Integrity of raw logs


(Spartano) #1

Hi to all.
Do Graylog (Community/Enterprise version) allow to check integrity of stored logs?

There is the need to verify that logs did not be tampered (for compliance needs) and it’s important to know if Graylog has a feature (like digital sign or archiving/hashing of logs) in order to make able to demonstrate that logs have not been tampered.
In the post Data integrity checking was discussed about this feature, but I did not find any update about this.

Thanks a lot for sharing.
Best regards,
Michele


(Tess) #2

Hi Michele, I think there was an enterprise feature that takes care of this… Lemme check.

EDIT: Hmm, seems that I misread that at some point in time… Can’t find any suggestions that it’s in there.


(Jan Doberstein) #3

he @Michele

you can create a processing pipeline that creates a hash of the messages and save that as additional field. with that you could check if that field is tampered.


(Spartano) #4

Thanks for your suggestion.
Regards.


(Tess) #5

That’s actually a pretty nice idea Jan. Of course, the hash can also be adjusted :confused:


(system) closed #6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.