Encryption of saved logs

I am using Elastic 8.1 in a Windows environment,
How do you implement encryption of saved logs?

Hi @Hamada,

Welcome! By encryption of saved logs do you mean encryption of log entries (documents) you have sent to Elasticsearch?

Yes,

Thanks for confirming @Hamada. I'm not sure if you're using the free basic install versus an enterprise licence.

There is some guidance in the enterprise documentation here, but generally the approach is the same for basic on-prem installs.

But generally logs should be encrypted before storing, using a tool such as dm-crypt. This would impact searching on the fields to which encryption is applied.

I would recommend having a look at these threads for more information:

  1. How can I encrypt the data stored in indexes? - #2 by leandrojmp
  2. How should I encrypt data at rest with Elasticsearch?

Hope that helps!

1 Like

Elasticsearch does not encrypt data, you have two options:

  • Encrypt it before sending, but this makes the logs unsearchable as well, or you would need to search for encrypted strings and decrypt it yourself, so it does not make much sense.
  • Use encryption at rest, which means that the hard-disk where the path data is stored will have some level of encryption, if I'm not wrong in Windows you can use BitLocker to encrypt the disk volume.
2 Likes

Understand.Thanks for your answers.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.