Integrity of raw logs

Michele · December 20, 2018, 3:13pm

Hi to all.
Do Graylog (Community/Enterprise version) allow to check integrity of stored logs?

There is the need to verify that logs did not be tampered (for compliance needs) and it’s important to know if Graylog has a feature (like digital sign or archiving/hashing of logs) in order to make able to demonstrate that logs have not been tampered.
In the post Data integrity checking was discussed about this feature, but I did not find any update about this.

Thanks a lot for sharing.
Best regards,
Michele

Totally_Not_A_Robot · December 20, 2018, 7:57pm

Hi Michele, I think there was an enterprise feature that takes care of this… Lemme check.

EDIT: Hmm, seems that I misread that at some point in time… Can’t find any suggestions that it’s in there.

jan · December 21, 2018, 10:09am

he @Michele

you can create a processing pipeline that creates a hash of the messages and save that as additional field. with that you could check if that field is tampered.

Michele · December 21, 2018, 4:46pm

Thanks for your suggestion.
Regards.

Totally_Not_A_Robot · December 21, 2018, 9:15pm

That’s actually a pretty nice idea Jan. Of course, the hash can also be adjusted

system · January 4, 2019, 9:15pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Data integrity checking Graylog Central (peer support)	4	1406	November 22, 2017
Anti tamper option Graylog Central (peer support)	10	798	February 7, 2022
Graylog for Integrity Log Hashing Graylog Central (peer support) pipeline-rules	3	2225	June 9, 2020
Log digital sig Graylog Central (peer support)	7	952	October 16, 2018
Secure and sign the logs Graylog Central (peer support)	5	1121	April 25, 2019

Integrity of raw logs

Related topics