Protecting Log Data Using Log4j and Machina Tools – SDK

Machina Tools — SDK provides an easy-to-use interface to our data protection engine. In particular, Machina Tools exposes functions to perform key management and data encryption.

There has recently been a lot of interest in concretely describing use cases for protecting sensitive data at a granular level. The value-add that Machina Tools brings to users lies in its ability to weave seamless data protection into existing applications. Code examples can be useful in their own right, but also as a means to help “connect the dots” to facilitate new use cases.

To this end, I have recently published a Log4J integration with sample code to GitHub. More information is available on Machina Developers. This integration describes a simple SDK integration with the Apache Tomcat web container, and the Apache Log4j 2 application logging framework. The purpose of the integration is to provide a real-world use case where data is being dynamically protected by Machina.

The integration takes the form of a web application (webapp). Once the integration is running, web accesses to the webapp cause log messages to be sent to the log4j2 subsystem. A Machina-enabled file appender writes the log messages to an encrypted file output stream. Thus the messages are persisted onto the filesystem in an encrypted form.

The webapp is also configured to serve the content of the logs folder. It is possible to access URLs in the Tomcat instance to view both unprotected and protected versions of the webapp log file. When viewed through the Tomcat web server, the protected log file content is viewable. When viewing the file from the operating system, the ciphertext is displayed. Machina Tools is being used by a web server Filter to unprotect the data in the context of an authorized request.

The integration makes use of the Ionic file cipher class GenericFileCipher. The 2.5 version of Machina Tools, released in May 2019, includes support for a new version of the generic file format, enabling this integration.

While this integration demonstrates the ability to protect application log messages, other usages are possible. Audio streams, video streams, network traffic, and health-related telemetry are other types of streaming data that might be captured and protected similarly. The data protection primitives and server infrastructure of Machina are well-suited to protect data on capture as well as at rest.

Relevant links: