Chatee ahora con Soporte
Chat con el soporte

syslog-ng Store Box 6.9.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Versions and releases of SSB

The following release policy applies to syslog-ng Store Box (SSB):

Long Term Support (LTS)

The initial release includes new features, bug fixes and security updates. After the initial release, only maintenance releases are published on this path, containing only bug fixes and security updates. The maintenance release frequency is typically six months.

Versioning: the first digit identifies the LTS main version (for example, 6.0.x), the second digit is always a 0, and the third digit designates the maintenance release (for example, 6.0.19). A long term support path is typically supported for three years after its original release.

For more information about versioning in SSB, see "Version numbering in SSB" in the Upgrade Guide.

For more information about the upgrade paths between different version numbers in SSB, see "Upgrade paths to SSB" in the Upgrade Guide.

Feature release

Feature releases include new features, bug fixes and security updates, building on the initially released LTS main version. Release frequency on this path is typically four months.

Versioning: the first digit identifies the LTS main version, the second digit designates the feature release (e.g. 6.4). Feature releases are typically supported for a year.

For more information about versioning in SSB, see "Version numbering in SSB" in the Upgrade Guide.

For further information regarding the SSB LTS and Feature releases, see the syslog-ng Store Box Product Life Cycle Table.

 Caution:

Downgrading from a feature release to an earlier (and thus unsupported) feature release, or to the previous LTS release is officially not supported, but usually works as long as your SSB configuration file is appropriate for the old SSB version. However, persistent data like the position of the last processed message in a file source will be probably lost.

Logstore files created with a newer version of SSB might not be readable with an older version of SSB.

NOTE: Bug fixes and security updates are always issued in the latest & greatest releases, and never for previous releases. For example, in case of Long Term Support path, if a bug was reported by a customer for 6.0.1 LTS, the fix will be released in version 6.0.2 or in a later maintenance release. The same logic is true to rolling releases, for example, if a bug gets reported for 6.4, the fix will be issued in 6.5, or a later feature release.

NOTE: Consider the following information regarding hardware models:

  • Discontinued Support for Hardware Models N1000, N1000D, N10000:

    Last Day Sold: 01-Aug-2014

    Last Day Renew: 01-Oct-2018

    End of Support: 31-Mar-2019

  • Discontinued Support for T-Series hardware:

    Last Day Sold: 30-June-2019

    Last Day Renew: 30-June-2021

    End of Support: 30-June-2022

Licensing model and modes of operation

A Log Source Host (LSH) is any host, server, or device (including virtual machines, active or passive networking devices, syslog-ng clients and relays, and so on) that is capable of sending log messages. Log Source Hosts are identified by their IP addresses, so virtual machines and vhosts are separately counted.

The syslog-ng Store Box appliance as a central log-collecting server that receives messages through a network connection, and stores them locally, or forwards them to other destinations or external systems (for example, a SIEM or a database). The syslog-ng Store Box (SSB) appliance requires a license file, this license file determines the number of Log Source Hosts (LSHs) that can send log messages to the SSB server.

Note that the number of source hosts is important, not the number of hosts that directly sends messages to SSB: every host that send messages to the server (directly or using a relay) counts as a Log Source Host.

For technical reasons, the syslog-ng Store Box appliance itself counts as two LSHs in standalone mode, and three LSHs in high-availability (HA) mode. This is automatically adjusted when One Identity generates the license file.

Notes about counting the licensed hosts

 Caution:
  • If the actual IP address of the host differs from the IP address received by looking up its IP address from its hostname in the DNS, the syslog-ng server counts them as two different hosts.
  • The chain-hostnames() option of syslog-ng can interfere with the way syslog-ng Store Box (SSB) counts the log source hosts, causing syslog-ng to think there are more hosts logging to the central server, especially if the clients sends a hostname in the message that is different from its real hostname (as resolved from DNS). Disable the chain-hostnames() option on your log source hosts to avoid any problems related to license counting.
  • If the number of Log Source Hosts reaches the license limit, the SSB server will not accept connections from additional hosts. The messages sent by additional hosts will be dropped, even if the client uses a reliable transport method (for example, ALTP).
  • If the no-parse flag is set in a message source on the SSB server, SSB assumes that the message arrived from the host (that is, from the last hop) that sent the message to SSB, and information about the original sender is lost.

Licensing benefits

Buying a syslog-ng Store Box (SSB) license permits you to perform the following:

  • Deploy one instance of the SSB appliance as a central log collector server.

  • The syslog-ng Store Box license also allows you to download the syslog-ng Premium Edition (syslog-ng PE) application (including the syslog-ng Agent for Windows application) and install it on hosts within your organization (on any supported platform) to use it as a log collector agent (client) for SSB. You cannot redistribute the application to third parties.

The syslog-ng Store Box license determines the number of individual hosts (also called log source hosts) that can send log messages to SSB.

License grants and legal restrictions are fully described in the Software Transaction, License and End User License Agreements. Note that the Software Transaction, License and End User License Agreements and the syslog-ng Store Box Product Guide apply only to scenarios where the Licensee (the organization who has purchased the product) is the end user of the product. In any other scenario — for example, if you want to offer services provided by SSB to your customers in an OEM or a Managed Service Provider (MSP) scenario — you have to negotiate the exact terms and conditions with One Identity.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación