LogStore is a binary log file format, in semantics very similar to a plain log file. But the format allows much more:
- on-line compression via gzip,
- encryption via AES and X.509 certificates,
- integrity protection via hmac-sha1.
In use it is quite simple: replace the "file" destination with "logstore" and you are done. More or less the same amount of options are supported: macro based file names, template based formatting, etc.
I'm still pondering with the idea of storing the complete internal representation of the logrecord in serialized form, so it'd be possible to perform template() based formatting in off-line mode.
This code will be released as an experimental part of syslog-ng PE 2.1 and will be finalized in syslog-ng PE 2.2.
4 comments:
Hi, i am researching a way to have logs encrypted in an asymmetric way, so on the machine where the logs will be stored it is write only with (the attacker shouldn't even see whats in the logs) and there will be a machine with the decryption key where eventually logs can be examined. Are you interested in this?
It is exactly as LogStore behaves, it generates a random key and encrypts it via the public key of a X.509 certificate. The random key is only present in the memory area of the syslog-ng process, anything that hits the disk can only be decrypted by the private key that corresponds to the certificate used for encryption.
Apart from that please drop me an email with details and I'll see what I can do.
ok where should i address my mail to, one of balabit's main addresses?
By the way i do this research for cacert.org, they are interested in this solution.
ok i found your address... i'll sum up what's all about.
Post a Comment