Chat now with support
Chat mit Support

Log Management Foundation

Detail Image
  • All classes are priced per student.
  • Private classes are available.

Register Online

Overview| Training Course Details

The purpose of this course is to provide students with a general overview of the One Identity syslog-ng Premium Edition and One Identity syslog-ng Store Box (SSB) feature-set, installation, configuration and customization of the solution framework as well an overview of the main business processes that are part of the solution framework. This course focuses on lab performance and was developed for people just interested how syslog-ng Premium Edition can be installed configured. Also for those who wants to deploy SSB.

Audience:

Customer, Sales and Technical Sales

Language:

English

Duration:

4 days (remote)

Prerequisite(s):

None

Agenda

  • Overview of the feature-set of syslog-ng Premium Edition
  • Introduction to syslog protocols (RFC3164, RFC5424 and Eventlog)
  • Installation and basic settings of syslog-ng PE
  • Using Macros and Templates to reformat syslog messages
  • Setup filters
  • Manage syslog-ng daemon from the command line
  • Transferring messages via the network and securing them
  • Collect messages from windows machines
  • Storing messages in logstores and encrypt them.
  • Parsing messages by message parser modules and reformat them by rewrite modules
  • Store messages in SQL databases
  • Classify messages with the radix tree algorithm based patterndb
  • Advanced setting and syslog-ng internals
  • Troubleshooting syslog-ng PE
  • Overview and introduction to syslog-ng Store Box (SSB)
  • Configure and initialize by the Welcome Wizard
  • Simple settings of SSB
  • Access control on the box
  • Backup, Cleanup and archive logspaces
  • Filtering and Rewriting messages
  • MRA: message rate alerting and Reports
  • Forwarding message to external devices
  • How HA works and when to use them
  • Troubleshooting SSB and How to use the support system

Content Details

TopicLabs
Introduction syslog-ng PE
Training Module: SPE-INT
  • History of syslog
  • Protocol Overview
  • Syslog-ng worjing miodes and licensing model
  • -
Simple syslog-ng settings
Training Module: SPE-SST
  • How to configure syslog-ng
  • Confg objects of syslog-ng configuration files
  • Install syslog-ng PE
  • Collect messages from local sources (file and system)
  • Store messages in local destinations
Macros and Templates in syslog-ng
Training Module: SPE-MAT
  • What are macros, templates and nv-pairs
  • What are template functions
  • How to use them
  • Modify message format by template
  • Use marcros in file names and path
  • Convert messages to WELF by template function
Filters
Training Module: SPE-FLT
  • Filters in syslog-ng
  • Combine filters
  • Optimize filters
  • Create and use filters
Command line tools
Training Module: SPE-CMD
  • Start, stop and manage syslog-ng from the command line
  • Start syslog-ng from command line
  • Change syslog-ng verbosity
Networking
Training Module: SPE-NET
  • Transfer messages via legacy protocol
  • Transfer messages via syslog protocol
  • Secured message transfer
  • Reliable message transfer
  • Transfer messages via network() driver
  • Configure encrypted message transfer
  • Configure a relay server
Windows Messaging
Training Module: SPE-CWE
  • Windows logging subsystem
  • Collect messages with syslog-ng agent for Windows
  • Collect messages with WEC
  • Install and configure syslog-ng Agent
  • Transfer EventLog via the agent
Logstore
Training Module: SPE-LST
  • Logstore file format
  • Configure and display logstore
  • Encrypt and decrypt logstore
  • Create a logstores
  • Enctypt logstores
  • Displa logstores
Message Parsing
Training Module: SPE-MPR
  • What parsers do
  • Type of parsers
  • Using parsers
  • Using CSV parser
  • Using K-V parser
Database support
Training Module: SPE-DBS
  • Storing messages in SQL servers
  • PFetching log messages from SQL databases
  • Insert messages in MySQL database
Message Content Manipulation
Training Module: SPE-MCM
  • Rewrite messages
  • Conditional rewrite
  • Pseudonimize and anonymize messages
  • Rewrite messages on a relay
  • Rewrite message body
Message Classification
Training Module: SPE-CLD
  • The HTTP destination
  • Google PUB/SUB destination
  • Google Stack driver destination
  • Splunk destination
  • ElasticSearch destination
  • -
Advanced settings
Training Module: SPE-ADS
  • Internals of syslog-ng
  • Message flow and limits
  • Disk buffering
  • Monitoring syslog-ng
  • Tricks of the configuration file
  • -
Troubleshooting syslog-ng
Training Module: SPE-TRB
  • Troubleshooting syslog-ng settings
  • Troubleshooting syslog-ng Agent for Windows
  • -
Introduction and Overview of SSB
Training Module: SSB-INT
  • What is SSB
  • Basic functions and benefits of the device
  • -
Configuration and Welcome Wizard
Training Module: SSB-CWI
  • Initialize your SSB
  • Getting familiar with the interface
  • Initialize SSB
Simple Settings
Training Module: SSB-SST
  • Basics of SSB
  • Sources
  • Logspaces
  • The search interface
  • Sharing logspaces
  • Install and configure syslog-ng Agent for Windows
  • Search in logspace
  • Create multiple logspace
  • Create filtered logspace
  • Share a logspace
Access Control
Training Module: SSB-ACL
  • Ways of access control in SSB
    • Web interface
    • Logspaces
    • Shares
    • Encryption
  • ACL on the web interface
  • Encrypt and decrypt logspaces
  • Encrypt the communication channel
Backup, Cleanup & Archive
Training Module: SSB-BCA
  • Methods of backup and archive
  • Setup backup
  • Perform a full backup and restore
  • Configure Microsoft Share
  • Setup system backup to the share
  • Setup logspace backup to the share
Filter and Rewrite messages and Parsers
Training Module: SSB-FRP
  • Setup filters and parsers
  • Configure pattern-db
  • Configure a filter
  • Setup K-V Parser
  • Setup sudo parsers
  • Setup pattern-db
Fetching from SQL
Training Module: SSB-FSD
  • Configure SQL fetching
  • Prepare database
  • Configure fetching
Alerting Monitoring and Reports
Training Module: SSB-AMR
  • Configure alerting methods
  • Configure trap cases
  • Configure reports
  • Setup SNMP
  • Setup log alerts
  • Setup content based alerts
  • Configure reports
Forwarding Messages
Training Module: SSB-FWD
  • Sending messages to syslog servers
  • Storing messages in SQL databases
  • Storing messages on HDFS
  • Configure syslog-destination
  • Configure SQL destination
Hight Availability
Training Module: SSB-HAB
  • HA concept
  • Setup HA
  • -
Troubleshoot SSB
Training Module: SSB-TRB
  • Troubleshoot network
  • SSB log messages
  • System debug
  • Config export/import
  • Firmware upgrade
  • Tainted firmwares
  • Other debug tools
  • -