1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
<?xml version="1.0"?>
<!--
Copyright (c) 2020 Airbus Secure Logging Team
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License version 2 as published
by the Free Software Foundation, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
As an additional exemption you are allowed to compile & link against the
OpenSSL libraries as published by the OpenSSL project. See the file
COPYING for details.
-->
<reference xmlns="http://docbook.org/ns/docbook" version="5.0">
<info>
<productname/>
<title>The slogverify manual page</title>
</info>
<refentry xml:id="slogverify.1">
<refmeta>
<refentrytitle>slogverify</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="version">4.8</refmiscinfo>
<refmiscinfo class="source"/>
</refmeta>
<refnamediv>
<refname>slogverify</refname>
<refpurpose>Verify cryptographically secured logs</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>slogverify</command>
<arg>options</arg>
<arg>input file</arg>
<arg>output file</arg>
<arg>buffers</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection version="5.0">
<title>Description</title>
<para>The <command>slogverify</command> utility is used to verify the integrity of cryptographically secured logs and to decrypt log entries produced in a <command>syslog-ng</command> secure logging environment.</para>
<para>Normal mode: <command>slogverify -k <host key file> -m <input MAC file> <input file> <output file> [buffers]</command></para>
<para>Iterative mode: <command>slogverify -i -p <previous host key> -r <previous MAC> -m <current MAC> <input file> <output file> [buffers]</command></para>
</refsection>
<refsection>
<title>Arguments</title>
<variablelist>
<?dbfo term-width="1.25in"?>
<varlistentry>
<term><command>input file</command>
</term>
<listitem>
<para>An encrypted log file from the syslog-ng secure logging environment that will be verified.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>output file</command>
</term>
<listitem>
<para>The file that will contain the plain text log entries after decryption and verification.</para>
</listitem>
</varlistentry>
</variablelist>
<varlistentry>
<term><command>buffers</command>
</term>
<listitem>
<para>Optional number of input buffers. The number of buffers can be used for performance adjustments in case the
log file to be verified is very large and cannot be processed at once. It is a positive number of log
entries that can be held in memory during verification. The minimum number if 10 and the maximum number is 4294967295. If this argument is not supplied the default of 1000 is used.</para>
</listitem>
</varlistentry>
</refsection>
<refsection>
<title>Options</title>
<variablelist>
<?dbfo term-width="1.25in"?>
<varlistentry>
<term>
<command>--iterative</command> or <command>-i</command>
</term>
<listitem>
<para>Iterative mode. This is useful in case the log files are periodically copied from the system on which they where generated to central collector. As log rotation, i.e. overwriting log files in order to preserve space cannot be done in a secure logging environment, the iterative mode can be used instead. This works as follows: If a certain storage limit is reached the log file together with the host key and the MAC file is copied to new destination and the old file is deleted. The verification is then performed in iterations, i.e. separately for each file that was retrieved from the log host. For this to work, it is important to always retrieve the corresponding host key and MAC files. The process can be automated, e.g. by calling slogverify in iterative mode from a script.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<command>--key-file</command> or <command>-k</command>
</term>
<listitem>
<para>The initial host key (k0). This option is used in normal mode only.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>--mac-file</command> or <command>-m</command>
</term>
<listitem>
<para>The current MAC file used.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<command>--prev-key-file</command> or <command>-p</command>
</term>
<listitem>
<para>The host key corresponding to the previous log file. This option can be used in iterative mode only. In theory, this can be initial host key (k0) but using this key might generate warnings, as the gap between the first log entry ever (log entry 0) and the first log entry of the current log file might be large.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>--prev-mac-file</command> or <command>-r</command>
</term>
<listitem>
<para>The MAC file from the previous log file. This option can only be used in iterative mode.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>--help</command> or <command>-h</command>
</term>
<listitem>
<para>Display a help message.</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Files</title>
<para>
<filename>/usr/bin/slogverify</filename>
</para>
<para>
<filename>/etc/syslog-ng.conf</filename>
</para>
</refsection>
<refsection>
<title>See also</title>
<para>
<link linkend="syslog-ng.conf.5"><command>syslog-ng.conf</command>(5)</link>
</para>
<para>
<link linkend="secure-logging.7"><command>secure-logging</command>(7)</link>
</para>
<note version="5.0">
<para>For the detailed documentation of see <link xmlns:ns1="http://www.w3.org/1999/xlink" ns1:href="https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/index.html"><command>The syslog-ng Administrator Guide</command></link></para>
<para>If you experience any problems or need help with syslog-ng, visit the <link xmlns:ns1="http://www.w3.org/1999/xlink" ns1:href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"><command>syslog-ng mailing list</command></link>.</para>
<para>For news and notifications about of syslog-ng, visit the <link xmlns:ns1="http://www.w3.org/1999/xlink" ns1:href="https://syslog-ng.org/blogs/"><command>syslog-ng blogs</command></link>.</para>
<para>For specific information requests related to secure logging send a mail to the Airbus Secure Logging Team <secure-logging@airbus.com>.</para>
</note>
</refsection>
<refsection version="5.0">
<title>Author</title>
<para>This manual page was written by the Airbus Secure Logging Team <secure-logging@airbus.com>.</para>
</refsection>
<refsection version="5.0">
<title>Copyright</title>
</refsection>
</refentry>
</reference>
|
