Hi, *Protection of log information - Logging facilities and log information > shall be protected against tampering and unauthorized access. >
Graylog doesn't allow retroactively modifying messages and only authorized users can change the Graylog configuration. Additionally, you have to lockdown Elasticsearch so that only the Graylog server can access the cluster. > *Event logging - Event logs recording user activities, exceptions, faults > and information security events shall be produced, kept and regularly > reviewed. > This is basically covered by the normal log output of Graylog. What you're doing with that output, is your responsibility. > *Administrator and operator logs - System administrator and system > operator activities shall be logged and the logs protected and regularly > reviewed. (this could be answer: > https://www.graylog.org/enterprise/feature/auditlog) > You've already found the Graylog Enterprise Audit Log plugin. ;-) Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/0fb88c95-1232-4fbe-a748-1b637069da3e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
