110.6. HMAC Message Integrity Checker (pm_hmac_check)
This module is the pair of pm_hmac to check message integrity.
Note
|
This module has been deprecated and will be removed in a future release. |
110.6.1. Configuration
The pm_hmac_check module accepts the following directives in addition to the common module directives. The CertFile directive is required.
- CertFile
-
This mandatory directive specifies the path of the certificate file to be used to verify the signature of the initial hash value.
- HashMethod
-
This directive sets the hash function. The following message digest methods can be used:
md2
,md5
,mdc2
,rmd160
,sha
,sha1
,sha224
,sha256
,sha384
, andsha512
. The default ismd5
. This must be the same as the hash method used for creating the HMAC values.
- CADir
-
This optional directive specifies the path to a directory containing certificate authority (CA) certificates, which will be used to verify the certificate. The certificate filenames in this directory must be in the OpenSSL hashed format. A remote’s self-signed certificate (which is not signed by a CA) can also be trusted by including a copy of the certificate in this directory.
- CAFile
-
This optional directive specifies the path of the certificate authority (CA) certificate, which will be used to verify the certificate. To trust a self-signed certificate presented by the remote (which is not signed by a CA), provide that certificate instead.
- CRLDir
-
This optional directive specifies the path to a directory containing certificate revocation lists (CRLs), which will be consulted when checking the certificate. The certificate filenames in this directory must be in the OpenSSL hashed format.
- CRLFile
-
This optional directive specifies the path of the certificate revocation list (CRL), which will be consulted when checking the certificate.
- Fields
-
This directive accepts a comma-separated list of fields. These fields will be used for calculating the HMAC value. This directive is optional, and the
$raw_event
field will be used if it is not specified.
110.6.2. Fields
The following fields are used by pm_hmac_check.
$nxlog.hmac_sig
(type: string)-
The signature of nxlog.hmac_initial to be verified with the certificate’s public key. This field is generated by the pm_hmac module.
110.6.3. Examples
This configuration accepts log messages in the NXLog binary format. The HMAC values are checked, then the messages are written to file.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
<Input tcp>
Module im_tcp
Host 192.168.1.1
Port 1514
InputType Binary
</Input>
<Processor hmac_check>
Module pm_hmac_check
CertFile %CERTDIR%/client-cert.pem
CAFile %CERTDIR%/ca.pem
# CRLFile %CERTDIR%/crl.pem
HashMethod SHA1
</Processor>
<Output file>
Module om_file
File "/var/log/msg"
</Output>
<Route tcp_to_file>
Path tcp => hmac_check => file
</Route>