[syslog-ng] hashing and verify

[Domenico Vitali]

Dear all,

  I am writing a syslog-ng configuration able to rewrite (or templating)
the MESSAGE
macro of a syslog entry in such way that it includes its own hash.
Consider for example the line:

Mar 15 08:23:15 void systemd[1]: Started System Logger Daemon.

i would like to rewrite the message obtaining this output:

Mar 15 08:23:15 void systemd[1]: Started System Logger Daemon. hash:
87602bdc780a764ae26f30ddc3f09176

where "8ba7a67ce6ac67b9facb6a14b3095960" is the hash of the line (md5, sha1
or
other hash funcition).
I evaluate both the use of the template function as well as the use of the
rewrite module.
Unfortunatelly, once i got the line with the hash i can't understand how to
verify if the
hash is correct. In contrast, when I evalute the hash using the command
line,  the hash
values mismatch.

$ echo "Mar 15 08:23:15 void systemd[1]: Started System Logger Daemon." |
md5sum -
8ba7a67ce6ac67b9facb6a14b3095960  -

In order to perform my test I'm using this configuration:

---------------------------------------------------------------------------
source sourcetest { file("/var/log/md5/input.log" flags(no-parse)); };

rewrite msghashing {
    set("$(md5 $MESSAGE)", value("MYMESS"));
    set ("-$MESSAGE- hash: $MYMESS", value("MESSAGE"),
on-error("fallback-to-string"));
};

destination testdestination  {
    file("/var/log/md5/output.log");
};

log {
    source( sourcetest );
    rewrite( msghashing );
    # rewrite( r_rewrite_host );
    destination( testdestination );
};
---------------------------------------------------------------------------

i can't find any hint in the documentation files,
does anybody knows how can i correctly verify the hash ?
Is the syslog-ng software using a salt by default ?

thanks a lot,

-- 
Domenico
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170315/9958922b/attachment.html>