Hi, I'm investigating storing syslog data using Lucene (via Solr or Elasticsearch, undecided at present). The syslogs belong to systems under the scope of the PCI DSS (Data Security Standard), and one of the requirements is to ensure logs aren't tampered with. I'm looking for advice on how to accomplish this.
Looking through the Lucene documentation, I believe there doesn't exist any built in functionality to secure index data through digital signatures or HMACs. Is this the case, or have I overlooked something? I see there is a lucenetransform project (http://code.google.com/p/lucenetransform/) that offers encryption, but not digital signatures. I'm not concerned about hiding the contents of the data, just need to ensure it hasn't been tampered with. At present I use Splunk, which signs and verifies blocks of indexed data. Unfortunately its pricing model doesn't scale well, hence looking for a lucene-based solution. I suppose I could add a digital signature programmatically to each lucene Document/Syslog, though it seems like a lot of overhead. Lucenetransforms approach does seem to suggest that I could provide a digital signature version of Directory (and IndexInput/IndexOutput), however before I go down that rabbit hole, decided to check in here. Any advice or suggestions appreciated. Kind Regards, Mike C. --------------------------------------------------------------------- To unsubscribe, e-mail: java-user-unsubscr...@lucene.apache.org For additional commands, e-mail: java-user-h...@lucene.apache.org
