OmniLog
Not even root can alter these logs. Because they don't go through the OS.
The Problem
Conventional loggers write through syslog, libc, and the kernel. Root can edit logs. Malware can hook libc. Backdoors can filter log entries. When an attacker gains root access, the audit trail becomes unreliable — exactly when you need it most.
The Solution
OmniLog writes directly to disk via syscalls. Every entry is hashed with the previous one in a SHA-256 chain. If anyone — root, admin, malware — modifies an entry, the chain breaks. Detectable in milliseconds. There is no libc to hook, no framework to inject filters into.
Why Bare-Metal Matters
The hash chain is the mathematical proof of integrity. You don't trust the OS. You don't trust the admin. You trust SHA-256. A 15KB binary with zero dependencies has zero attack surface for log tampering — there is nothing to exploit between the log entry and the disk.
Technical Specifications
| Feature | Value |
|---|---|
| Binary Size | ~15KB |
| Integrity | SHA-256 hash chain |
| Write Method | Direct syscall (no libc) |
| Dependencies | None |
| Tamper Detection | Milliseconds (chain verification) |
| Compliance | PCI-DSS, SOX, HIPAA |
| Interface | HTTP log ingestion |
Comparison
| OmniLog | Splunk | ELK Stack | |
|---|---|---|---|
| Size | ~15KB | 500MB+ | 1GB+ (Java/Docker) |
| RAM usage | <1MB | 4-8GB | 2-4GB |
| Dependencies | None | JVM + proprietary | Java + Docker + OS |
| Tamper-proof | Yes (hash chain) | No (admin can edit) | No (admin can edit) |
| Root can modify logs | No (chain breaks) | Yes | Yes |
| Annual cost | One-time license | $15K+/year | "Free" + DevOps $96K |
Use Cases
PCI-DSS Compliance
Financial institutions require immutable audit trails. OmniLog provides mathematical proof that logs have not been altered — not just access controls that root can bypass.
HIPAA Audit Logging
Healthcare systems need tamper-evident logging for patient record access. The hash chain proves integrity without relying on the OS that an attacker may have compromised.
Incident Forensics
When investigating a breach, the first question is "can we trust the logs?" With OmniLog, the answer is mathematically provable.