DragonFly On-Line Manual Pages

Search: Section:  

OM_PEO(8)              DragonFly System Manager's Manual             OM_PEO(8)


NAME

     peo output module - syslogd(8) output module used to protect log files


SYNOPSIS

     peo [-k keyfile] [-l] [-m hash_method]


DESCRIPTION

     peo output module receives a message as an ascii string and calculates
     its hash key based on the last one generated for the previous message;
     the module removes the last key and writes the new one into keyfile.
     This module's options are as follows:

     -k keyfile
             Specify the key file pathname; the default is
             /var/ssyslog/.var.log.messages.key

     -l      This option enables the line corrupted detection mode; the module
             generates two keys, the first explained above and a second key
             using a mac method based on two consecutive hash functions, this
             new key is added into the mac file whose pathname is the same as
             keyfile with a ".mac" string added at the end (if this file does
             not exists, is created automatically).

     -m hash_method
             Specifies the hash method used to generate the key to put into
             the keyfile, hash_method should be one of md5, sha1, or rmd160;
             the default is sha1.


EXAMPLES

     If you want to protect the /var/log/authlog file you should edit the
     /usr/local/etc/syslog.conf file (see syslog.conf(5) ) and add a line with
     something like this:

           auth.info %peo -l -k /var/ssyslog/.var.log.authlog.key %classic
           /var/log/authlog

     You should generate the initial key with peochk(8) program, then rotate
     the logfile(s) and restart msyslog. Afterwards you can check the logfile
     integrity with the same program.


SEE ALSO

     Vcr and Peo Revised documentation - http://www.corest.com/papers/peo.ps
     syslog(3), syslog.conf(5), om_classic(8), om_mysql(8), om_pgsql(8),
     om_regex(8), om_tcp(8), om_udp(8), peochk(8), syslogd(8)


BUGS

     *   Since the peo module is used to determine if a logfile is corrupted,
         care must be taken on the configuration file, the following is not
         correct:

               *.err     /var/log/messages

               *.err     %peo -k /var/ssyslog/.var.log.messages.key

         the following is wrong either:

               *.err     %classic /var/log/messages

               *.err     %peo -k /var/ssyslog/.var.log.messages.key

         The correct line is:

               *.err     %classic /var/log/messages %peo -k
               /var/ssyslog/.var.log.messages.key

         or

               *.err     %peo -k /var/ssyslog/.var.log.messages.key %classic
               /var/log/messages

     *   Submit bugs at this project's Sourceforge Bug reporting system at:
         http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117
         You may also report them directly to the authors; send an email to
         core.devel.alat@corest.com, describing the problem the most you can,
         containing also machine description, hardware description, the
         configuration file (/usr/local/etc/syslog.conf), the OS description,
         and the invoking command line.  The more you describe the bug, the
         faster we can fix it.

Core-SDI                         May 10, 2000                         Core-SDI

Search: Section: