Log Encryption
IguanaX 10.1.105 introduces the ability to enable and disable log encryption to secure data at rest stored in your IguanaX Log Directory on disk.
Before configuring log encryption on your IguanaX instance please consider the following:
-
The log encryption key must be a secure 32-character string. It is recommended that you use the cryptographically secure encryption key generated by IguanaX.
-
The encryption key must be re-entered every time IguanaX service starts up.
-
IguanaX will not remember this key. You are responsible for documenting and storing this key in a secure location. There is no way to unlock Iguana without entering this encryption key when the service is started.
-
Encrypted logs will be stored in a new log directory,
loge
, placed in the default location according to your OS, however the location ofloge
can be changed as required. When viewing logs within the Iguana Log Browser, you will no longer be able to access the old logs in thelogt
directory when log encryption is enabled.
Enable Log Encryption:
STEP 1: Click edit to enable log encryption
-
Click Edit and choose Enabled using the dropdown.
-
Use the three dots to have Iguana generate an Encryption key.
If you are enabling log encryption on an existing IguanaX instance, you must first stop all components as the service will need to restart.
STEP 2: Generate an Encryption Key
Iguana will supply you with a 32-character encryption key to use as a key to encrypt the logs. You can use the regenerate button to have Iguana generate a new key for you to copy.
Copy this key for the next step. You will be responsible for documenting the encryption key generated by Iguana as it will be required each time you restart the Iguana instance.
STEP 3: Configure your Encryption Key
-
Copy the encryption key into the Encryption Key and Confirm Encrpytion Key fields.
-
Click Save.
A confirmation window will appear before proceeding to restart the Iguana instance and enable log encryption.
-
Confirm you have saved your encryption key in a secure location
-
Confirm you understand it will be required on every IguanaX start up.
STEP 4: Iguana will restart, enter your encryption key and login to IguanaX
-
Enter your Encryption Key and click Submit.
-
Enter your login credentials as usual.
-
You can view the new log directory in your Log Usage Settings page.
-
If you take a look at your log directory, you will notice that the new
loge
directory has been created to store your encrypted logs. This can be changed as required. The old unencrypted logs will remain in the originallogt
directory, however will not be accessible within the Log browser.
If you need to change your log encryption key in the future, you must first disable log encryption and then re-enable it with a newly generated encryption key.
Disable Log Encryption:
-
Click Edit.
-
Choose Disabled using the dropdown.
-
Click Save and confirm you wish to disable log encryption.
-
Iguana will restart and you will be able to log back into Iguana without entering the log encryption key.
If you take a look at your log directory, you will see that the original logt
directory will be appended with a timestamp and the new unencrypted logs will be stored in the logt
directory.