Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

OM_PEO(8)		  BSD System Manager's Manual		     OM_PEO(8)

NAME
     peo output module — syslogd(8) output module used to protect log files

SYNOPSIS
     peo [-k keyfile] [-l] [-m hash_method]

DESCRIPTION
     peo output module receives a message as an ascii string and calculates
     its hash key based on the last one generated for the previous message;
     the module removes the last key and writes the new one into keyfile.
     This module's options are as follows:

     -k keyfile
	     Specify the key file pathname; the default is
	     /var/ssyslog/.var.log.messages.key

     -l	     This option enables the line corrupted detection mode; the module
	     generates two keys, the first explained above and a second key
	     using a mac method based on two consecutive hash functions, this
	     new key is added into the mac file whose pathname is the same as
	     keyfile with a ".mac" string added at the end (if this file does
	     not exists, is created automatically).

     -m hash_method
	     Specifies the hash method used to generate the key to put into
	     the keyfile, hash_method should be one of md5, sha1, or rmd160;
	     the default is sha1.

EXAMPLES
     If you want to protect the /var/log/authlog file you should edit the
     /usr/local/etc/syslog.conf file (see syslog.conf(5) ) and add a line with
     something like this:

	   auth.info %peo -l -k /var/ssyslog/.var.log.authlog.key %classic
	   /var/log/authlog

     You should generate the initial key with peochk(8) program, then rotate
     the logfile(s) and restart msyslog. Afterwards you can check the logfile
     integrity with the same program.

SEE ALSO
     Vcr and Peo Revised documentation - http://www.corest.com/papers/peo.ps
     syslog(3), syslog.conf(5), om_classic(8), om_mysql(8), om_pgsql(8),
     om_regex(8), om_tcp(8), om_udp(8), peochk(8), syslogd(8)

BUGS
     ·	 Since the peo module is used to determine if a logfile is corrupted,
	 care must be taken on the configuration file, the following is not
	 correct:

	       *.err	 /var/log/messages

	       *.err	 %peo -k /var/ssyslog/.var.log.messages.key

	 the following is wrong either:

	       *.err	 %classic /var/log/messages

	       *.err	 %peo -k /var/ssyslog/.var.log.messages.key

	 The correct line is:

	       *.err	 %classic /var/log/messages %peo -k
	       /var/ssyslog/.var.log.messages.key

	 or

	       *.err	 %peo -k /var/ssyslog/.var.log.messages.key %classic
	       /var/log/messages

     ·	 Submit bugs at this project's Sourceforge Bug reporting system at:
	 http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117
	 You may also report them directly to the authors; send an email to
	 core.devel.alat@corest.com, describing the problem the most you can,
	 containing also machine description, hardware description, the con‐
	 figuration file (/usr/local/etc/syslog.conf), the OS description, and
	 the invoking command line.  The more you describe the bug, the faster
	 we can fix it.

Core-SDI			 May 10, 2000			      Core-SDI

Vote for polarhome