Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

IguanaX 10.1.105 introduces the ability to enable and disable log encryption to secure data at rest stored in your IguanaX Log Directory on disk.

...

If upgrading from a previous IguanaX version, old unencrypted logs will remain in the logt log directory and a new log directory called loge will be generated by Iguana to store encrypted logs. You
Note
Info

Before configuring log encryption on your IguanaX instance please consider the following:

  • The log encryption key must be a secure 32-character string. It is recommended that you use the cryptographically secure encryption key generated by IguanaX.

  • The encryption key must be re-entered every time IguanaX service starts up.

  • IguanaX will not remember this key. You are responsible for documenting and storing this key in a secure location. There is no way to unlock Iguana without entering this encryption key when the service is started.

  • Encrypted logs will be stored in a new log directory, loge, placed in the default location according to your OS, however the location of loge can be changed as required. When viewing logs within the Iguana Log Browser, you will no longer be able to access the old logs in the logt directory when log encryption is enabled.

Log encryption can be quickly enabled and disabled in Iguana’s SettingsEnable Log Encryption:

Expand
titleSTEP 1: Click EDIT edit to enable log encryption
  1. Click Edit and choose Enabled using the dropdown.

  2. Use the three dots to have Iguana generate an Encryption key.

If you are enabling log encryption on an existing IguanaX instance, you must first stop all components as the service will need to restart.

Expand
titleSTEP 2: Generate an Encryption Key

Iguana will supply you with a 32-character encryption key to use as a key to encrypt the logs. You can use the regenerate button to have Iguana generate a new key for you to copy.

Copy this key for the next step. You will be responsible for documenting the encryption key generated by Iguana as it will be required each time you restart the Iguana instance.

...

Expand
titleSTEP 4: Iguana will restart, enter your encryption key and login to IguanaX
  1. Enter your Encryption Key and click Submit.

  1. Enter your login credentials as usual.

  1. Your logs will now be encrypted and stored in a new log directory, loge. You can view the new log directory in your Log Usage Settings page.

  1. If you take a look at your log directory, you will notice that the new loge directory has been created to store your encrypted logs. This can be changed as required. The old unencrypted logs will remain in the original logt directory, however will not be accessible within the Log browser.

Image Added

If you need to change your log encryption key in the future, you must first disable log encryption and then re-enable it with a newly generated encryption key.

Expand
titleDisable Log Encryption:
  1. Click Edit.

  2. Choose Disabled using the dropdown.

  3. Click Save and confirm you wish to disable log encryption.

  4. Iguana will restart and you will be able to log back into Iguana without entering the log encryption key.

If you take a look at your log directory, you will see that the original logt directory will be appended with a timestamp and the new unencrypted logs will be stored in the logt directory.

Image Added