In Splunk, it is possible to detect tampering of logs. Splunk will take an
event at ingestion time and create a hash value based on the event and your
certificates/keys. You can then write searches that will re-hash the event
to be compared to the original to indicate if anything has changed.
You might be able to achieve this with versioning -
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/docs-index_.html#index-versioning
Regards,
Mark Walkom
Infrastructure Engineer
Campaign Monitor
email: ma...@campaignmonitor.com
web: www.campaignmonitor.com
On 2 October
