slogkey - Manage cryptographic keys for use with syslog-ng secure logging

       The arguments depend on the operating mode.

       Masterkeygeneration
           Call sequence: slogkey --master-ḱey <filename>

           <filename>: The name of the file to which the master key will be written.

       Hostkeyderivation
           Call sequence: slogkey --derive-key <master key file> <host MAC address> <host serial number> <host
           key file>

           <master key file>: The master key from which the host key will be derived.

           <host MAC address>: The MAC address of the host on which the key will be used. Instead of the MAC
           address, any other string that uniquely identifies a host can be supplied, e.g. the company inventory
           number.

           <host serial number>: The serial number of the host on which the key will be used. Instead of the
           serial number, any other string that uniquely identifies a host can be supplied, e.g. the company
           inventory number.

           <host key file>: The name of the file to which the host key will be written.

           NOTE: The newly created host key has its counter set to 0 indicating that it represents the initial
           host key k0. This host key must be kept secret and not be disclosed to third parties. It will be
           required to successfully decrypt and verify log archives processed by the secure logging environment.
           As each log entry will be encrypted with its own key, a new host key will be created after successful
           processing of a log entry and will replace the previous key. Therefore, the initial host key needs to
           be stored in a safe place before starting the secure logging environment, as it will be deleted from
           the log host after processing of the first log entry.

       Sequencecounterdisplay
           Call sequence: slogkey --counter <host key file>

           <host key file>: The host key file from which the sequence will be read.

       This manual page was written by the Airbus Secure Logging Team <secure-logging@airbus.com>.

       The slogkey utility is used to manage cryptographic keys for use with the secure logging module of
       syslog-ng. Use this utility to create a master key, derive a host key to be used by a secure logging
       configuration and to display the current sequence counter of a key. The options determine the operating
       mode and are mutually exclusive.

       /usr/bin/slogkey

       /etc/syslog-ng.conf

       slogkey - Manage cryptographic keys for use with syslog-ng secure logging

        1. Thesyslog-ngAdministratorGuide
           https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/index.html

        2. syslog-ngmailinglist
           https://lists.balabit.hu/mailman/listinfo/syslog-ng

        3. syslog-ngblogs
           https://syslog-ng.org/blogs/

4.8                                                03/16/2025                                         SLOGKEY(1)

--master-key or -m
           Generates a mew master key. <filename> is the name of the file storing the newly generated master
           key.

       --derive-key or -d
           Derive a host key using a previously generated master key.

       --counter or -c
           Display the current log sequence counter of a key.

       --help or -h
           Display a help message.

syslog-ng.conf(5)

       secure-logging(7)

           Note

           For the detailed documentation of see Thesyslog-ngAdministratorGuide[1]

           If you experience any problems or need help with syslog-ng, visit the syslog-ngmailinglist[2].

           For news and notifications about of syslog-ng, visit the syslog-ngblogs[3].

           For specific information requests related to secure logging send a mail to the Airbus Secure Logging
           Team <secure-logging@airbus.com>.

slogkey [options] [arguments]