tlog icon indicating copy to clipboard operation
tlog copied to clipboard

Published 20 hours ago verified publisher icon Scribery

how to ensure security when tlog is integrated with elasticsearch

Open haiwu opened this issue 1 year ago • 4 comments

how to ensure security when tlog is integrated with elasticsearch? meaning we don't want anyone to be able to replay session logs stored inside elasticsearch, we don't want any host to be able to write into elasticsearch for its session logs without some kind of auth way.

Is this possible?

haiwu avatar Feb 28 '23 16:02 haiwu

This would need to be setup and configured outside of tlog, as tlog has no built-in authentication support.

It looks like the omelasticsearch rsyslog module has a usehttps parameter: https://www.rsyslog.com/doc/v8-stable/configuration/modules/omelasticsearch.html#usehttps

Or investigate authentication on the elasticsearch side, or maybe software like https://www.stunnel.org/

justin-stephenson avatar Feb 28 '23 20:02 justin-stephenson

What does this one do? https://github.com/Scribery/tlog/pull/284/commits/8dac90be8ece66b95fadb96155afd428059d012b I don't see any tlog documentation mentioning about it..

haiwu avatar Mar 01 '23 04:03 haiwu

perhaps @ajf8 can give some insight, as the contributor of this code.

justin-stephenson avatar Mar 01 '23 13:03 justin-stephenson

Hi @haiwu @justin-stephenson Has anyone figured out how to ensure security when tlog is integrated with elasticsearch?

SowAbdoul avatar May 05 '24 14:05 SowAbdoul