LogSentinelalpha

Blockchain-inspired secure audit trail service

Why LogSentinel?

Almost every application needs to keep an audit trail. And companies often implement their own solution, which isn't always the best - it's usable only by engineers (as it doesn't give management a good way to trace what happens) and it's not secure (it can be tampered with by anyone with access to the database)

At the same time multiple US and EU regulations require many types of systems and organizations to support such an audit trail. These regulation include The General Data Protection Regulation (EU), HIPAA, FDA CFR 21, EU GMP, The PNR Directive, and many more.

LogSentinel solves all that and thus reduces the risk of compromised data and regulatory fines, by providing a very simple RESTful web service for logging your business events and keeps a secure, tamper-evident and searchable audit trail. The integrity of the logs is guaranteed by multiple cryptographic methods so that the audit trail cannot be tampered with without detection.

Main features

Simple RESTful API

Works with every language and platform

You can invoke the /api/log/ by just providing an actor (who did it), action (what was done) and action details (payload). You can use one of our client libraries and even a wordpress plugin.

Guaranteed integrity

The log cannot be tampered with without detection

Log integrity has been explored in computer science for years. We employ methods recommended by the crypto community, such as hash chaining and timestamping in order to guarantee the integrity of the logs

Legal strength

Your logs can be used in court

Having a secure audit log is often a regulatory requirement. There are allegedly over 10,000 U.S. and EU regulations that govern the storage and management of data. LogSentinel helps with compliance, but we go further to make sure EU Regulation 910/2014 is properly implemented in terms of the use of digital timestamping and electronic signatures.

Blockchain-inspired

Not only LogSentinel uses an approach and data structures similar to those of the blockchain, but it regularly stores data in the Ethereum blockchain

Self-hosted option

You can manage a LogSentinel deployment yourself

Instead of relying on the cloud service provided by us, you can set it up yourself, under the appropriate license.

Managed installation

Instead of being part of our cloud solution, you can let us manage your own installation on our cloud infrastructure. You won't share any resources with the rest of our users.

Frequently asked questions

Why not use a generic logging solution?

Solutions like Splunk and logstash do provide simple ways to aggregate logs. However, they are focused on your code-level and system-level logs, rather than the business-process related logs. The audit trail represents the chain of events that happened in the application (who did what), rather than which resources was null, which socket closed unexpectedly or what database query was composed. And most importantly, these solutions don't offer the integrity guarantees that LogSentinel does.

Why not use syslog instead?

Notable syslog servers like rsyslog can be seen as a replacement, but they would still need additional code and configuration in order to guarnatee the integrity, plus they lack the extra features like search and visualizations that LogSentinel provides out of the box. Many applications prefer not to run a self-hosted syslog server and rely on other aggregation tools. LogSentinel may support syslog in the future.

Is it using blockchain technology?

LogSentinel is using a similar approach to what the blockchain uses to ensure the integrity of the blocks - chaining hashes. It also uses a datastructure that blockchain implementations use (MerkleTree). And finally, pushing data to the Ethereum blockchain. You can read more in the whitepaper

Do I have to pay to use it?

Only above a certain threshold and if you are a for-profit company. There are exemptions for startups and non-profits.

How does it work?

You can read full details of the way it works in motivation of certain design decisions in our whitepaper

How do I plug it in my application?

You simply invoke our /api/log endpoints for each action that occurs in your application. We are also providing client libraries for popular languages.