Configuring Security

You can configure LogScale to run with or without user authentication. Authorization and permissions are handled in LogScale, while users are authenticated and logged in using one of the following integrations:

Initial & Key Users

These sections of the documentation relate to an initial single user and the root user, as well as emergency users.

Single User

When starting, single-user authentication is offers some security compared to the no-authentication mode. It's perhaps the best method when first starting and learning LogScale. This linked page explains how to set up this.

Root Access

Root users have the privileges required to act as systems administrators for the LogScale cluster. They can add and remove other users. This linked page explains more.

Emergency Access

When something goes wrong with an identity provider, LogScale allows for local emergency users within the LogScale cluster. Click on the heading here to learn more.

RBAC & GDPR

These two specialized sections explain LogScale's authentication and access method, as well as how LogScale logs are generated.

Manage users & permissions

LogScale distinguishes between authentication (i.e., establishes user identity) and authorization (i.e., sets which activities are allowed by authenticated users). LogScale's role-based access control model enables authorization of users based on roles with sets of permissions.

API Tokens

API tokens provide access to LogScale through various APIs and are configured at different access levels to allow ingestion, management and administration of LogScale.

Security Policies

Security Policies configure how access is granted through API tokens, configure IP and network limitations on access, limit dashboard access and sharing, and enable fine-grained control on how actions used in alerts and other automations can be used by different users of the system.

Session Management

Web sessions can be controlled to limit the time users can be logged in and connected to the LogScale Web UI.

Audit Logging

LogScale generates audit log events on many user activities. Per GDPR requirements, entries are marked as sensitive or non-sensitive, to make for a good audit trail.

Monitoring LogScale for security situations (e.g., hacker attempts, denial of service attacks, etc.), can be done with a number of different security monitoring systems, which can be integrated into LogScale:

For information on different integrations and products that can work with and communicate with LogScale, please see Integrations.

Immutability of Data

LogScale is designed so that data, once digested to a repository, is immutable. You can not modify or edit the data. At rest, the data is encrypted and a checksum process is used on each segment to prevent corruption.

Data in a repository can only be deleted under certain conditions and with specific elevated privileges:

  • By time — Data is automatically purged at the end of the designated retention period. See Data Retention.

  • By manual deletion of the repository — A user with sufficient permissions can delete an entire repository. See Delete a Repository or View.

  • By API — A user with specific privileges and administrative power over a repo can leverage the Redact API to remove specific data. Redact Events API.

All of the above actions can only be performed by authorized users with the specific mentioned permissions tied to specific repositories.