Protect Graylog data against forgery

In my company we have to comply with the following:
Log facilities and information in log files should be protected against forgery and unauthorized access.

Unauthorized access: Check.
Protection against forgery: ?

A limited group of our admins has either access to the machine running Graylog (Community Edition) or Graylog web UI. How can we shield the Graylog data from forgery? Or provide proof the logs are authentic, perhaps using SecureLog? I can imagine there is already some kind solution available in relation to forensic data integrity.


  • use secured ways to ingest logs
    • tls
    • authenticate senders
  • protect your elasticsearch with authentication & TLS
  • protect your mongodb with authentication & TLS
  • add hash sums of fields to the messages (to be able to verify that they are not tampered)
  • add the enterprise plugins for having audit logs

just a few ideas what you can do.

Thanks Jan, will give it some taught!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.