Secure and sign the logs

kevin29 · April 11, 2019, 1:56pm

Dear community

I save the logs of my servers in a Graylog server v2.4.6 and I want to know how to secure and sign the logs and be sure about the integrity of the logs.
The objective it’s nobody can edit or remove the logs and if people do that how to know it ?

It’s possible ??

Thank you

Kev

benvanstaveren · April 11, 2019, 2:49pm

Not out of the box. Sorry

kevin29 · April 11, 2019, 3:04pm

Thank for your answer but I don’t understand which box do you talk about ?

benvanstaveren · April 11, 2019, 3:19pm

Sorry Kevin, “out of the box” is a bit of a slang term for “not the way it comes by default” - if you want signed logs, you probably will need a plugin, or a pipeline that uses one of the sha/murmur hash functions to get a hash key, and security/access control on the elasticsearch side to prevent any index that Graylog is not writing to from being modified.

kevin29 · April 11, 2019, 3:32pm

Oh… thank you !

system · April 25, 2019, 3:32pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Integrity of raw logs Graylog Central (peer support)	5	1420	January 4, 2019
Logfile Security Graylog Central (peer support)	2	323	October 3, 2018
Protect Graylog data against forgery Graylog Central (peer support)	3	995	August 19, 2019
Alternative software for open the exported logs Graylog Central (peer support)	3	354	November 11, 2019
## Graylog security Graylog Central (peer support) elastic	2	179	December 5, 2023

Secure and sign the logs

Related Topics