Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

how to ensure security when tlog is integrated with elasticsearch #354

Open
haiwu opened this issue Feb 28, 2023 · 4 comments
Open

how to ensure security when tlog is integrated with elasticsearch #354

haiwu opened this issue Feb 28, 2023 · 4 comments

Comments

@haiwu
Copy link

haiwu commented Feb 28, 2023

how to ensure security when tlog is integrated with elasticsearch? meaning we don't want anyone to be able to replay session logs stored inside elasticsearch, we don't want any host to be able to write into elasticsearch for its session logs without some kind of auth way.

Is this possible?

@justin-stephenson
Copy link
Collaborator

This would need to be setup and configured outside of tlog, as tlog has no built-in authentication support.

It looks like the omelasticsearch rsyslog module has a usehttps parameter: https://www.rsyslog.com/doc/v8-stable/configuration/modules/omelasticsearch.html#usehttps

Or investigate authentication on the elasticsearch side, or maybe software like https://www.stunnel.org/

@haiwu
Copy link
Author

haiwu commented Mar 1, 2023

What does this one do? 8dac90b
I don't see any tlog documentation mentioning about it..

@justin-stephenson
Copy link
Collaborator

perhaps @ajf8 can give some insight, as the contributor of this code.

@SowAbdoul
Copy link

Hi @haiwu @justin-stephenson
Has anyone figured out how to ensure security when tlog is integrated with elasticsearch?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants