Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OM_PEO(8)		FreeBSD	System Manager's Manual		     OM_PEO(8)

NAME
     peo output	module -- syslogd(8) output module used	to protect log files

SYNOPSIS
     peo [-k keyfile] [-l] [-m hash_method]

DESCRIPTION
     peo output	module receives	a message as an	ascii string and calculates
     its hash key based	on the last one	generated for the previous message;
     the module	removes	the last key and writes	the new	one into keyfile.
     This module's options are as follows:

     -k	keyfile
	     Specify the key file pathname; the	default	is
	     /var/ssyslog/.var.log.messages.key

     -l	     This option enables the line corrupted detection mode; the	module
	     generates two keys, the first explained above and a second	key
	     using a mac method	based on two consecutive hash functions, this
	     new key is	added into the mac file	whose pathname is the same as
	     keyfile with a ".mac" string added	at the end (if this file does
	     not exists, is created automatically).

     -m	hash_method
	     Specifies the hash	method used to generate	the key	to put into
	     the keyfile, hash_method should be	one of md5, sha1, or rmd160;
	     the default is sha1.

EXAMPLES
     If	you want to protect the	/var/log/authlog file you should edit the
     /usr/local/etc/syslog.conf	file (see syslog.conf(5) ) and add a line with
     something like this:

	   auth.info %peo -l -k	/var/ssyslog/.var.log.authlog.key %classic
	   /var/log/authlog

     You should	generate the initial key with peochk(8)	program, then rotate
     the logfile(s) and	restart	msyslog. Afterwards you	can check the logfile
     integrity with the	same program.

SEE ALSO
     Vcr and Peo Revised documentation - http://www.corest.com/papers/peo.ps
     syslog(3),	syslog.conf(5),	om_classic(8), om_mysql(8), om_pgsql(8),
     om_regex(8), om_tcp(8), om_udp(8),	peochk(8), syslogd(8)

BUGS
     +o	 Since the peo module is used to determine if a	logfile	is corrupted,
	 care must be taken on the configuration file, the following is	not
	 correct:

	       *.err	 /var/log/messages

	       *.err	 %peo -k /var/ssyslog/.var.log.messages.key

	 the following is wrong	either:

	       *.err	 %classic /var/log/messages

	       *.err	 %peo -k /var/ssyslog/.var.log.messages.key

	 The correct line is:

	       *.err	 %classic /var/log/messages %peo -k
	       /var/ssyslog/.var.log.messages.key

	 or

	       *.err	 %peo -k /var/ssyslog/.var.log.messages.key %classic
	       /var/log/messages

     +o	 Submit	bugs at	this project's Sourceforge Bug reporting system	at:
	 http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117
	 You may also report them directly to the authors; send	an email to
	 core.devel.alat@corest.com, describing	the problem the	most you can,
	 containing also machine description, hardware description, the	con-
	 figuration file (/usr/local/etc/syslog.conf), the OS description, and
	 the invoking command line.  The more you describe the bug, the	faster
	 we can	fix it.

Core-SDI			 May 10, 2000			      Core-SDI

NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | SEE ALSO | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=om_peo&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help