1SLOGVERIFY(1)             The slogverify manual page             SLOGVERIFY(1)
2
3
4

NAME

6       slogverify - Verify cryptographically secured logs
7

SYNOPSIS

9       slogverify [options] [input file] [output file] [buffers]
10

DESCRIPTION

12       The slogverify utility is used to verify the integrity of
13       cryptographically secured logs and to decrypt log entries produced in a
14       syslog-ng secure logging environment.
15
16       Normal mode: slogverify -k <host key file> -m <input MAC file> <input
17       file> <output file> [buffers]
18
19       Iterative mode: slogverify -i -p <previous host key> -r <previous MAC>
20       -m <current MAC> <input file> <output file> [buffers]
21

ARGUMENTS

23       input file
24           An encrypted log file from the syslog-ng secure logging environment
25           that will be verified.
26
27       output file
28           The file that will contain the plain text log entries after
29           decryption and verification.
30
31       buffers
32           Optional number of input buffers. The number of buffers can be used
33           for performance adjustments in case the log file to be verified is
34           very large and cannot be processed at once. It is a positive number
35           of log entries that can be held in memory during verification. The
36           minimum number if 10 and the maximum number is 4294967295. If this
37           argument is not supplied the default of 1000 is used.
38

OPTIONS

40       --iterative or -i
41           Iterative mode. This is useful in case the log files are
42           periodically copied from the system on which they where generated
43           to central collector. As log rotation, i.e. overwriting log files
44           in order to preserve space cannot be done in a secure logging
45           environment, the iterative mode can be used instead. This works as
46           follows: If a certain storage limit is reached the log file
47           together with the host key and the MAC file is copied to new
48           destination and the old file is deleted. The verification is then
49           performed in iterations, i.e. separately for each file that was
50           retrieved from the log host. For this to work, it is important to
51           always retrieve the corresponding host key and MAC files. The
52           process can be automated, e.g. by calling slogverify in iterative
53           mode from a script.
54
55       --key-file or -k
56           The initial host key (k0). This option is used in normal mode only.
57
58       --mac-file or -m
59           The current MAC file used.
60
61       --prev-key-file or -p
62           The host key corresponding to the previous log file. This option
63           can be used in iterative mode only. In theory, this can be initial
64           host key (k0) but using this key might generate warnings, as the
65           gap between the first log entry ever (log entry 0) and the first
66           log entry of the current log file might be large.
67
68       --prev-mac-file or -r
69           The MAC file from the previous log file. This option can only be
70           used in iterative mode.
71
72       --help or -h
73           Display a help message.
74

FILES

76       /usr/bin/slogverify
77
78       /etc/syslog-ng.conf
79

SEE ALSO

81       syslog-ng.conf(5)
82
83       secure-logging(7)
84
85           Note
86           For the detailed documentation of see The syslog-ng Administrator
87           Guide[1]
88
89           If you experience any problems or need help with syslog-ng, visit
90           the syslog-ng mailing list[2].
91
92           For news and notifications about of syslog-ng, visit the syslog-ng
93           blogs[3].
94
95           For specific information requests related to secure logging send a
96           mail to the Airbus Secure Logging Team <secure-logging@airbus.com>.
97

AUTHOR

99       This manual page was written by the Airbus Secure Logging Team
100       <secure-logging@airbus.com>.
101

NOTES

104        1. The syslog-ng Administrator Guide
105           https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/index.html
106
107        2. syslog-ng mailing list
108           https://lists.balabit.hu/mailman/listinfo/syslog-ng
109
110        3. syslog-ng blogs
111           https://syslog-ng.org/blogs/
112
113
114
1153.30                              11/18/2020                     SLOGVERIFY(1)
Impressum