lunar (1) slogverify.1.gz

Provided by: syslog-ng-mod-slog_3.38.1-5_amd64 bug

NAME

       slogverify - Verify cryptographically secured logs

SYNOPSIS

       slogverify [options] [input file] [output file] [buffers]

DESCRIPTION

       The slogverify utility is used to verify the integrity of cryptographically secured logs
       and to decrypt log entries produced in a syslog-ng secure logging environment.

       Normal mode: slogverify -k <host key file> -m <input MAC file> <input file> <output file>
       [buffers]

       Iterative mode: slogverify -i -p <previous host key> -r <previous MAC> -m <current MAC>
       <input file> <output file> [buffers]

ARGUMENTS

       input file
           An encrypted log file from the syslog-ng secure logging environment that will be
           verified.

       output file
           The file that will contain the plain text log entries after decryption and
           verification.

       buffers
           Optional number of input buffers. The number of buffers can be used for performance
           adjustments in case the log file to be verified is very large and cannot be processed
           at once. It is a positive number of log entries that can be held in memory during
           verification. The minimum number if 10 and the maximum number is 4294967295. If this
           argument is not supplied the default of 1000 is used.

OPTIONS

       --iterative or -i
           Iterative mode. This is useful in case the log files are periodically copied from the
           system on which they where generated to central collector. As log rotation, i.e.
           overwriting log files in order to preserve space cannot be done in a secure logging
           environment, the iterative mode can be used instead. This works as follows: If a
           certain storage limit is reached the log file together with the host key and the MAC
           file is copied to new destination and the old file is deleted. The verification is
           then performed in iterations, i.e. separately for each file that was retrieved from
           the log host. For this to work, it is important to always retrieve the corresponding
           host key and MAC files. The process can be automated, e.g. by calling slogverify in
           iterative mode from a script.

       --key-file or -k
           The initial host key (k0). This option is used in normal mode only.

       --mac-file or -m
           The current MAC file used.

       --prev-key-file or -p
           The host key corresponding to the previous log file. This option can be used in
           iterative mode only. In theory, this can be initial host key (k0) but using this key
           might generate warnings, as the gap between the first log entry ever (log entry 0) and
           the first log entry of the current log file might be large.

       --prev-mac-file or -r
           The MAC file from the previous log file. This option can only be used in iterative
           mode.

       --help or -h
           Display a help message.

FILES

       /usr/bin/slogverify

       /etc/syslog-ng.conf

SEE ALSO

       syslog-ng.conf(5)

       secure-logging(7)

           Note
           For the detailed documentation of see The syslog-ng Administrator Guide[1]

           If you experience any problems or need help with syslog-ng, visit the syslog-ng
           mailing list[2].

           For news and notifications about of syslog-ng, visit the syslog-ng blogs[3].

           For specific information requests related to secure logging send a mail to the Airbus
           Secure Logging Team <secure-logging@airbus.com>.

AUTHOR

       This manual page was written by the Airbus Secure Logging Team
       <secure-logging@airbus.com>.

NOTES

        1. The syslog-ng Administrator Guide
           https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/index.html

        2. syslog-ng mailing list
           https://lists.balabit.hu/mailman/listinfo/syslog-ng

        3. syslog-ng blogs
           https://syslog-ng.org/blogs/