NAME

       slogkey - Manage cryptographic keys for use with syslog-ng secure logging

SYNOPSIS

       slogkey [options] [arguments]

DESCRIPTION

       The slogkey utility is used to manage cryptographic keys for use with the secure logging
       module of syslog-ng. Use this utility to create a master key, derive a host key to be used
       by a secure logging configuration and to display the current sequence counter of a key.
       The options determine the operating mode and are mutually exclusive.

ARGUMENTS

       The arguments depend on the operating mode.

       Master key generation
           Call sequence: slogkey --master-ḱey <filename>

           <filename>: The name of the file to which the master key will be written.

       Host key derivation
           Call sequence: slogkey --derive-key <master key file> <host MAC address> <host serial
           number> <host key file>

           <master key file>: The master key from which the host key will be derived.

           <host MAC address>: The MAC address of the host on which the key will be used. Instead
           of the MAC address, any other string that uniquely identifies a host can be supplied,
           e.g. the company inventory number.

           <host serial number>: The serial number of the host on which the key will be used.
           Instead of the serial number, any other string that uniquely identifies a host can be
           supplied, e.g. the company inventory number.

           <host key file>: The name of the file to which the host key will be written.

           NOTE: The newly created host key has its counter set to 0 indicating that it
           represents the initial host key k0. This host key must be kept secret and not be
           disclosed to third parties. It will be required to successfully decrypt and verify log
           archives processed by the secure logging environment. As each log entry will be
           encrypted with its own key, a new host key will be created after successful processing
           of a log entry and will replace the previous key. Therefore, the initial host key
           needs to be stored in a safe place before starting the secure logging environment, as
           it will be deleted from the log host after processing of the first log entry.

       Sequence counter display
           Call sequence: slogkey --counter <host key file>

           <host key file>: The host key file from which the sequence will be read.

OPTIONS

       --master-key or -m
           Generates a mew master key. <filename> is the name of the file storing the newly
           generated master key.

       --derive-key or -d
           Derive a host key using a previously generated master key.

       --counter or -c
           Display the current log sequence counter of a key.

       --help or -h
           Display a help message.

FILES

       /usr/bin/slogkey

       /etc/syslog-ng.conf

SEE ALSO

       syslog-ng.conf(5)

       secure-logging(7)

           Note
           For the detailed documentation of see The syslog-ng Administrator Guide[1]

           If you experience any problems or need help with syslog-ng, visit the syslog-ng
           mailing list[2].

           For news and notifications about of syslog-ng, visit the syslog-ng blogs[3].

           For specific information requests related to secure logging send a mail to the Airbus
           Secure Logging Team <secure-logging@airbus.com>.

AUTHOR

       This manual page was written by the Airbus Secure Logging Team
       <secure-logging@airbus.com>.

COPYRIGHT

NOTES

        1. The syslog-ng Administrator Guide
           https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/index.html

        2. syslog-ng mailing list
           https://lists.balabit.hu/mailman/listinfo/syslog-ng

        3. syslog-ng blogs
           https://syslog-ng.org/blogs/