Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
OM_PEO(8)		FreeBSD	System Manager's Manual		     OM_PEO(8)

     peo output	module -- syslogd(8) output module used	to protect log files

     peo [-k keyfile] [-l] [-m hash_method]

     peo output	module receives	a message as an	ascii string and calculates
     its hash key based	on the last one	generated for the previous message;
     the module	removes	the last key and writes	the new	one into keyfile.
     This module's options are as follows:

     -k	keyfile
	     Specify the key file pathname; the	default	is

     -l	     This option enables the line corrupted detection mode; the	module
	     generates two keys, the first explained above and a second	key
	     using a mac method	based on two consecutive hash functions, this
	     new key is	added into the mac file	whose pathname is the same as
	     keyfile with a ".mac" string added	at the end (if this file does
	     not exists, is created automatically).

     -m	hash_method
	     Specifies the hash	method used to generate	the key	to put into
	     the keyfile, hash_method should be	one of md5, sha1, or rmd160;
	     the default is sha1.

     If	you want to protect the	/var/log/authlog file you should edit the
     /usr/local/etc/syslog.conf	file (see syslog.conf(5) ) and add a line with
     something like this: %peo -l -k	/var/ssyslog/.var.log.authlog.key %classic

     You should	generate the initial key with peochk(8)	program, then rotate
     the logfile(s) and	restart	msyslog. Afterwards you	can check the logfile
     integrity with the	same program.

     Vcr and Peo Revised documentation -
     syslog(3),	syslog.conf(5),	om_classic(8), om_mysql(8), om_pgsql(8),
     om_regex(8), om_tcp(8), om_udp(8),	peochk(8), syslogd(8)

     +o	 Since the peo module is used to determine if a	logfile	is corrupted,
	 care must be taken on the configuration file, the following is	not

	       *.err	 /var/log/messages

	       *.err	 %peo -k /var/ssyslog/.var.log.messages.key

	 the following is wrong	either:

	       *.err	 %classic /var/log/messages

	       *.err	 %peo -k /var/ssyslog/.var.log.messages.key

	 The correct line is:

	       *.err	 %classic /var/log/messages %peo -k


	       *.err	 %peo -k /var/ssyslog/.var.log.messages.key %classic

     +o	 Submit	bugs at	this project's Sourceforge Bug reporting system	at:
	 You may also report them directly to the authors; send	an email to, describing	the problem the	most you can,
	 containing also machine description, hardware description, the	con-
	 figuration file (/usr/local/etc/syslog.conf), the OS description, and
	 the invoking command line.  The more you describe the bug, the	faster
	 we can	fix it.

Core-SDI			 May 10, 2000			      Core-SDI


Want to link to this manual page? Use this URL:

home | help