[syslog-ng] hashing and verify

Domenico Vitali domenico.vitali at gmail.com
Wed Mar 15 08:03:35 UTC 2017

Dear all,

  I am writing a syslog-ng configuration able to rewrite (or templating)
macro of a syslog entry in such way that it includes its own hash.
Consider for example the line:

Mar 15 08:23:15 void systemd[1]: Started System Logger Daemon.

i would like to rewrite the message obtaining this output:

Mar 15 08:23:15 void systemd[1]: Started System Logger Daemon. hash:

where "8ba7a67ce6ac67b9facb6a14b3095960" is the hash of the line (md5, sha1
other hash funcition).
I evaluate both the use of the template function as well as the use of the
rewrite module.
Unfortunatelly, once i got the line with the hash i can't understand how to
verify if the
hash is correct. In contrast, when I evalute the hash using the command
line,  the hash
values mismatch.

$ echo "Mar 15 08:23:15 void systemd[1]: Started System Logger Daemon." |
md5sum -
8ba7a67ce6ac67b9facb6a14b3095960  -

In order to perform my test I'm using this configuration:

source sourcetest { file("/var/log/md5/input.log" flags(no-parse)); };

rewrite msghashing {
    set("$(md5 $MESSAGE)", value("MYMESS"));
    set ("-$MESSAGE- hash: $MYMESS", value("MESSAGE"),

destination testdestination  {

log {
    source( sourcetest );
    rewrite( msghashing );
    # rewrite( r_rewrite_host );
    destination( testdestination );

i can't find any hint in the documentation files,
does anybody knows how can i correctly verify the hash ?
Is the syslog-ng software using a salt by default ?

thanks a lot,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170315/9958922b/attachment.html>

More information about the syslog-ng mailing list