slogverify - Verify cryptographically secured logs

inputfile
           An encrypted log file from the syslog-ng secure logging environment that will be verified.

       outputfile
           The file that will contain the plain text log entries after decryption and verification.

       buffers
           Optional number of input buffers. The number of buffers can be used for performance adjustments in
           case the log file to be verified is very large and cannot be processed at once. It is a positive
           number of log entries that can be held in memory during verification. The minimum number if 10 and
           the maximum number is 4294967295. If this argument is not supplied the default of 1000 is used.

       This manual page was written by the Airbus Secure Logging Team <secure-logging@airbus.com>.

       The slogverify utility is used to verify the integrity of cryptographically secured logs and to decrypt
       log entries produced in a syslog-ng secure logging environment.

       Normal mode: slogverify-k<hostkeyfile>-m<inputMACfile><inputfile><outputfile>[buffers]

       Iterative mode: slogverify-i-p<previoushostkey>-r<previousMAC>-m<currentMAC><inputfile><outputfile>[buffers]

       /usr/bin/slogverify

       /etc/syslog-ng.conf

       slogverify - Verify cryptographically secured logs

        1. Thesyslog-ngAdministratorGuide
           https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/index.html

        2. syslog-ngmailinglist
           https://lists.balabit.hu/mailman/listinfo/syslog-ng

        3. syslog-ngblogs
           https://syslog-ng.org/blogs/

4.8                                                03/16/2025                                      SLOGVERIFY(1)

--iterative or -i
           Iterative mode. This is useful in case the log files are periodically copied from the system on which
           they where generated to central collector. As log rotation, i.e. overwriting log files in order to
           preserve space cannot be done in a secure logging environment, the iterative mode can be used
           instead. This works as follows: If a certain storage limit is reached the log file together with the
           host key and the MAC file is copied to new destination and the old file is deleted. The verification
           is then performed in iterations, i.e. separately for each file that was retrieved from the log host.
           For this to work, it is important to always retrieve the corresponding host key and MAC files. The
           process can be automated, e.g. by calling slogverify in iterative mode from a script.

       --key-file or -k
           The initial host key (k0). This option is used in normal mode only.

       --mac-file or -m
           The current MAC file used.

       --prev-key-file or -p
           The host key corresponding to the previous log file. This option can be used in iterative mode only.
           In theory, this can be initial host key (k0) but using this key might generate warnings, as the gap
           between the first log entry ever (log entry 0) and the first log entry of the current log file might
           be large.

       --prev-mac-file or -r
           The MAC file from the previous log file. This option can only be used in iterative mode.

       --help or -h
           Display a help message.

syslog-ng.conf(5)

       secure-logging(7)

           Note

           For the detailed documentation of see Thesyslog-ngAdministratorGuide[1]

           If you experience any problems or need help with syslog-ng, visit the syslog-ngmailinglist[2].

           For news and notifications about of syslog-ng, visit the syslog-ngblogs[3].

           For specific information requests related to secure logging send a mail to the Airbus Secure Logging
           Team <secure-logging@airbus.com>.

slogverify [options] [input file] [output file] [buffers]