Hi,
I’d like to know if there is any plugin or add-on for Graylog Enterprise that enables data integrity (for both online indexes and archives, ideally) and some form of confidentiality (i.e. encryption) for Elasticsearch logs.
I have read in a blog on your website about Search Guard, does anybody have a success story in integrating that solution with Graylog? I am mostly concerned on how Graylog would authenticate to the Elasticsearch cluster.
Thanks!
Howdy, right now, the only security mechanism for authenticating to ES is to use basic auth in your server.conf file. This is obviously a bit problematic, but we do have an open issue for implementing mTLS. While this doesn’t solve your immediate issue, in the future it would allow for using the commercially packaged version of ES that comes with Xpack and using Xpack’s capabilities to do cert-based auth.
Why not use encryption on storage level or FS level?
What’s your real requirement?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
