HMAC Hash Log in Pipeline

Hi all,

I need to do integrity check on my log data to make sure it wasn’t tempered with.
It’s using filebeat.
Is there a hash_hmac function in pipeline? I only see sha256.

Ideally, it should be something like,
hash_hmac('sha256', $logdata, $key);

There are more than sha256 pipeline function like md5, sha1, sha256, crc32, crc32c, murmur3_32, murmur3_128. Maybe this would work for you?

rule "digest check"
    sha256(to_string($message.message)) == to_string($message.digest)
    set_field("digest_ok", true)

not really…it has to be hmac sha256…with a key.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.