How can we ensure that the logs have not been altered?

drkteam · May 31, 2024, 2:20pm

Hello,

I am considering using S3 Object Locking to ensure that logs are not deleted or tampered with. Here are my questions:

Can we set a retention period for S3 Object Locking and proceed this way?
How can we ensure that the logs have not been altered? Is there any method or tool that can provide this guarantee?

Looking forward to your feedback. Thank you.

jangaraj · May 31, 2024, 2:25pm

Why you don’t enable AWS S3 versioning? = any change can be detected by chwxkng version + you can still restore previous version.

tonyswumac · May 31, 2024, 3:19pm

Loki is not going to change the logs that have been written. What exactly are you concerned about? If you are worried about someone manually tinkering with your Loki S3 storage then it would be much more productive to try and lock down the S3 bucket with access permission and policy.

In terms of retention, as @jangaraj pointed out you should want to enable versioning. Here is our S3 bucket lifecycle policy for our production Loki cluster:

Expire current object after 360 days (object becomes versioned).
Permenantly delete versioned object after 30 days.

This gives you a 30-day window to recover any object that’s altered or deleted.

Topic		Replies	Views
Long term log storage Grafana Loki	2	880	September 1, 2022
Loki Does Not Read Older Logs From AWS S3 Grafana Loki loki , aws	10	1478	February 28, 2025
Loki old logs restored from s3 bucket Grafana Loki loki	2	520	August 25, 2023
I want to retain logs in S3 and Loki server (Which is on Ec2) forever what configuration changes are required in the given lokiconfig file Grafana Loki	1	183	July 4, 2024
Loki S3 storage tiers lifecycle Grafana Loki	1	565	July 19, 2023

How can we ensure that the logs have not been altered?

Related topics