logsig: minimal end-user docv7.3.9

6 files changed, 112 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index 6f258fa9..c64fe0f9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 ---------------------------------------------------------------------------
-Version 7.3.9  [devel] 2013-03-??
+Version 7.3.9  [devel] 2013-03-27
+- support for signing logs added
 - imudp: now supports user-selectable inputname
 - omlibdbi: now supports transaction interface
   if recent enough lbdbi is present
diff --git a/configure.ac b/configure.ac
index 96a9e80f..0c877eea 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.61)
-AC_INIT([rsyslog],[7.3.8],[rsyslog@lists.adiscon.com])
+AC_INIT([rsyslog],[7.3.9],[rsyslog@lists.adiscon.com])
 AM_INIT_AUTOMAKE
 
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
diff --git a/doc/Makefile.am b/doc/Makefile.am
index de2e1df5..46afd900 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -41,6 +41,7 @@ html_files = \
 	omudpspoof.html \
 	omruleset.html \
 	omsnmp.html \
+	sigprov_gt.html \
 	ommysql.html \
 	omoracle.html \
 	omlibdbi.html \
diff --git a/doc/manual.html b/doc/manual.html
index ca54a04a..6fba9a05 100644
--- a/doc/manual.html
+++ b/doc/manual.html
@@ -19,7 +19,7 @@ professional services</a> available directly from the source!</p>
 <p><b>Please visit the <a href="http://www.rsyslog.com/sponsors">rsyslog sponsor's page</a>
 to honor the project sponsors or become one yourself!</b> We are very grateful for any help towards the
 project goals.</p>
-<p><b>This documentation is for version 7.3.8 (devel branch) of rsyslog.</b>
+<p><b>This documentation is for version 7.3.9 (devel branch) of rsyslog.</b>
 Visit the <i><a href="http://www.rsyslog.com/status">rsyslog status page</a></i></b>
 to obtain current version information and project status.
 </p><p><b>If you like rsyslog, you might
diff --git a/doc/omfile.html b/doc/omfile.html
index 2c5ab97a..a980d37f 100644
--- a/doc/omfile.html
+++ b/doc/omfile.html
@@ -13,14 +13,14 @@
 <p>The omfile plug-in provides the core functionality of writing messages to files residing inside the local file system (which may actually be remote if methods like NFS are used). Both files named with static names as well files with names based on message content are supported by this module. It is a built-in module that does not need to be loaded. </p>
 <p>&nbsp;</p>
 
-<p><b>Module Configuration Parameters</b>:</p>
+<p><b>Module Parameters</b>:</p>
 <ul>
 	<li><strong>Template </strong>[templateName]<br>
 	sets a new default template for file actions.<br></li>
 	
 </ul>
 <p>&nbsp;</p>
-<p><b>Action Confguration Parameters</b>:</p>
+<p><b>Action Parameters</b>:</p>
 <ul>
 	<li><strong>DynaFileCacheSize </strong>(not mandatory, default will be used)<br>
 	Defines a template to be used for the output. <br></li><br>
@@ -83,6 +83,11 @@
 	<li><strong>DynaFile </strong><br>
 	For each message, the file name is generated based on the given template. Then, this file is opened. As with the ``file'' property, data is appended if the file already exists. If the file does not exist, a new file is created. A cache of recent files is kept. Note that this cache can consume quite some memory (especially if large buffer sizes are used). Files are kept open as long as they stay inside the cache. Currently, files are only evicted from the cache when there is need to do so (due to insufficient cache size). To force-close (and evict) a dynafile from cache, send a HUP signal to rsyslogd. <br></li><br>
 
+	<li><strong>Sig.Provider </strong>[ProviderName]<br>
+	Selects a signature provider for log signing. Currently,
+	there only is one provider called
+	"<a href="sigprov_gt.html">gt</a>".<br></li><br>
+
 	<li><strong>Template </strong>[templateName]<br>
 	sets a new default template for file actions.<br></li><br>
 	
diff --git a/doc/sigprov_gt.html b/doc/sigprov_gt.html
new file mode 100644
index 00000000..18b0ed10
--- /dev/null
+++ b/doc/sigprov_gt.html
@@ -0,0 +1,100 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<meta http-equiv="Content-Language" content="en">
+<title>GuardTime Log Signature Provider (gt)</title>
+</head>
+
+<body>
+<a href="rsyslog_conf_modules.html">back to rsyslog module overview</a>
+
+<h1>GuardTime Log Signature Provider (gt)</h1>
+<p><b>Signature Provider Name:&nbsp;&nbsp;&nbsp; gt</b></p>
+<p><b>Author: </b>Rainer Gerhards &lt;rgerhards@adiscon.com&gt;</p>
+<p><b>Multi-Ruleset Support: </b>since 7.3.9
+<p><b>Description</b>:</p>
+<p>Provides the ability to sign syslog messages via the
+GuardTime signature services.
+</p>
+
+<p><b>Configuration Parameters</b>:</p>
+<p>Signature providers are loaded by omfile, when the
+provider is selected in its "sig.providerName" parameter.
+Parameters for the provider are given in the omfile action instance
+line.
+<p>This provider creates a signature file with the same base name but
+the extension ".gtsig" for each log file (both for fixed-name files
+as well as dynafiles). Both files together form a set. So you need to
+archive both in order to prove integrity.
+<ul>
+<li><b>sig.hashFunction</b> &lt;Hash Algorithm&gt;<br>
+The following hash algorithms are currently supported:
+  <ul>
+	<li>SHA1
+	<li>RIPEMD-160
+	<li>SHA2-224
+	<li>SHA2-256
+	<li>SHA2-384
+	<li>SHA2-512
+  </ul>
+</li>
+<li><b>sig.timestampService</b> &lt;timestamper URL&gt;<br>
+This provides the URL of the timestamper service. If not selected,
+a default server is selected. This may not necessarily be a good
+one for your region.
+</li>
+<li><b>sig.block.sizeLimit</b> &lt;nbr-records&gt;<br>
+The maximum number of records inside a single signature block. By
+default, there is no size limit, so the signature is only written
+on file closure. Note that a signature request typically takes between
+one and two seconds. So signing to frequently is probably not a good
+idea.
+</li>
+<li><b>sig.keepRecordHashes</b> &lt;on/<b>off</b>&gt;<br>
+Controls if record hashes are written to the .gtsig file. This
+enhances the ability to spot the location of a signature breach,
+but costs considerable disk space (65 bytes for each log record
+for SHA2-512 hashes, for example).
+</li>
+<li><b>sig.keepTreeHashes</b> &lt;on/<b>off</b>&gt;<br>
+Controls if tree (intermediate) hashes are written to the .gtsig file. This
+enhances the ability to spot the location of a signature breach,
+but costs considerable disk space (a bit mire than the amount
+sig.keepRecordHashes requries). Note that both Tree and Record 
+hashes can be kept inside the signature file.
+</li>
+</ul>
+<b>Caveats/Known Bugs:</b>
+<ul>
+<li>currently none known
+</li>
+</ul>
+<p><b>Samples:</b></p>
+<p>This writes a log file with it's associated signature file. Default
+parameters are used.
+</p>
+<textarea rows="3" cols="60">
+action(type="omfile" file="/var/log/somelog"
+	sig.provider="gt")
+</textarea>
+
+<p>In the next sample, we use the more secure SHA2-512 hash function,
+sign every 10,000 records and Tree and Record hashes are kept.
+<textarea rows="3" cols="60">
+action(type="omfile" file="/var/log/somelog"
+	sig.provider="gt" sig.hashfunction="SHA2-512"
+	sig.block.sizelimit="10000"
+	sig.keepTreeHashes="on" sig.keepRecordHashes="on")
+</textarea>
+
+
+<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>]
+[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
+<p><font size="2">This documentation is part of the
+<a href="http://www.rsyslog.com/">rsyslog</a>
+project.<br>
+Copyright &copy; 2013 by
+<a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
+<a href="http://www.adiscon.com/">Adiscon</a>.
+Released under the GNU GPL version 3 or higher.</font></p>
+</body></html>