For auditing purposes it may be necessary to verify that the contents of a logstore are encrypted
By default, logstores are compressed but not encrypted. If log messages are stored in a text file instead of a logstore then they cannot be either compressed or encrypted.
To encrypt a logstore a certificate must be uploaded to the logstore. See the “Creating logstores” section in the admin guide.
Ref: https://support.oneidentity.com/technical-documents/syslog-ng-store-box/administration-guide/37#TOPIC-1665320
And to view the contents of an encrypted logstore a decryption key for the uploaded certificate will also need to be uploaded
Verification that a logstore is encrypted can be done either via the W.I. or the cli. But access to the certificate decryption keys is required.
To browse an encrypted logspace via the W.I see the “Browsing encrypted logspaces” section in the Admin Guide.
Ref: https://support.oneidentity.com/technical-documents/syslog-ng-store-box/administration-guide/52#TOPIC-1665383
The ‘/opt/syslog-ng/bin/logcat’ command is used to view the contents of a logstore via cli. This is detailed in the “Viewing encrypted logs with logcat” section in the Admin Guide.
Ref: https://support.oneidentity.com/technical-documents/syslog-ng-store-box/administration-guide/37#TOPIC-1665322
If a logstore is encrypted and the appropriate decryption key is not available then it will be impossible to view the contents of the logstore.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center