[syslog-ng] hashing and verify
Domenico Vitali
domenico.vitali at gmail.com
Wed Mar 15 08:03:35 UTC 2017
Dear all,
I am writing a syslog-ng configuration able to rewrite (or templating)
the MESSAGE
macro of a syslog entry in such way that it includes its own hash.
Consider for example the line:
Mar 15 08:23:15 void systemd[1]: Started System Logger Daemon.
i would like to rewrite the message obtaining this output:
Mar 15 08:23:15 void systemd[1]: Started System Logger Daemon. hash:
87602bdc780a764ae26f30ddc3f09176
where "8ba7a67ce6ac67b9facb6a14b3095960" is the hash of the line (md5, sha1
or
other hash funcition).
I evaluate both the use of the template function as well as the use of the
rewrite module.
Unfortunatelly, once i got the line with the hash i can't understand how to
verify if the
hash is correct. In contrast, when I evalute the hash using the command
line, the hash
values mismatch.
$ echo "Mar 15 08:23:15 void systemd[1]: Started System Logger Daemon." |
md5sum -
8ba7a67ce6ac67b9facb6a14b3095960 -
In order to perform my test I'm using this configuration:
---------------------------------------------------------------------------
source sourcetest { file("/var/log/md5/input.log" flags(no-parse)); };
rewrite msghashing {
set("$(md5 $MESSAGE)", value("MYMESS"));
set ("-$MESSAGE- hash: $MYMESS", value("MESSAGE"),
on-error("fallback-to-string"));
};
destination testdestination {
file("/var/log/md5/output.log");
};
log {
source( sourcetest );
rewrite( msghashing );
# rewrite( r_rewrite_host );
destination( testdestination );
};
---------------------------------------------------------------------------
i can't find any hint in the documentation files,
does anybody knows how can i correctly verify the hash ?
Is the syslog-ng software using a salt by default ?
thanks a lot,
--
Domenico
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170315/9958922b/attachment.html>
More information about the syslog-ng
mailing list