Protect Graylog data against forgery

Windfall · July 24, 2019, 11:38am

In my company we have to comply with the following:
Log facilities and information in log files should be protected against forgery and unauthorized access.

Unauthorized access: Check.
Protection against forgery: ?

A limited group of our admins has either access to the machine running Graylog (Community Edition) or Graylog web UI. How can we shield the Graylog data from forgery? Or provide proof the logs are authentic, perhaps using SecureLog? I can imagine there is already some kind solution available in relation to forensic data integrity.

Thanks,

jan · July 24, 2019, 1:20pm

use secured ways to ingest logs
- tls
- authenticate senders
protect your elasticsearch with authentication & TLS
protect your mongodb with authentication & TLS
add hash sums of fields to the messages (to be able to verify that they are not tampered)
add the enterprise plugins for having audit logs

just a few ideas what you can do.

Windfall · August 5, 2019, 12:53pm

Thanks Jan, will give it some taught!

system · August 19, 2019, 12:53pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Integrity of raw logs Graylog Central (peer support)	5	1415	January 4, 2019
Secure and sign the logs Graylog Central (peer support)	5	1047	April 25, 2019
Logfile Security Graylog Central (peer support)	2	321	October 3, 2018
Implementing Graylog from Security point of view Graylog Central (peer support)	20	1678	January 4, 2022
## Graylog security Graylog Central (peer support) elastic	2	173	December 5, 2023

Protect Graylog data against forgery

Related Topics