Store Elasticsearch Indices in a revision/audit-proof way


(Horst Birne) #1

Hey guys,

in order to meet the german laws for logging, i got the order to store the
elasticsearch indices in a revision/audit-proof way(Indices cannot be
edited/changed after the storage).

Are there any best practices or tips for doing such a thing?(maybe any
plugins?)

Thanks for your feedback.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/ed95d3f8-9266-4ee4-a1a4-d3764b1150a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(Mark Walkom) #2

You can set indexes to readonly -
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/indices-update-settings.html
Is that what you're after?

Regards,
Mark Walkom

Infrastructure Engineer
Campaign Monitor
email: markw@campaignmonitor.com
web: www.campaignmonitor.com

On 22 May 2014 18:36, horst knete baduncle23@hotmail.de wrote:

Hey guys,

in order to meet the german laws for logging, i got the order to store the
elasticsearch indices in a revision/audit-proof way(Indices cannot be
edited/changed after the storage).

Are there any best practices or tips for doing such a thing?(maybe any
plugins?)

Thanks for your feedback.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/ed95d3f8-9266-4ee4-a1a4-d3764b1150a4%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/ed95d3f8-9266-4ee4-a1a4-d3764b1150a4%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEM624atDMQa6BePHCm7ZAqXDxXp3yHoAjrzos91QF_0jWphsw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


(Horst Birne) #3

Yeah it looks like that this would do the job, thanks for response

Am Donnerstag, 22. Mai 2014 10:40:19 UTC+2 schrieb Mark Walkom:

You can set indexes to readonly -
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/indices-update-settings.html
Is that what you're after?

Regards,
Mark Walkom

Infrastructure Engineer
Campaign Monitor
email: ma...@campaignmonitor.com <javascript:>
web: www.campaignmonitor.com

On 22 May 2014 18:36, horst knete <badun...@hotmail.de <javascript:>>wrote:

Hey guys,

in order to meet the german laws for logging, i got the order to store
the elasticsearch indices in a revision/audit-proof way(Indices cannot be
edited/changed after the storage).

Are there any best practices or tips for doing such a thing?(maybe any
plugins?)

Thanks for your feedback.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/ed95d3f8-9266-4ee4-a1a4-d3764b1150a4%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/ed95d3f8-9266-4ee4-a1a4-d3764b1150a4%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/e2776ff1-4dde-4e96-85b0-f19cd9ad6c9b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(Mark Walkom) #4

Keep us up to date with your project, I'm sure there would be interested
from others on a similar setup.

Regards,
Mark Walkom

Infrastructure Engineer
Campaign Monitor
email: markw@campaignmonitor.com
web: www.campaignmonitor.com

On 22 May 2014 18:46, horst knete baduncle23@hotmail.de wrote:

Yeah it looks like that this would do the job, thanks for response

Am Donnerstag, 22. Mai 2014 10:40:19 UTC+2 schrieb Mark Walkom:

You can set indexes to readonly - http://www.elasticsearch.
org/guide/en/elasticsearch/reference/current/indices-update-settings.html
Is that what you're after?

Regards,
Mark Walkom

Infrastructure Engineer
Campaign Monitor
email: ma...@campaignmonitor.com
web: www.campaignmonitor.com

On 22 May 2014 18:36, horst knete badun...@hotmail.de wrote:

Hey guys,

in order to meet the german laws for logging, i got the order to store
the elasticsearch indices in a revision/audit-proof way(Indices cannot be
edited/changed after the storage).

Are there any best practices or tips for doing such a thing?(maybe any
plugins?)

Thanks for your feedback.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/elasticsearch/ed95d3f8-9266-4ee4-a1a4-d3764b1150a4%
40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/ed95d3f8-9266-4ee4-a1a4-d3764b1150a4%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/e2776ff1-4dde-4e96-85b0-f19cd9ad6c9b%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/e2776ff1-4dde-4e96-85b0-f19cd9ad6c9b%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEM624Yy6uXAaDU_4bxyvKmezA7T5zB73sdF6V_HRPabLkb9UA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


(Jörg Prante) #5

You have to add a facility to your middleware that can trace all authorized
operations to your index (access, read, write, modify, delete) and you must
write this to an append-only logfile with timestamps.

If there is interest I could write such a plugin (assuming it can run in a
trusted environment regarding authorization tokens) but I think best place
is in a middleware (where an ES client runs in a broader application
context e.g. transaction awareness).

Jörg

On Thu, May 22, 2014 at 10:36 AM, horst knete baduncle23@hotmail.de wrote:

Hey guys,

in order to meet the german laws for logging, i got the order to store the
elasticsearch indices in a revision/audit-proof way(Indices cannot be
edited/changed after the storage).

Are there any best practices or tips for doing such a thing?(maybe any
plugins?)

Thanks for your feedback.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/ed95d3f8-9266-4ee4-a1a4-d3764b1150a4%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/ed95d3f8-9266-4ee4-a1a4-d3764b1150a4%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAKdsXoG7JxZW%3D_VqLxW01BUcuP8BA2j_MeiyLuZ-b4uTQmj3SQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


(Horst Birne) #6

Hi Jörg,

thanks for your offer.

I will contact you if there´s a need for such an plugin in our company.

Also i will keep you up to date if there´s breaking changes in our project.

Am Donnerstag, 22. Mai 2014 10:55:44 UTC+2 schrieb Jörg Prante:

You have to add a facility to your middleware that can trace all
authorized operations to your index (access, read, write, modify, delete)
and you must write this to an append-only logfile with timestamps.

If there is interest I could write such a plugin (assuming it can run in a
trusted environment regarding authorization tokens) but I think best place
is in a middleware (where an ES client runs in a broader application
context e.g. transaction awareness).

Jörg

On Thu, May 22, 2014 at 10:36 AM, horst knete <badun...@hotmail.de<javascript:>

wrote:

Hey guys,

in order to meet the german laws for logging, i got the order to store
the elasticsearch indices in a revision/audit-proof way(Indices cannot be
edited/changed after the storage).

Are there any best practices or tips for doing such a thing?(maybe any
plugins?)

Thanks for your feedback.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/ed95d3f8-9266-4ee4-a1a4-d3764b1150a4%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/ed95d3f8-9266-4ee4-a1a4-d3764b1150a4%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/4f2187bc-8d8e-4c3a-ae02-8eed30f3a175%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(system) #7