Hi Jochen, thanks for your answers.
Dňa piatok, 30. septembra 2016 15:38:46 UTC+2 Jochen Schalanda napísal(-a): > > Hi, > > *Protection of log information - Logging facilities and log information >> shall be protected against tampering and unauthorized access. >> > > Graylog doesn't allow retroactively modifying messages and only authorized > users can change the Graylog configuration. Additionally, you have to > lockdown Elasticsearch so that only the Graylog server can access the > cluster. > > > >> *Event logging - Event logs recording user activities, exceptions, faults >> and information security events shall be produced, kept and regularly >> reviewed. >> > > This is basically covered by the normal log output of Graylog. What you're > doing with that output, is your responsibility. > > > >> *Administrator and operator logs - System administrator and system >> operator activities shall be logged and the logs protected and regularly >> reviewed. (this could be answer: >> https://www.graylog.org/enterprise/feature/auditlog) >> > > You've already found the Graylog Enterprise Audit Log plugin. ;-) > > > Cheers, > Jochen > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/6d34d6af-e29b-4d83-a386-b7fcb05e6578%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
