Log digital sig

(Davide Pala) #1

Hi all
yesterday a custumer asked if there is a digital signature mechanism on graylog. i’ve read some docs but i haven’t found notthing … it’s a missing feature of graylog?

(Jan Doberstein) #2

He @davide.pala

what would you think should be done with the digital signature?

(Davide Pala) #3

archiving for compliance with italian laws

(Jan Doberstein) #4

He @davide.pala

my questions were more - do you like to have the log messages signed to ensure that they have not tampered on storage?
Do you need to verify a signature on arrival? Do you need encrypted traffic and or clients authenticated with certificates?

As I do not know what is the law you would need to translate that to the needs you have for using Graylog.


(Davide Pala) #5

Hi Jan, the first one, you can see an implementation on alienvault https://www.alienvault.com/documentation/usm-appliance/raw-logs/configuring-digital-signing.htm. The italian law define the concept of inalterability in the LOG contest, an unsigned log archive cannot be valid for legal pourpose. A solution maybe add a field with the hash and timestamp from TSA or a scheduled export in a signed PDF/A format.

(Jan Doberstein) #6

He @davide.pala

you can make something similar to Graylog - as you already have in your mind.

Create a hash of the message and save that attached to the message. This way you can always verify if the messages have tampered.

The PDF reporting/export is something that will be available with 3.0, but it will not be a signed PDF.

(Davide Pala) #7

hi Jan,
i’ve see the sha256 function, but i’ve no idea to how calculate the hash of entire raw message (included the timestamp) do you have any suggestion?

(system) #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.