Secure and sign the logs

kevin29 · April 11, 2019, 1:56pm

Dear community

I save the logs of my servers in a Graylog server v2.4.6 and I want to know how to secure and sign the logs and be sure about the integrity of the logs.
The objective it’s nobody can edit or remove the logs and if people do that how to know it ?

It’s possible ??

Thank you

Kev

benvanstaveren · April 11, 2019, 2:49pm

Not out of the box. Sorry

kevin29 · April 11, 2019, 3:04pm

Thank for your answer but I don’t understand which box do you talk about ?

benvanstaveren · April 11, 2019, 3:19pm

Sorry Kevin, “out of the box” is a bit of a slang term for “not the way it comes by default” - if you want signed logs, you probably will need a plugin, or a pipeline that uses one of the sha/murmur hash functions to get a hash key, and security/access control on the elasticsearch side to prevent any index that Graylog is not writing to from being modified.

kevin29 · April 11, 2019, 3:32pm

Oh… thank you !

system · April 25, 2019, 3:32pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Data integrity and confidentiality on Graylog Enterprise Graylog Central (peer support)	3	623	December 12, 2020
Anti tamper option Graylog Central (peer support)	10	806	February 7, 2022
Integrity of raw logs Graylog Central (peer support)	5	1506	January 4, 2019
Logfile Security Graylog Central (peer support)	2	356	October 3, 2018
Graylog for Integrity Log Hashing Graylog Central (peer support) pipeline-rules	3	2244	June 9, 2020

Secure and sign the logs

Related topics