By default, you cannot browse encrypted logstores from the syslog-ng Store Box(SSB) web interface, because the required decryption keys are not available on SSB. To make browsing and searching encrypted logstores possible, SSB provides the following options:
-
Use persistent decryption key(s) for a single user.
For details, see Using persistent decryption keys.
-
Use decryption keys for the duration of the user session only.
For details, see Using session-only decryption keys.
-
Assign decryption keys to a logstore (making them available to every SSB user). This option might raise security concerns.
For details, see Assigning decryption keys to a logstore.
NOTE: Do not use SSB's own keys and certificates for encrypting or decrypting.
One Identity recommends:
-
Using 2048-bit RSA keys (or stronger).
-
Using the SHA-256 hash algorithm (or stronger) when creating the public key fingerprint.