Configure the Digital Signing of Raw Logs

Applies to Product: USM Appliance™ AlienVault OSSIM®

USM Appliance uses cryptographic signing of raw logs stored on disk for security and verification purposes. This helps you meet governmental and other compliance mandates for archive and management. It also allows for the forensic analysis of all events in USM Appliance.

Note: Beginning with version 5.4, USM Appliance uses DSA (Digital Signature Algorithm), in place of SHA-1, to sign raw logs.

To certify the logs and protect them from being modified or tampered with, USM Appliance uses one of two ways to digitally sign the raw logs:

  • Line — Digitally signs every log it receives. This ensures immediate protection from log tampering, but it can take longer to process.
  • Block — Digitally sign a block of logs on an hourly basis, or when the log file exceeds 100 MB in size. This is the default signing method

To configure the Logger's method of digitally signing logs

  1. Go to Configuration > Deployment > Components > Servers.
  2. Select a server, then select Modify.

  3. On the Components page, in the Log section, verify that Yes is selected for Credentials.

    Components Modification page with Logger methods for digitally signing logs.

  4. Next to Sign, select either Line or Block for the signing method you want to use.

  5. Click Save.

    This returns you to the Components tab, where USM Appliance displays the message that the server has been successfully updated.

    Servers page from Servers.

  6. Click Apply Changes.