1SLOGKEY(1) The slogkey manual page SLOGKEY(1)
2
6 slogkey - Manage cryptographic keys for use with syslog-ng secure
7 logging
8
10 slogkey [options] [arguments]
11
13 The slogkey utility is used to manage cryptographic keys for use with
14 the secure logging module of syslog-ng. Use this utility to create a
15 master key, derive a host key to be used by a secure logging
16 configuration and to display the current sequence counter of a key. The
17 options determine the operating mode and are mutually exclusive.
18
20 The arguments depend on the operating mode.
21 Master key generation
23 Call sequence: slogkey --master-ḱey <filename>
24 <filename>: The name of the file to which the master key will be
26 written.
27 Host key derivation
29 Call sequence: slogkey --derive-key <master key file> <host MAC
30 address> <host serial number> <host key file>
31 <master key file>: The master key from which the host key will be
33 derived.
34 <host MAC address>: The MAC address of the host on which the key
36 will be used. Instead of the MAC address, any other string that
37 uniquely identifies a host can be supplied, e.g. the company
38 inventory number.
39 <host serial number>: The serial number of the host on which the
41 key will be used. Instead of the serial number, any other string
42 that uniquely identifies a host can be supplied, e.g. the company
43 inventory number.
44 <host key file>: The name of the file to which the host key will be
46 written.
47 NOTE: The newly created host key has its counter set to 0
49 indicating that it represents the initial host key k0. This host
50 key must be kept secret and not be disclosed to third parties. It
51 will be required to successfully decrypt and verify log archives
52 processed by the secure logging environment. As each log entry will
53 be encrypted with its own key, a new host key will be created after
54 successful processing of a log entry and will replace the previous
55 key. Therefore, the initial host key needs to be stored in a safe
56 place before starting the secure logging environment, as it will be
57 deleted from the log host after processing of the first log entry.
58 Sequence counter display
60 Call sequence: slogkey --counter <host key file>
61 <host key file>: The host key file from which the sequence will be
63 read.
64
66 --master-key or -m
67 Generates a mew master key. <filename> is the name of the file
68 storing the newly generated master key.
69 --derive-key or -d
71 Derive a host key using a previously generated master key.
72 --counter or -c
74 Display the current log sequence counter of a key.
75 --help or -h
77 Display a help message.
78
80 /usr/bin/slogkey
81 /etc/syslog-ng.conf
83
85 syslog-ng.conf(5)
86 secure-logging(7)
88 Note
90 For the detailed documentation of see The syslog-ng Administrator
91 Guide[1]
92 If you experience any problems or need help with syslog-ng, visit
94 the syslog-ng mailing list[2].
95 For news and notifications about of syslog-ng, visit the syslog-ng
97 blogs[3].
98 For specific information requests related to secure logging send a
100 mail to the Airbus Secure Logging Team <secure-logging@airbus.com>.
101
103 This manual page was written by the Airbus Secure Logging Team
104 <secure-logging@airbus.com>.
105
108 1. The syslog-ng Administrator Guide
109 https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/index.html
110 2. syslog-ng mailing list
112 https://lists.balabit.hu/mailman/listinfo/syslog-ng
113 3. syslog-ng blogs
115 https://syslog-ng.org/blogs/
1163.30 11/18/2020 SLOGKEY(1)