Data Management
1. Export Task 📤
The Export task page allows you to view the exports you have already completed and the exports currently in progress. Export works through storage adapters. In order to start the export process, you must first define a storage adapter. Go to the Object Management > Storage Adapters documentation.
2. Backup Forensic Sign 📥
Overview 👀
Our system securely collects, signs, and stores your organization's log records. This ensures the integrity and immutability of your logs.
System Features ✨
Log Collection and Storage
The system segments log data into hourly chunks, where each chunk:
- Logs in your system are automatically collected
- Collected logs are securely processed and stored
- All logs are stored in an encrypted format
Signing Process 🔄
Real-Time Signing
- Your logs are automatically grouped at specified time intervals
- Each group is compressed, encrypted, and digitally signed
- Signed data is transferred to a secure storage area
Official Authority Signature
- At the end of the day, all log groups are signed by official authorities for an additional layer of security
- By default, FreeTSA is used
- Optionally, local authorities such as Kamusm or TÜBİTAK can be used
Verification Process ✅
To check the integrity of your log records:
- Verification Time: Verification can be performed after the end-of-day official signing process is completed
- Verification Scope: You can select the desired log group for verification
- Verification Result: The system checks whether the selected logs have been altered
Security Features 🔒
The system continuously monitors storage efficiency:
- Encryption: All logs are encrypted using industry-standard algorithms
- Digital Signature: Each log group is cryptographically signed
- Timestamp: Legal value is provided through timestamps obtained from official authorities
- Integrity Check: Mathematical proof ensures that the logs have not been altered
Use Cases ✍️
- Audit: Reliable log records for legal audits
- Forensic Analysis: Log records that can be used as evidence in court
- Compliance: Meeting regulatory requirements
System Diagram 🖧
Backup&Sign Flowchart
flowchart LR
A[TCP/UDP Log Source] --> B[MessageQ]
B --> C{Log Deployment}
C -->|Path 1| D[Database Insert]
C -->|Path 2| E[Sign Service]
E -->G[Create Chunk<br/>-Compression<br/>-Encryption<br/>-SelfSign+TimeStamp]
G -->L
G -->H{End of the day?}
H -->|Yes| I[-Collect All Chunk Hashes<br/>-Merge Hashes by Timestamp<br/>-Sign with Official Authority FreeTSA/Kamusm/TÜBİTAK]
I --> J[Master Signature File]
J --> K[Upload to MinIO S3]
L[File+S3Metadata<br/>-Timestamp<br/>-Compression Algorithm<br/>-Encryption Algorithm<br/>-Data Size/Count<br/>-Compression Ratio<br/>- Hash SHA-256<br/>-Digest/Sign]
L --> K
Verify Flowchart
flowchart LR
Q[Select Chunk] --> R[End of day check]
R --> S[Get hash/sign<br/>of the metadata<br/>of the chunk]
S --> T[-Collect All Chunk Hashes]
T --> U[Merge Hash's by timestamp]
U --> V[Comparison with master sign]
V --> W{Does it match?}
W -->|Yes| X[Verify is succesful]
W -->|No| Y[Verify is faided]
3. External Backup Service ↗
Extarnal backup service is a service to transfer log records to an external storage. To create an external backup service, a source is selected and a new storage adapter is created. Below you can see the storage adapter that the logger integrates with. For detailed information on how to add a storage adapter, see the storage adapter section in the following document.
4. Settings ⚙️
In the Settings tab, you can change some properties of the containers to which the logger software is connected. The features you can intervene in this tab are limited. You can use the CLI module for more detailed configurations.