yesterday a custumer asked if there is a digital signature mechanism on graylog. i’ve read some docs but i haven’t found notthing … it’s a missing feature of graylog?
what would you think should be done with the digital signature?
archiving for compliance with italian laws
my questions were more - do you like to have the log messages signed to ensure that they have not tampered on storage?
Do you need to verify a signature on arrival? Do you need encrypted traffic and or clients authenticated with certificates?
As I do not know what is the law you would need to translate that to the needs you have for using Graylog.
Hi Jan, the first one, you can see an implementation on alienvault https://www.alienvault.com/documentation/usm-appliance/raw-logs/configuring-digital-signing.htm. The italian law define the concept of inalterability in the LOG contest, an unsigned log archive cannot be valid for legal pourpose. A solution maybe add a field with the hash and timestamp from TSA or a scheduled export in a signed PDF/A format.
you can make something similar to Graylog - as you already have in your mind.
Create a hash of the message and save that attached to the message. This way you can always verify if the messages have tampered.
The PDF reporting/export is something that will be available with 3.0, but it will not be a signed PDF.
i’ve see the sha256 function, but i’ve no idea to how calculate the hash of entire raw message (included the timestamp) do you have any suggestion?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.