The log well is a strategic component of an advanced cybersecurity architecture. It enables the centralization, secure storage, and complete traceability of all technical and application logs generated by your IT, OT, and cloud equipment.
LOGIQE supports you in the design, implementation, and operation of log sinks that comply with NIS2, GDPR, RGS, HDS, or ISO 27001 requirements, ensuring the integrity, confidentiality, and availability of the data collected.
Why set up a log well?
A log well is not just a storage database: it is a robust system capable of ensuring probative value preservation, real-time analysis, and secure access to logs from your entire ecosystem:
- Servers (Windows, Linux)
- Firewalls and routers
- Business applications
- Industrial OT systems
- Cloud solutions (Microsoft 365, Azure, GCP, etc.)
- Active Directory & Azure AD
There are many benefits:
- Regulatory compliance: retention period, timestamping, secure logging
- Active cyber defense: incident detection, alerts, correlation
- Audit & forensics: post-incident investigation, traceability of actions
- Interoperability: SIEM feeds, DLP solutions, EDR, etc.
Key features of a LOGIQE log well
We design custom log wells based on your technical, regulatory, and budgetary constraints.
Standardized multi-source collection
- Integration of standardized formats: Syslog, JSON, Windows Event, SNMP, CEF, etc.
- Collection agents (Beats, Fluentd, NXLog, etc.) or passive collection
- Cloud integration (Azure Diagnostic, Microsoft Graph API, etc.)
Secure & resilient storage
- UTC timestamp via secure NTP server
- Encryption at rest (AES256) and in transit (TLS)
- Geographic redundancy or high-availability cluster
- Long-term archiving and retention policy
Integrity control & partitioning
- SHA256 hashing to ensure that logs remain unaltered
- Access segmentation (by role, by scope)
- Querying via secure interface (Kibana, Grafana, Graylog, etc.)
Integration with SIEM & SOC
- Injection into Graylog, Sentinel, Splunk, or QRadar
- Real-time alerts (based on thresholds or behavior)
- Dashboard data for the CISO or IT department
Log wells & regulatory compliance
Our solutions comply with the requirements of the main standards:
- NIS2: incident traceability, active monitoring, time-stamped retention
- GDPR: restricted access to logs containing personal data
- RGS / SecNumCloud: integrity and auditability requirements
- ISO 27001: evidence of continuous monitoring and actionable history
LOGIQE provides you with the associated documentation (log policy, operating sheets, audit procedures) to respond to controls.
Use cases: examples of LOGIQE deployment
- Healthcare facility: HDS log wells for application logs, network and patient access, 3-year retention period
- Industry: passive collection on automated systems, archiving in secure storage with SIEM correlation
- Multi-site SMEs: multi-site centralization on a hosted well, segmented access for regional IT departments
Why entrust your log well to LOGIQE?
- Technical expertise (Syslog, Graylog, Sentinel, Fluentd, ELK)
- Integrated regulatory compliance (NIS2, GDPR, ISO 27001, HDS)
- Custom deployment: on-premises, cloud, hybrid
- Supervision & maintenance via our managed SOC
- Training and skills transfer for your IT/CISO teams
FAQ – Log wells
What is the difference between a log well and a SIEM?
A log well is a secure, standardized log storage brick. A SIEM adds layers of correlation, analysis, and alerting. The two can be combined.
Can a log well be integrated into the cloud?
Yes, provided that encryption, traceability, and compliance are ensured (e.g., Azure Log Analytics, S3 storage + integrity). LOGIQE helps you choose the right architecture.
Need a compliant and scalable log well?
LOGIQE offers you a free initial audit of your logging practices and a deployment plan to secure, centralize, and enhance your logs.
