Hi Every one, I want to ask few questions regarding the design of a system that will collect logs from client machines and then store them in to our ElasticSearch storage. Questions are as follows:-
1. It is quite obvious from the Internet and people feedback that ElasticSearch is a best option for storage of raw logs, however, there are few features that are required: signing of logs is important, so whether we should use the signing feature of RSYSLOG or elasticsearch (Jetty) since both provide the feature. From the security point of view we believe that RSYSLOG signing feature is more important for integrity since RSYSLOG is placed at the clients end. So whatever log is generated they have a surety with them that logs are not changed by any other party. Are we thinking in the right direction? Secondly, if logs are signed by the RSYSLOG how they are verifiable? 2. Secondly question is that if we don't want to process the logs other than a bit formatting and security (Encryption and Signature) as described above, do we really need to pass them through STORM? Moving logs between RSYSLOG and ElasticSearch requires logstash with the help of REDIS client. However, are we following the right path? or there is some design flaw in that.... 3. Another question is that ElasticSearch is not a RDBMS. So how to deal with user accounts i mean access control of various internet users. Do we need to have a separate instance of ElasticSearch for each client? 4. Encryption is another feature that we want to enable for clients for transporting logs. I will be really grateful to any one for answering these questions. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
