> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure the log file location

> Confirm where the FXCL CNG provider writes its log, and set the log level for testing.

The downloaded `config.json` already points `log_file` at the provider's own directory, so you do **not** need to create `C:\ProgramData\Futurex` or edit the path. The default is:

```json expandable lines wrap title="config.json (default log_file)" theme={null} theme={null}
"log_file": "C:\\Program Files\\Futurex\\fxcl\\kmes\\cng\\fxcl.log",
```

<Note>
  **Log account context.** The FXCL CNG provider writes `fxcl.log` from whatever process loads the
  KSP: `certutil`/`certreq` (elevated admin) during enrollment, and Schannel (the `lsass.exe`
  SYSTEM context) during TLS handshakes. Both write the default
  `C:\Program Files\Futurex\fxcl\kmes\cng` location without any manual `icacls` grant on a standard
  Server 2022 install. Only add an explicit grant if you relocate `log_file` to a directory the
  SYSTEM account cannot write. (The `NETWORK SERVICE` grant in the Microsoft OCSP guide is
  specific to the Online Responder's app-pool identity and does **not** apply to IIS TLS
  handshakes.)
</Note>

<Steps>
  <Step>
    For lab testing, set `log_level` to `traffic` in `config.json` so the appliance exchange is
    visible; set `enable_debug_view` as needed. For production, use `log_level` `info` and
    `enable_debug_view` `false`.

    <Warning>
      `log_level: traffic` writes the endpoint API key (a `JWAPI:` token) into every `[Send]` line
      of `fxcl.log`. Mask it before sharing logs.
    </Warning>
  </Step>
</Steps>
