Almost every application needs to keep an audit trail. And companies often implement their own solution, which isn't always the best - it's usable only by engineers (as it doesn't give management a good way to trace what happens) and it's not secure (it can be tampered with by anyone with access to the database)
At the same time multiple US and EU regulations require many types of systems and organizations to support such an audit trail. These regulation include The General Data Protection Regulation (EU), HIPAA, FDA CFR 21, EU GMP, The PNR Directive, and many more.
LogSentinel solves all that and thus reduces the risk of compromised data and regulatory fines, by providing a very simple RESTful web service for logging your business events and keeps a secure, tamper-evident and searchable audit trail. The integrity of the logs is guaranteed by multiple cryptographic methods so that the audit trail cannot be tampered with without detection.
Works with every language and platform
You can invoke the
/api/log/
by just providing an actor (who did it), action (what was done) and action details (payload). You can use one of our client libraries and even a wordpress plugin.
The log cannot be tampered with without detection
Log integrity has been explored in computer science for years. We employ methods recommended by the crypto community, such as hash chaining and timestamping in order to guarantee the integrity of the logs
Your logs can be used in court
Having a secure audit log is often a regulatory requirement. There are allegedly over 10,000 U.S. and EU regulations that govern the storage and management of data. LogSentinel helps with compliance, but we go further to make sure EU Regulation 910/2014 is properly implemented in terms of the use of digital timestamping and electronic signatures.
Not only LogSentinel uses an approach and data structures similar to those of the blockchain, but it regularly stores data in the Ethereum blockchain
You can manage a LogSentinel deployment yourself
Instead of relying on the cloud service provided by us, you can set it up yourself, under the appropriate license.
Instead of being part of our cloud solution, you can let us manage your own installation on our cloud infrastructure. You won't share any resources with the rest of our users.
Solutions like Splunk and logstash do provide simple ways to aggregate logs. However, they are focused on your code-level and system-level logs, rather than the business-process related logs. The audit trail represents the chain of events that happened in the application (who did what), rather than which resources was null, which socket closed unexpectedly or what database query was composed. And most importantly, these solutions don't offer the integrity guarantees that LogSentinel does.
Notable syslog servers like rsyslog can be seen as a replacement, but they would still need additional code and configuration in order to guarnatee the integrity, plus they lack the extra features like search and visualizations that LogSentinel provides out of the box. Many applications prefer not to run a self-hosted syslog server and rely on other aggregation tools. LogSentinel may support syslog in the future.
LogSentinel is using a similar approach to what the blockchain uses to ensure the integrity of the blocks - chaining hashes. It also uses a datastructure that blockchain implementations use (MerkleTree). And finally, pushing data to the Ethereum blockchain. You can read more in the whitepaper
Only above a certain threshold and if you are a for-profit company. There are exemptions for startups and non-profits.
You can read full details of the way it works in motivation of certain design decisions in our whitepaper
You simply invoke our
/api/log
endpoints for each action that occurs in your application. We are also providing client libraries for popular
languages.
alpha