'

OmniLog — Court-Defensible Logging & Evidence Ledger for Omniscient

OmniLog — Court-Defensible Logging & Evidence Ledger for Omniscient

OmniLog — Court-Defensible Logging & Evidence Ledger for Omniscient

OmniLog is a DFIR overlay for rsyslog that turns raw syslog streams into case-ready, tamper-evident logs with structured output, hash-linked event integrity, and exportable audit bundles—while keeping rsyslog as the engine.

✅ Works with existing rsyslog pipelines (overlay, not replacement)
✅ JSON event normalization + consistent fields
✅ Hash-chained integrity + manifests for verification
✅ Case export tooling for handoff/reporting

SKU: PRO-696FBB3CD0384 Category:

Description

What OmniLog is

OmniLog is an rsyslog DFIR overlay: a set of hardened rsyslog configurations, templates, and case tooling that upgrades your logging into structured, verifiable, investigation-grade evidence.

It does not replace rsyslog. It wraps your current flow with:

  • consistent event normalization

  • integrity anchors (hash chaining + manifests)

  • case scoping and export bundles

What it does

1) Normalizes + structures logs

  • Converts messy syslog into consistent JSON records

  • Adds predictable fields (host, program, facility/severity, timestamps, source tags, etc.)

  • Standardizes file naming and case directories for clean operations

2) Adds integrity and verification

  • Hash-chains events to detect tampering/reordering

  • Generates case manifests (SHA256 lists) for exported artifacts

  • Optional signing hooks if you’re using a human release key workflow

3) Produces case-ready exports

  • One-command case export bundle

  • Timeline-friendly outputs (JSONL + readable mirror)

  • Custody-friendly packaging (manifest + summary + directory structure)

Best for

  • DFIR operators running collection nodes

  • Private investigations needing clean documentation

  • Internal security teams who want “prove-it” logs during incidents

  • Anyone tired of reconstructing timelines from scattered syslog files

What you get (inside the download)

Instant download includes:

  • rsyslog overlay configs (drop-in include structure)

  • Templates for JSON/JSONL output + human-readable mirrors

  • Case directory scaffold + rotation strategy

  • Export tooling (audit bundle generator + manifests)

  • Quickstart + deployment patterns (single node / forwarder / aggregator)

  • Example pipelines + test vectors to validate output

Download: OmniLog-rsyslog-overlay-v1.x.zip

Core features (rsyslog-native)

Overlay design (no pipeline takeover)

  • Runs as an include overlay on top of your existing rsyslog config

  • Safe defaults with clear override points

  • Designed to be reversible (remove overlay, rsyslog still works)

DFIR-friendly outputs

  • JSONL event files for ingestion into analysis tools

  • Human-readable mirror logs for rapid scanning

  • Optional case tagging via facility/program rules or source metadata

Integrity + auditability

  • Hash chain per event stream (detects gaps + tampering)

  • Case closure manifest generation

  • Export bundles for handoff, review, or storage

Requirements / Compatibility

  • rsyslog-based Linux environments

  • Works best where you control the rsyslog config (collector, forwarder, or aggregator)

  • No SaaS dependency

Licensing

Single Operator License

  • 1 operator, unlimited cases, unlimited machines for that operator

(If you’re not actually selling team tiers yet, don’t mention them on-page until variations exist.)

Reviews

There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

Related products

Read more