Integrity of raw logs

Hi to all.
Do Graylog (Community/Enterprise version) allow to check integrity of stored logs?

There is the need to verify that logs did not be tampered (for compliance needs) and it’s important to know if Graylog has a feature (like digital sign or archiving/hashing of logs) in order to make able to demonstrate that logs have not been tampered.
In the post Data integrity checking was discussed about this feature, but I did not find any update about this.

Thanks a lot for sharing.
Best regards,

Hi Michele, I think there was an enterprise feature that takes care of this… Lemme check.

EDIT: Hmm, seems that I misread that at some point in time… Can’t find any suggestions that it’s in there.

he @Michele

you can create a processing pipeline that creates a hash of the messages and save that as additional field. with that you could check if that field is tampered.

1 Like

Thanks for your suggestion.

That’s actually a pretty nice idea Jan. Of course, the hash can also be adjusted :confused:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.