src/Api/Program.cs
@@ -1,9 +1,4 @@
-// FIXME: Update this file to be null safe and then delete the line below
-#nullable disable
-
-using AspNetCoreRateLimit;
-using Bit.Core.Utilities;
-using Microsoft.IdentityModel.Tokens;
+using Bit.Core.Utilities;
 
 namespace Bit.Api;
 
@@ -17,32 +12,8 @@ public static void Main(string[] args)
             .ConfigureWebHostDefaults(webBuilder =>
             {
                 webBuilder.UseStartup<Startup>();
-                webBuilder.ConfigureLogging((hostingContext, logging) =>
-                    logging.AddSerilog(hostingContext, (e, globalSettings) =>
-                    {
-                        var context = e.Properties["SourceContext"].ToString();
-                        if (e.Exception != null &&
-                            (e.Exception.GetType() == typeof(SecurityTokenValidationException) ||
-                                e.Exception.Message == "Bad security stamp."))
-                        {
-                            return false;
-                        }
-
-                        if (
-                            context.Contains(typeof(IpRateLimitMiddleware).FullName))
-                        {
-                            return e.Level >= globalSettings.MinLogLevel.ApiSettings.IpRateLimit;
-                        }
-
-                        if (context.Contains("Duende.IdentityServer.Validation.TokenValidator") ||
-                            context.Contains("Duende.IdentityServer.Validation.TokenRequestValidator"))
-                        {
-                            return e.Level >= globalSettings.MinLogLevel.ApiSettings.IdentityToken;
-                        }
-
-                        return e.Level >= globalSettings.MinLogLevel.ApiSettings.Default;
-                    }));
             })
+            .AddSerilogFileLogging()
             .Build()
             .Run();
     }

diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs
@@ -234,12 +234,10 @@ public void ConfigureServices(IServiceCollection services)
     public void Configure(
         IApplicationBuilder app,
         IWebHostEnvironment env,
-        IHostApplicationLifetime appLifetime,
         GlobalSettings globalSettings,
         ILogger<Startup> logger)
     {
         IdentityModelEventSource.ShowPII = true;
-        app.UseSerilog(env, appLifetime, globalSettings);
 
         // Add general security headers
         app.UseMiddleware<SecurityHeadersMiddleware>();

diff --git a/src/Api/appsettings.json b/src/Api/appsettings.json
@@ -32,9 +32,6 @@
     "send": {
       "connectionString": "SECRET"
     },
-    "sentry": {
-      "dsn": "SECRET"
-    },
     "notificationHub": {
       "connectionString": "SECRET",
       "hubName": "SECRET"

@@ -11,25 +11,8 @@ public static void Main(string[] args)
             .ConfigureWebHostDefaults(webBuilder =>
             {
                 webBuilder.UseStartup<Startup>();
-                webBuilder.ConfigureLogging((hostingContext, logging) =>
-                    logging.AddSerilog(hostingContext, (e, globalSettings) =>
-                    {
-                        var context = e.Properties["SourceContext"].ToString();
-                        if (context.StartsWith("\"Bit.Billing.Jobs") || context.StartsWith("\"Bit.Core.Jobs"))
-                        {
-                            return e.Level >= globalSettings.MinLogLevel.BillingSettings.Jobs;
-                        }
-
-                        if (e.Properties.TryGetValue("RequestPath", out var requestPath) &&
-                            !string.IsNullOrWhiteSpace(requestPath?.ToString()) &&
-                            (context.Contains(".Server.Kestrel") || context.Contains(".Core.IISHttpServer")))
-                        {
-                            return false;
-                        }
-
-                        return e.Level >= globalSettings.MinLogLevel.BillingSettings.Default;
-                    }));
             })
+            .AddSerilogFileLogging()
             .Build()
             .Run();
     }

@@ -10,7 +10,6 @@
 using Bit.Core.Context;
 using Bit.Core.SecretsManager.Repositories;
 using Bit.Core.SecretsManager.Repositories.Noop;
-using Bit.Core.Settings;
 using Bit.Core.Utilities;
 using Bit.SharedWeb.Utilities;
 using Microsoft.Extensions.DependencyInjection.Extensions;
@@ -129,12 +128,8 @@ public void ConfigureServices(IServiceCollection services)
 
     public void Configure(
         IApplicationBuilder app,
-        IWebHostEnvironment env,
-        IHostApplicationLifetime appLifetime,
-        GlobalSettings globalSettings)
+        IWebHostEnvironment env)
     {
-        app.UseSerilog(env, appLifetime, globalSettings);
-
         // Add general security headers
         app.UseMiddleware<SecurityHeadersMiddleware>();
 

@@ -30,9 +30,6 @@
       "connectionString": "SECRET",
       "applicationCacheTopicName": "SECRET"
     },
-    "sentry": {
-      "dsn": "SECRET"
-    },
     "notificationHub": {
       "connectionString": "SECRET",
       "hubName": "SECRET"

diff --git a/src/Core/Core.csproj b/src/Core/Core.csproj
@@ -50,13 +50,9 @@
     <PackageReference Include="Microsoft.Extensions.Identity.Stores" Version="8.0.10" />
     <PackageReference Include="OneOf" Version="3.0.271" />
     <PackageReference Include="SendGrid" Version="9.29.3" />
-    <PackageReference Include="Serilog.AspNetCore" Version="8.0.3" />
-    <PackageReference Include="Serilog.Extensions.Logging" Version="8.0.0" />
     <PackageReference Include="Serilog.Extensions.Logging.File" Version="3.0.0" />
-    <PackageReference Include="Sentry.Serilog" Version="5.0.0" />
     <PackageReference Include="Duende.IdentityServer" Version="7.2.4" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="Serilog.Sinks.SyslogMessages" Version="4.0.0" />
     <PackageReference Include="AspNetCoreRateLimit" Version="5.0.0" />
     <PackageReference Include="Braintree" Version="5.28.0" />
     <PackageReference Include="Stripe.net" Version="48.5.0" />

diff --git a/src/Core/Settings/GlobalSettings.cs b/src/Core/Settings/GlobalSettings.cs
@@ -2,14 +2,12 @@
 #nullable disable
 
 using Bit.Core.Auth.Settings;
-using Bit.Core.Settings.LoggingSettings;
 
 namespace Bit.Core.Settings;
 
 public class GlobalSettings : IGlobalSettings
 {
     private string _mailTemplateDirectory;
-    private string _logDirectory;
     private string _licenseDirectory;
 
     public GlobalSettings()
@@ -25,14 +23,6 @@
     public virtual string KnownProxies { get; set; }
     public virtual string SiteName { get; set; }
     public virtual string ProjectName { get; set; }
-    public virtual string LogDirectory
-    {
-        get => BuildDirectory(_logDirectory, "/logs");
-        set => _logDirectory = value;
-    }
-    public virtual bool LogDirectoryByProject { get; set; } = true;
-    public virtual long? LogRollBySizeLimit { get; set; }
-    public virtual bool EnableDevLogging { get; set; } = false;
     public virtual string LicenseDirectory
     {
         get => BuildDirectory(_licenseDirectory, "/core/licenses");
@@ -73,9 +63,6 @@
     public virtual FileStorageSettings Send { get; set; }
     public virtual IdentityServerSettings IdentityServer { get; set; } = new IdentityServerSettings();
     public virtual DataProtectionSettings DataProtection { get; set; }
-    public virtual SentrySettings Sentry { get; set; } = new SentrySettings();
-    public virtual SyslogSettings Syslog { get; set; } = new SyslogSettings();
-    public virtual ILogLevelSettings MinLogLevel { get; set; } = new LogLevelSettings();
     public virtual NotificationHubPoolSettings NotificationHubPool { get; set; } = new();
     public virtual YubicoSettings Yubico { get; set; } = new YubicoSettings();
     public virtual DuoSettings Duo { get; set; } = new DuoSettings();
@@ -129,7 +116,7 @@
        {
            return null;
        }
        return string.Format("http://{0}:5000", name);
    }

    public string BuildDirectory(string explicitValue, string appendedPath)
@@ -548,59 +535,11 @@
         }
     }
 
-    public class SentrySettings
-    {
-        public string Dsn { get; set; }
-    }
-
     public class NotificationsSettings : ConnectionStringSettings
     {
         public string RedisConnectionString { get; set; }
     }
 
-    public class SyslogSettings
-    {
-        /// <summary>
-        /// The connection string used to connect to a remote syslog server over TCP or UDP, or to connect locally.
-        /// </summary>
-        /// <remarks>
-        /// <para>The connection string will be parsed using <see cref="System.Uri" /> to extract the protocol, host name and port number.
-        /// </para>
-        /// <para>
-        /// Supported protocols are:
-        /// <list type="bullet">
-        /// <item>UDP (use <code>udp://</code>)</item>
-        /// <item>TCP (use <code>tcp://</code>)</item>
-        /// <item>TLS over TCP (use <code>tls://</code>)</item>
-        /// </list>
-        /// </para>
-        /// </remarks>
-        /// <example>
-        /// A remote server (logging.dev.example.com) is listening on UDP (port 514):
-        /// <code>
-        /// udp://logging.dev.example.com:514</code>.
-        /// </example>
-        public string Destination { get; set; }
-        /// <summary>
-        /// The absolute path to a Certificate (DER or Base64 encoded with private key).
-        /// </summary>
-        /// <remarks>
-        /// The certificate path and <see cref="CertificatePassword"/> are passed into the <see cref="System.Security.Cryptography.X509Certificates.X509Certificate2.X509Certificate2(string, string)" />.
-        /// The file format of the certificate may be binary encoded (DER) or base64. If the private key is encrypted, provide the password in <see cref="CertificatePassword"/>,
-        /// </remarks>
-        public string CertificatePath { get; set; }
-        /// <summary>
-        /// The password for the encrypted private key in the certificate supplied in <see cref="CertificatePath" />.
-        /// </summary>
-        /// <value></value>
-        public string CertificatePassword { get; set; }
-        /// <summary>
-        /// The thumbprint of the certificate in the X.509 certificate store for personal certificates for the user account running Bitwarden.
-        /// </summary>
-        /// <value></value>
-        public string CertificateThumbprint { get; set; }
-    }
-
     public class NotificationHubSettings
     {
         private string _connectionString;

diff --git a/src/Core/Settings/IGlobalSettings.cs b/src/Core/Settings/IGlobalSettings.cs
@@ -20,7 +20,6 @@ public interface IGlobalSettings
     IConnectionStringSettings Storage { get; set; }
     IBaseServiceUriSettings BaseServiceUri { get; set; }
     ISsoSettings Sso { get; set; }
-    ILogLevelSettings MinLogLevel { get; set; }
     IPasswordlessAuthSettings PasswordlessAuth { get; set; }
     IDomainVerificationSettings DomainVerification { get; set; }
     ILaunchDarklySettings LaunchDarkly { get; set; }