For best results, file signatures should be validated by the same instance used to generate the file. However, it may be possible to validate signatures generated on other instances in a replicated topology.
validate-file-signature --file logs/access
validate-file-signature --file logs/access --validateLogChain \ --logDuration "2 days" --ignoreMissingEndOfSignature
-V
--version
Description | Display Directory Server version information |
-H
--help
Description | Display general usage information |
--help-debug
Description | Display help for using debug options |
Advanced | Yes |
-f {path}
--file {path}
Description | The file for which to verify the signature |
Required | Yes |
Multi-Valued | No |
--encryptionPassphraseFile {path}
Description | The path to a file that contains the passphrase needed to decrypt any encrypted files that are encountered. If encrypted data is encountered and this is not provided, then the tool will interactively prompt for the encryption passphrase. If a passphrase file is provided, then it must contain exactly one line that consists entirely of the passphrase |
Required | No |
Multi-Valued | No |
-C
--validateLogChain
Description | Attempts to validate signature information across a chain of log files. If this option is used, the tool will start with the file referenced using the "--file" argument and will work backwards through older log files |
-n {num}
--numFiles {num}
Description | The number of files to process when examining a chain of log files. If specified, the value must be greater than or equal to one. If not specified, then there will be no limit on the number of files to examine |
Upper Bound | 2147483647 |
Required | No |
Multi-Valued | No |
-d {duration}
--logDuration {duration}
Description | The minimum length of time to cover when examining a chain of log files. If specified, the value should be a duration that consists of an integer and a time unit (which may be one of 'milliseconds', 'seconds', 'minutes', 'hours', or 'days') |
Required | No |
Multi-Valued | No |
-M
--ignoreMultipleSignedBlocks
Description | Indicates that the tool should not consider it an error for log files to contain multiple signed blocks (which may occur if the server or log publisher was shut down and restarted), or for a log file to not have been created after being rotated from another log file (if the logger is configured to start a new file when being initialized, or if it is the first log file that was created). It is not possible for the tool to guarantee that no data was removed between disjoint signed blocks, although it may be possible to gain some degree of confidence by comparing timestamps with known shutdown and startup times |
-m
--ignoreMissingEndOfSignature
Description | Ignore an error caused by the specified file missing the 'END SIGNED CONTENT' marker at the end of the file. This may occur if the tool is being run against a log file that is still open for writing, but it is not possible to guarantee that no content has been removed from the end of the file. When validating a log chain, this option will only apply to the first file that is processed, and all older files will be expected to have the end marker |
-F
--ignoreMissingFile
Description | Ignore an error caused by a log file that references another file that does not exist in the same directory as the file that references it. This may occur if the referenced file has already been removed by a retention policy, but it is not possible to guarantee that the file has not been removed for some other reason |
--interactive
Description | Launch the tool in interactive mode. |
--propertiesFilePath {path}
Description | The path to a properties file used to specify default values for arguments not supplied on the command line. |
Required | No |
Multi-Valued | No |
--generatePropertiesFile {path}
Description | Write an empty properties file that may be used to specify default values for arguments. |
Required | No |
Multi-Valued | No |
--noPropertiesFile
Description | Do not obtain any argument values from a properties file. |
--suppressPropertiesFileComment
Description | Suppress output listing the arguments obtained from a properties file. |