blob: caeee116d42ce398cdb1c4339396c8db2a871de4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Language" content="en">
<title>GuardTime Log Signature Provider (gt)</title>
</head>
<body>
<a href="rsyslog_conf_modules.html">back to rsyslog module overview</a>
<h1>GuardTime Log Signature Provider (gt)</h1>
<p><b>Signature Provider Name: gt</b></p>
<p><b>Author: </b>Rainer Gerhards <rgerhards@adiscon.com></p>
<p><b>Supported Since: </b>since 7.3.9
<p><b>Description</b>:</p>
<p>Provides the ability to sign syslog messages via the
GuardTime signature services.
</p>
<p><b>Configuration Parameters</b>:</p>
<p>Signature providers are loaded by omfile, when the
provider is selected in its "sig.providerName" parameter.
Parameters for the provider are given in the omfile action instance
line.
<p>This provider creates a signature file with the same base name but
the extension ".gtsig" for each log file (both for fixed-name files
as well as dynafiles). Both files together form a set. So you need to
archive both in order to prove integrity.
<ul>
<li><b>sig.hashFunction</b> <Hash Algorithm><br>
The following hash algorithms are currently supported:
<ul>
<li>SHA1
<li>RIPEMD-160
<li>SHA2-224
<li>SHA2-256
<li>SHA2-384
<li>SHA2-512
</ul>
</li>
<li><b>sig.timestampService</b> <timestamper URL><br>
This provides the URL of the timestamper service. If not selected,
a default server is selected. This may not necessarily be a good
one for your region.
</li>
<li><b>sig.block.sizeLimit</b> <nbr-records><br>
The maximum number of records inside a single signature block. By
default, there is no size limit, so the signature is only written
on file closure. Note that a signature request typically takes between
one and two seconds. So signing to frequently is probably not a good
idea.
</li>
<li><b>sig.keepRecordHashes</b> <on/<b>off</b>><br>
Controls if record hashes are written to the .gtsig file. This
enhances the ability to spot the location of a signature breach,
but costs considerable disk space (65 bytes for each log record
for SHA2-512 hashes, for example).
</li>
<li><b>sig.keepTreeHashes</b> <on/<b>off</b>><br>
Controls if tree (intermediate) hashes are written to the .gtsig file. This
enhances the ability to spot the location of a signature breach,
but costs considerable disk space (a bit mire than the amount
sig.keepRecordHashes requries). Note that both Tree and Record
hashes can be kept inside the signature file.
</li>
</ul>
<b>Caveats/Known Bugs:</b>
<ul>
<li>currently none known
</li>
</ul>
<p><b>Samples:</b></p>
<p>This writes a log file with it's associated signature file. Default
parameters are used.
</p>
<textarea rows="3" cols="60">
action(type="omfile" file="/var/log/somelog"
sig.provider="gt")
</textarea>
<p>In the next sample, we use the more secure SHA2-512 hash function,
sign every 10,000 records and Tree and Record hashes are kept.
<textarea rows="3" cols="60">
action(type="omfile" file="/var/log/somelog"
sig.provider="gt" sig.hashfunction="SHA2-512"
sig.block.sizelimit="10000"
sig.keepTreeHashes="on" sig.keepRecordHashes="on")
</textarea>
<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>]
[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
<p><font size="2">This documentation is part of the
<a href="http://www.rsyslog.com/">rsyslog</a>
project.<br>
Copyright © 2013 by
<a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
<a href="http://www.adiscon.com/">Adiscon</a>.
Released under the GNU GPL version 3 or higher.</font></p>
</body></html>
|