Enabling log hashing

Enable log hashing to have any system that writes event and flow data creates hash files. Use these hash files to verify that the event and flow logs were not modified since they were originally written to disk. The hash files are generated in memory before the files are written to disk, so the event and flow logs cannot be tampered with before the hash files are generated.

About this task

The system uses the following hashing algorithm types:

Message-Digest Hash Algorithm
Transforms digital signatures into shorter values called Message-Digests (MD).
Secure Hash Algorithm (SHA) Hash Algorithm
Standard algorithm that creates a larger (60 bit) MD.

Procedure

  1. On the Admin tab, click System Settings.
  2. In the Ariel Database Settings section, select Yes in the Flow Log Hashing field and the Event Log Hashing field.
  3. Select a hashing algorithm for database integrity.
    • If the HMAC Encryption parameter is disabled, the following hashing algorithm options are available:
      MD2
      Algorithm that is defined by RFC 1319.
      MD5
      Algorithm that is defined by RFC 1321.
      SHA-1
      Algorithm that is defined by Secure Hash Standard (SHS), NIST FIPS 180-1. This setting is the default.
      SHA-256
      Algorithm that is defined by the draft Federal Information Processing Standard 180-2, SHS. SHA-256 is a 255-bit hash algorithm that is intended for 128 bits of security against security attacks.
      SHA-384
      Algorithm that is defined by the draft Federal Information Processing Standard 180-2, SHS. SHA-384 is a bit hash algorithm, which is created by truncating the SHA-512 output.
      SHA-512
      Algorithm that is defined by the draft Federal Information Processing Standard 180-2, SHS. SHA-512 is a bit hash algorithm that is intended to provide 256 bits of security.
    • If the HMAC Encryption parameter is enabled, the following hashing algorithm options are available:
      HMAC-MD5
      An encryption method that is based on the MD5 hashing algorithm.
      HMAC-SHA-1
      An encryption method that is based on the SHA-1 hashing algorithm.
      HMAC-SHA-256
      An encryption method that is based on the SHA-256 hashing algorithm.
      HMAC-SHA-384
      An encryption method that is based on the SHA-384 hashing algorithm.
      HMAC-SHA-512
      An encryption method that is based on the SHA-512 hashing algorithm.

      If the HMAC Encryption parameter is enabled, you must specify an HMAC key in the HMAC Key and Verify HMAC Key fields.

  4. Click Save.