Logstash Fingerprint for Regulations


We're using ELK stack to centralize logs of our systems and need to encrypt some of these log types(access logs, audit logs etc.). Logstash fingerprint seems suitable for this but we have to check if the log content has changed or not. There are many applications to do this encryption and testing the log file(compare the string message and the encrypted message).

We can encrypt the "message" field and "timestamp" field into 1 "fingerprint" field but we don't know how to check the log message if it has changed which has contents Personal Data with cleartext.

This is "Log Signing" in our Regulations which presented from our government. Could you please provide any information about this?


I suggest you read some of the elastic blog posts on masking. Start here and follow links :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.