Background on Authentic8 Service Logs:
The Authentic8 Service collects certain log data in order to provide administrators with visibility into their users’ activities. Logged data includes:
- User’s navigation history
- Administrator actions
- Authentication events
- Session parameters
- Web form post data (if logs are encrypted)
Customer specific log data is stored for 90 days after which it is deleted from the Authentic8 system. During this 90 day period, the service can be configured to store log data in unencrypted or encrypted format based on customer requirements.
Logs are stored in unencrypted format by default, and summary results are made available to administrators via the reporting panel in the Admin Console. Additionally, log data can be extracted from the service via the use of a RESTful API for ingestion into other reporting tools.
If you are concerned about an Authentic8 employee seeing your log data, or if you have regulated content in the data logged - like a patient ID number as part of a URL an employee visits, you can configure the service to encrypt the Authentic8 log data by providing your own public key. In this configuration, log data is only written to the logging database in encrypted format, and is never written to disk prior to this point. By choosing to encrypt log data, the reporting panel in the Admin Console will be rendered non-functional. Encrypted log data can be extracted from the service using the same RESTful API mentioned above.
The rest of this document describes how to configure encrypted logging, generate public/private key pairs and enable log extraction via the RESTful API.
Configuring Log Encryption:
To configure log encryption, the administrator navigates to the Policy section of the Admin Console and clicks ‘Edit’ for the ‘Log Encryption’ policy. The default (selected) is ‘User activity logs are stored in clear text’. Selecting the ‘User activity logs are stored encrypted’ option will reveal the log encryption configuration details. The two fields that must be filled in are ‘Key Name’ and ‘Public Key’.
The ‘Key Name’ field is used to identify which key was used to do the encryption.
The ‘Public Key’ field is where the actual public key should be entered (using copy-paste is recommended
Creating a Key Pair:
The Authentic8 Log Encryption solution uses the SECCURE toolset. This toolset must be installed and working to generate an appropriate key pair. The toolkit can easily be installed on Debian based Linux distros with the command:
$ sudo apt-get install seccure
Once this toolset is installed and working, the key pair can be created with the command:
$ sudo seccure-key -c p256
This command will ask for a private key to be entered. This is just plain text that is typed in. This private key must be remembered as it is required to decrypt the encrypted logs and cannot be retrieved after the fact. A public key will be printed on the screen. The public key is to be entered into the Authentic8 Admin Console and will be used to encrypt all the user activity logs.
Note: Strong private keys are highly encouraged.
The SECCURE toolset can be used on Linux only. See the SECCURE website for details.
Accessing the Logs:
The user activity logs are stored in the Authentic8 databases and can only be accessed programmatically via the RESTful Authentic8 API. Please contact Authentic8 support for details on obtaining access to this API.
More Information About Logs
Please refer to the Silo Logs Reference Guide for more information.