Chat now with support
Chat mit Support

syslog-ng Store Box 6.10.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Exporting the results

To save the table of search results as a file, click Export as CSV. This saves the table as a text file containing comma-separated values. Note that if an error occurs when exporting the data, the exported CSV file will include a line (usually as the last line of the file) starting with a zero and the details of the problem, for example, 0;description_of_the_error.

Caution:

Do not use Export all to CSV to export large amounts of data, as exporting data can be very slow, especially if the system is under heavy load. If you regularly need a large portion of your data in plain text format, consider using the syslog-ng Store Box(SSB) RPC API (for details, see "The SSB RPC API" in the Administration Guide), or sharing the log files on the network and processing them with external tools (for details, see "Accessing log files across the network" in the Administration Guide).

Customizing columns of the internal search interfaces

The following describes how to customize the data displayed on the interface.

To customize the data displayed on the interface

  1. Navigate to the database you want to browse, for example, AAA > Accounting.

  2. Click Customize Columns. A pop-up window containing the list of visible and available columns is displayed.

    Figure 226: AAA > Accounting > Customize Columns — Customizing columns of the search interfaces

  3. The displayed parameters are listed in the Visible columns field. All other available parameters are listed in the Available columns field.

    • To add parameters to the Visible columns field, select the desired parameter(s) and click Add.

    • To remove parameters from the Visible columns field, select the desired parameter(s) and click Remove.

    • To freeze columns (to make them permanently visible, even when scrolling horizontally), enable the Freeze option next to the desired parameter.

    NOTE: To select multiple parameters, press Ctrl while clicking the items.

  4. Click OK. The selected information is displayed.

Changelogs of SSB

The syslog-ng Store Box(SSB) appliance automatically records the activity of its users and administrators. These activities are displayed at AAA > Accounting. The following information is available:

Figure 227: AAA > Accounting — Displaying configuration changes

  • Timestamp: The date when the modification was committed in YEAR-MONTH-DAY HOUR:MINUTE:SECOND format.

  • Author: The SSB user who performed the modification.

  • Page: The main menu item that was modified (for example, Basic Settings > Management).

  • Field name: The name of the field on the page that was modified.

  • New value: The new value of the field after the modification.

  • Description: The changelog entered by the SSB administrator. Changelogs are available only if the AAA > Settings > Require commit log option was enabled at the time of the change.

  • Old value: The original value of the field.

  • Swap: Indicates if the order of objects was modified on the page (for example the order of two policies in the list).

For details on how to navigate around the user interface and interact with features such as filtering and exporting results, and customizing what data is displayed, see Using the internal search interfaces.

Configuration changes of syslog-ng peers

Peers running syslog-ng Premium Edition 3.0-6.0.x automatically send a notification to syslog-ng Store Box(SSB) when their configuration has changed since the last configuration reload or restart. Note that peers running syslog-ng Premium Edition version 7.0.x do not send such notifications. These log messages are available at Search > Peer Configuration Change. Note that the log messages do not contain the actual modification, only indicate that the configuration was modified. The following information is available:

  • Timestamp: The time stamp received in the message — the time when the log message was created in YEAR-MONTH-DAY HOUR:MINUTE:SECOND format.

  • Hostname: The hostname or IP address of the client whose configuration has been changed.

  • Version: The version number of the syslog-ng application that sent the message.

  • Sender address: The IP address of the client or relay that sent the message directly to SSB.

  • Signature: The signature of the syslog-ng client.

  • Fingerprint: The SHA-1 hash of the new configuration file.

For details on how to navigate around the user interface and interact with features such as filtering and exporting results, and customizing what data is displayed, see Using the internal search interfaces.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen