Although logs are sanitized prior to persistence. Their accessibility should also be secured.
This can be done by securing the logs in transit as well as at rest. For example, the logs may be sent over with transport layer security. The service broker responsible for provisioning the service external to the cluster for handling the logs may use and validate tokens for the control plane prior to the logs being sent over the data plane and registering access to do so only for those users. This facilitates a Role Based Access Control over all the control resources provisioned to be used with the data.
The obfuscation of data was mentioned as to be controlled at the source. This is made possible with the help of pattern matching in log filters. The log filters are convenient to be used when the log entries are flushed to file. In most other cases, though the log entries have to be sanitized afterwards. This is made possible with processing text in downstream systems or at the log index store. For example, log storage products are already equipped to remove Personally Identifiable Information that needs to be removed for compliance with the application.
Logs, like any other data, are subject to extract-transform-load especially for deriving properties and annotations that serve to augment the information associated with the logs and facilitate search. The log channels are independent and can be numerous. Since each channel can be viewed as a datastream, it is also possible to customize log searches to be over streams rather than time-series buckets.
No comments:
Post a Comment