how to ensure security when tlog is integrated with elasticsearch

[haiwu]

how to ensure security when tlog is integrated with elasticsearch? meaning we don't want anyone to be able to replay session logs stored inside elasticsearch, we don't want any host to be able to write into elasticsearch for its session logs without some kind of auth way.

Is this possible?

[justin-stephenson]

This would need to be setup and configured outside of tlog, as tlog has no built-in authentication support.

It looks like the omelasticsearch rsyslog module has a usehttps parameter: https://www.rsyslog.com/doc/v8-stable/configuration/modules/omelasticsearch.html#usehttps

Or investigate authentication on the elasticsearch side, or maybe software like https://www.stunnel.org/

[haiwu]

What does this one do? 8dac90b
I don't see any tlog documentation mentioning about it..

[justin-stephenson]

perhaps @ajf8 can give some insight, as the contributor of this code.

[asow25]

Hi @haiwu @justin-stephenson
Has anyone figured out how to ensure security when tlog is integrated with elasticsearch?