how to ensure security when tlog is integrated with elasticsearch

Scribery / tlog

Terminal I/O logger

http://scribery.github.io/tlog/

GNU General Public License v2.0

302 stars 53 forks source link

how to ensure security when tlog is integrated with elasticsearch #354

Open haiwu opened 1 year ago

haiwu commented 1 year ago

how to ensure security when tlog is integrated with elasticsearch? meaning we don't want anyone to be able to replay session logs stored inside elasticsearch, we don't want any host to be able to write into elasticsearch for its session logs without some kind of auth way.

Is this possible?

justin-stephenson commented 1 year ago

This would need to be setup and configured outside of tlog, as tlog has no built-in authentication support.

It looks like the omelasticsearch rsyslog module has a usehttps parameter: https://www.rsyslog.com/doc/v8-stable/configuration/modules/omelasticsearch.html#usehttps

Or investigate authentication on the elasticsearch side, or maybe software like https://www.stunnel.org/

haiwu commented 1 year ago

What does this one do? https://github.com/Scribery/tlog/pull/284/commits/8dac90be8ece66b95fadb96155afd428059d012b I don't see any tlog documentation mentioning about it..

justin-stephenson commented 1 year ago

perhaps @ajf8 can give some insight, as the contributor of this code.

SowAbdoul commented 2 months ago

Hi @haiwu @justin-stephenson Has anyone figured out how to ensure security when tlog is integrated with elasticsearch?