Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  PEOCHK (8)


peochk - Initial key generator and integrity log file checker


See Also


peochk [-f logfile] [-g] [-h] [-i key0file] [-k keyfile] [-l] [-m hash_method] [-q] [logfile]


peochk generates the initial key file and checks log files generated by syslogd(8) using peo output module om_peo(8). The options are as follows:
-f logfile
  Specify the pathname of a log file, if logfile is not specified using this option, data is read from standard input and the pathname is used only to generate reports and/or to obtain the key files pathnames when the -k and/or -i options are not specified; the default is /var/log/messages.
-g Generates two key files with an initial key into them, one in binary mode ( keyfile, to be used by peo output module ) and the other in ascii mode ( key0file ), the admin should put the last one into a secure place and remove it from the specified path (see -i and -k options); when this option is not specified peochk is in check mode.
-h Displays a little help.
-i key0file
  Specify the initial key pathname; the default is keyfile pathname with a "0" char added at the end (see -k option).
-k keyfile
  Specify the key pathname (this file is used by the peo output module to generate a hash key from the last logged message); the default is /var/ssyslogd/xxx.key where xxx is logfile (specified with -f option or without it) with all ’/’ replaced by ’.’.
-l Used only in check mode to detect the first corrupted line; it is ignored when specified with the -g option.
-m hash_method
  Specifies the hash method used to generate the keys, hash_method should be one of md5, sha1, or rmd160; the default is sha1.
-q Quiet mode; prints ’0’ on stdout when logfile is not corrupted, and ’1’ or line number (see -l option) when the logfile is corrupted.


If you want to protect the /var/log/authlog file you can:

  1. run the command:

        peochk -g -f /var/log/authlog -i authkey0 -m rmd160

    this will generate the /var/ssylog/var.log.authlog.key file with the initial key in binary mode and the ./authkey0 file with that key translated to ascii, the hash method used to generate the key is rmd160; you should memorice the contents of ./authkey0 file and rm(1) it.

  2. Edit syslog.conf(5) file and enable peo output module with something like this: %classic /var/log/authlog %peo -m rmd160 -l -k /var/ssyslog/.var.log.authlog.key

  3. Inform new changes on syslog.conf(5) to syslogd(8):

        kill -HUP ‘cat /var/run/‘

  4. When you believe that someone owned your machine you can:

        peochk -m rmd160 -f /var/log/authlog -i mykey

    the contents of mykey should be the same as ./authkey0 generated in step 1; with the command above you can verify that the file was (or not) corrupted (it is important not to forget the -m option because the default used is sha1 and the keys generated was using rmd160 ).


syslog.conf(5), om_peo(8), syslogd(8)


Submit bugs at this project’s Sourceforge Bug reporting system at: You may also report them directly to the authors; send an email to, describing the problem the most you can, containing also machine description, hardware description, the configuration file (/usr/local/etc/syslog.conf), the OS description, and the invoking command line. The more you describe the bug, the faster we can fix it.
Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.