Module Name: mmrfc5424addhmac
Author:Rainer Gerhards <rgerhards@adiscon.com>
Available since: 7.5.6
Description:
This module adds a hmac to RFC5424 structured data if not already present. This is a custom module and uses openssl as requested by the sponsor. This works exclusively for RFC5424 formatted messages; all others are ignored.
If both mmpstrucdata and mmrfc5424addhmac are to be used, the recommended calling sequence is
with that sequence, the generated hash will become available for mmpstrucdata.
Module Configuration Parameters:
Currently none.
Action Confguration Parameters:
Verification method
rsyslog does not contain any tools to verify a log file (this was not part of the custom project). So you need to write your own verifier.
When writing the verifier, keep in mind that the log file contains messages with the hash SD-ID included. For obvious reasons, this SD-ID was not present when the hash was created. So before the actual verification is done, this SD-ID must be removed, and the remaining (original) message be verified. Also, it is important to note that the output template must write the exact same message format that was received. Otherwise, a verification failure will obviously occur - and must so, because the message content actually was altered.
So in a more formal description, verification of a message m can be done as follows:
If you neeed help implementing a verifier function or want to sponsor development of a verification tool, please simply email sales@adiscon.com for a quote.
See Also
Caveats/Known Bugs:
This documentation is part of the rsyslog project. Copyright © 2013 by Rainer Gerhards and Adiscon. Released under the GNU GPL version 3 or higher.