NXLog Agent digital signature

Security regulations for organizations may require verifying the identity of software sources and the integrity of the software obtained from those sources. To facilitate such regulation compliance and to guarantee the authenticity and integrity of downloaded installer files, NXLog Agent installer packages are digitally signed.

In some cases, like with RPM packages, a public key is required to verify the digital signature. You can download the public PGP key from NXLog’s public repository.

Table 1. NXLog Agent public keys and checksums
NXLog Agent version File SHA2 checksum

6.2 - 6.3

nxlog-pubkey-20210410-20241009.asc

67783185632CF6DB

6.4 and newer

nxlog-pubkey.asc

8255050E24C3F75D

Verify the signature of the DEB package

The verification of the NXLog Agent DEB packages requires the debsig-verify package to be installed.

For simplicity, this section explains how to verify NXLog Agent packages using a shell script from the NXLog contrib repository. See HOWTO: GPG sign and verify deb packages and APT repositories to verify the package without the script.
  1. To install debsig-verify, run the following command:

    # apt install debsig-verify
  2. Download the contents of the deb-verify directory from the NXLog contrib repository.

  3. Run the deb-verify script with the path to the NXLog Agent deb-package as its parameter. For example:

    # ./deb-verify ../nxlog-6.4.9634_ubuntu20_amd64.deb
  4. The script output should look similar to this:

    Verified package from 'Nxlog package' (Nxlog)

Verify the signature of the RPM package

The procedure is the same for SUSE Linux Enterprise Server, Red Hat Enterprise Linux, and CentOS. However, there is a slight difference in the output messages as noted below.

This example uses the generic RPM package. Change the package name accordingly.
  1. Import the downloaded NXLog Agent public key into the RPM with the following command:

    # rpm --import nxlog-pubkey.asc
  2. Verify the package signature with the imported public key using the following command:

    # rpm --checksig nxlog-6.4.9634_generic_rpm_x86_64.rpm.
  3. The output should look similar to the following examples.

    On SUSE Linux Enterprise Server:

    nxlog-6.4.9634_generic_rpm_x86_64.rpm: digests signatures OK

    On Red Hat Enterprise Linux and CentOS:

    nxlog-6.4.9634_generic_rpm_x86_64.rpm: rsa sha1 (md5) pgp md5 OK

Verify the signature of the Windows installer

To verify the installer package for Windows before installing, follow these steps:

  1. Right-click the downloaded installer file, then select Properties.

  2. Select the Digital Signatures tab.

    NXLog is displayed as a signer for the installer. The algorithm used for the signature and the timestamp is also visible.

  3. In the Signature list, select NXLog, then click Details to display additional information about the signature.

    In the General tab, the signer information and countersignatures are displayed. Click on View Certificate to display the certificate or select the Advanced tab to display signature details.

Verify the signature of the macOS installer

To verify the installer package for macOS before installing, follow these steps:

  1. Double-click the installer package.

  2. Click on the padlock icon in the upper-right corner of the installer window to display information about the certificate.

    For valid packages a green tick is displayed, indicating the validity of the certificate.

  3. Click on the triangle next to Details to display additional information about the certificate.