Understanding Sign Settings Methods

Introduction

This article describes the signature methods used by Logsign to ensure the accuracy and integrity of the logs it stores.

Signature Methods

There are three different methods used for logging and signing: Line, File, and Summary signature methods.

Logsign's default signature methods are compatible with the structure required by Article 5651 of the Turkish Constitution, which mandates that logs must be timestamped and stored.

 

Line-based Signing (Line Sign Method)

When logs are received by the system, the entire line of the unmodified log is signed with hash algorithms.

1.png

 

By default, it is signed with CRC32.

You can see an example of a log from a FortiGate firewall source that has been signed with CRC32 below. The section marked in red and bold shows the portion of the orange-colored log line that has been signed with the hash algorithm CRC32.

The section marked in green and bold shows the portion of the orange-colored log line that has been signed with the hash algorithm MD5.

 

{"id":"","hash":"90a9202d","sender_info":{"ip":"10.10.0.2","port":0,"collector":"syslog","config_uid":"zfcg46zng2pko1t6zxvjt9v3vag3uvo9","severity":"notice","facility":"local7","linehash":"ad6e3694c0f26918b57833010ff0a196"},"time":1678282524,"data":"date=2023-03-08 time=16:35:24 devname="LogsignUmitFW" devid="FGVMEVSREQQ3WM62" eventtime=1678282524293949407 tz="+0300" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=192.241.237.24 srcname="iadmin-vmwarevirtualplatform" srcport=39956 srcintf="port2" srcintfrole="lan" dstip=10.10.0.16 dstport=1974 dstintf="port1" dstintfrole="undefined" srccountry="United States" dstcountry="Reserved" sessionid=227356 proto=6 action="timeout" policyid=5 policytype="policy" poluuid="01111dde-b7be-51ed-c558-90a548280c65" policyname="Parrot_OUT" service="tcp/1974" trandisp="snat" transip=10.10.0.2 transport=39956 duration=10 sentbyte=44 rcvdbyte=0 sentpkt=1 rcvdpkt=0 appcat="unscanned" srchwvendor="VMware" osname="Ubuntu" mastersrcmac="00:50:56:be:60:b4" srcmac="00:50:56:be:60:b4" srcserver=0"}}

 

File and Summary Method Signing (File & Summary Sign Method)

Logs are collected in a directory for 24 hours, compressed in either gz or bzip format, and then stored. After compression, the file and file contents are signed separately.

You can verify the hash of the following file using sha256 as an example.

2.png

You can also use different services to sign using different hash algorithms.

3.png

 

Supported Providers

Selft Time Stamp Authority

Tubitak

E-Imza TR

Digi Stamp

Logsign Stamp

Turk Trust

E-Tugra

E-Imza CYP Timestamp

Mikro Kep

Was this article helpful?
0 out of 2 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.