GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OM_PEO(8) FreeBSD System Manager's Manual OM_PEO(8)

peo output module
syslogd(8) output module used to protect log files

peo [-k keyfile] [-l] [-m hash_method]

peo output module receives a message as an ascii string and calculates its hash key based on the last one generated for the previous message; the module removes the last key and writes the new one into keyfile. This module's options are as follows:
keyfile
Specify the key file pathname; the default is /var/ssyslog/.var.log.messages.key
This option enables the line corrupted detection mode; the module generates two keys, the first explained above and a second key using a mac method based on two consecutive hash functions, this new key is added into the mac file whose pathname is the same as keyfile with a ".mac" string added at the end (if this file does not exists, is created automatically).
hash_method
Specifies the hash method used to generate the key to put into the keyfile, hash_method should be one of md5, sha1, or rmd160; the default is sha1.

If you want to protect the /var/log/authlog file you should edit the /usr/local/etc/syslog.conf file (see syslog.conf(5) ) and add a line with something like this:

auth.info %peo -l -k /var/ssyslog/.var.log.authlog.key %classic /var/log/authlog

You should generate the initial key with peochk(8) program, then rotate the logfile(s) and restart msyslog. Afterwards you can check the logfile integrity with the same program.

Vcr and Peo Revised documentation - http://www.corest.com/papers/peo.ps syslog(3), syslog.conf(5), om_classic(8), om_mysql(8), om_pgsql(8), om_regex(8), om_tcp(8), om_udp(8), peochk(8), syslogd(8)

  • Since the peo module is used to determine if a logfile is corrupted, care must be taken on the configuration file, the following is not correct:

    *.err /var/log/messages

    *.err %peo -k /var/ssyslog/.var.log.messages.key

    the following is wrong either:

    *.err %classic /var/log/messages

    *.err %peo -k /var/ssyslog/.var.log.messages.key

    The correct line is:

    *.err %classic /var/log/messages %peo -k /var/ssyslog/.var.log.messages.key

    or

    *.err %peo -k /var/ssyslog/.var.log.messages.key %classic /var/log/messages
  • Submit bugs at this project's Sourceforge Bug reporting system at: http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 You may also report them directly to the authors; send an email to core.devel.alat@corest.com, describing the problem the most you can, containing also machine description, hardware description, the configuration file (/usr/local/etc/syslog.conf), the OS description, and the invoking command line. The more you describe the bug, the faster we can fix it.
May 10, 2000 Core-SDI

Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.