Chatee ahora con Soporte
Chat con el soporte

syslog-ng Store Box 7.4.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Encrypting configuration backups with GPG

You can encrypt the configuration file of syslog-ng Store Box (SSB) during system backups using the public-part of a GPG key. The system backups of SSB contain other information as well (for example, databases), but only the configuration file is encrypted. Note that system backups do not contain logspace data.

For details on restoring configuration from a configuration backup, see Restoring SSB configuration and data.

NOTE: It is not possible to directly import a GPG-encrypted configuration into SSB, it has to be decrypted locally first.

Prerequisites:

You have to configure a backup policy before starting this procedure. For details, see Data and configuration backups.

You need a GPG key which must be permitted to encrypt data. Keys that can be used only for signing cannot be used to encrypt the configuration file.

To encrypt configuration backups with GPG

  1. Navigate to Basic > System > Management > System backup.

  2. Select Encrypt configuration.

  3. Select .

    • To upload a key file, click Browse, select the file containing the public GPG key, and click Upload. SSB accepts both binary and ASCII-armored GPG keys.

    • To copy-paste the key from the clipboard, paste it into the Key field and click Set.

  4. Click .

Archiving and cleanup

Archiving transfers data from syslog-ng Store Box (SSB) to an external storage solution, while cleanup removes (that is, deletes) old files. Archived data can be accessed and searched, but cannot be restored (that is, moved back) to the SSB appliance.

To configure archiving and cleanup, you first have to create an archive/cleanup policy. Archive/cleanup policies define the retention time, the address of the remote backup server, which protocol to use to access it, and other parameters. SSB can be configured to use the SMB/CIFS and NFS protocols to access the backup server:

Caution:

Hazard of data loss Never delete an Archive Policy if data has been archived to it. This will make the already archived data inaccessible.

Do not "remake" an Archive Policy (that is, deleting an Archive Policy and then creating another one with the same name but different parameters). This will make data inaccessible, and identifying the root cause of the issue complicated.

If you want to change the connection parameters (that is when you perform a storage server migration), you must make sure that the share contents and file permissions are kept unmodified and there are no archiving or backup tasks running.

On the other hand, if you want to add a new network share to your archives, proceed with the following steps:

  1. Create a new empty SMB/NFS network share.

  2. Create a new Archive Policy that points to this network share.

  3. Modify your Logspace(s) to archive using the newly defined Archive Policy.

  4. Make sure to leave the existing Archive Policy unmodified.

It is also safe to extend the size of the network share on the server side.

The different protocols assign different file ownerships to the files saved on the remote server. The owners of the archives created using the different protocols are the following:

  • SMB/CIFS: The user provided on the web interface.

  • NFS: root with no-root-squash, nobody otherwise.

Caution:

SSB cannot modify the ownership of a file that already exists on the remote server.

Once you have configured an archive/cleanup policy, assign it to the logspace you want to archive. For details, see Archiving or cleaning up the collected data.

Creating a cleanup policy

NOTE:Cleanup permanently deletes all log files and data that is older than Retention time in days without creating a backup copy or an archive. Such data is irrecoverably lost. Use this option with care.

NOTE: This policy does not delete existing archives from an external CIFS or NFS server.

  1. Navigate to Policies > Backup & Archive/Cleanup and click in the Archive/Cleanup policies section to create a new cleanup policy.

  2. Enter a name for the cleanup policy.

  3. Enter the time when the cleanup process should start into the Start time field, in HH:MM format (for example, 23:00).

  4. Fill the Retention time in days field. Data older than this value is deleted from syslog-ng Store Box (SSB).

  5. To receive email notifications, select the Send notification on errors only or the Send notification on all events option. Notifications are sent to the administrator email address set on the Management tab, and include the list of the files that were backed up.

    NOTE: This email notification is sent to the administrator's email address, while the alerts are sent to the alert email address (see Configuring system monitoring on SSB)

  6. Click .

  7. To assign the cleanup policy to the logspace you want to clean up, see Archiving or cleaning up the collected data.

Creating an archive policy using SMB/CIFS

The SMB/CIFS archive method connects to a share on the target server with Server Message Block protocol. SMB/CIFS is mainly used on Microsoft Windows Networks.

NOTE: Backup and archive policies only work with existing shares and subdirectories.

If a server has a share at, for example, archive and that directory is empty, when the user configures archive/ssb1 (or similar) as a backup/archive share, it will fail.

Caution:

The CIFS implementation of NetApp storage devices is not compatible with the CIFS implementation used in syslog-ng Store Box (SSB), therefore it is not possible to create backups and archives from SSB to NetApp devices using the CIFS protocol (the operation fails with a similar error message: /opt/ssb/mnt/14719217504d41370514043/reports/2010": Permission denied (13) '2010/day/' rsync: failed to set times on).

To overcome this problem, either:

  • use the NFS protocol to access your NetApp devices, or

  • use a backup device that has a CIFS implementation compatible with SSB, for example, Windows or Linux Samba.

  1. Navigate to Policies > Backup & Archive/Cleanup and click in the Archive/Cleanup policies section to create a new archive policy.

    Figure 71: Policies > Backup & Archive/Cleanup > Archive/Cleanup Policies — Configure cleanup and archiving

  2. Enter a name for the archive policy.

  3. Enter the time when the archive process should start into the Start time field, in HH:MM format (for example, 23:00).

  1. Select Target settings > SMB/CIFS.

    NOTE: From SSB version 5.2.0, SSB only supports SMB 2.1 and later. Make sure that your operating system with the Samba share that you want to mount, supports SMB 2.1 or later. Otherwise, SSB cannot mount the remote share.

  2. Enter the username used to logon to the remote server into the Username field, and corresponding password into the Password field. For anonymous login, enter anonymous as username, and leave the Password field empty.

    NOTE: The syslog-ng Store Box (SSB) appliance accepts passwords that are not longer than 150 characters. The following special characters can be used:

    ! " # $ % & ' ( ) * + , - . / : ; < > = ? @ [ ] ^ - ` { | } \ _ ~
  3. Enter the name of the share into the Share field.

    SSB saves all data into this directory, automatically creating the subdirectories. Archives of log files are stored in the data, configuration backups in the config subdirectory.

  4. Enter the domain name of the target server into the Domain field.

  1. Fill the Retention time in days field. Data older than this value is archived to the external server.

    NOTE:The archived data is deleted from SSB.

  2. To receive email notifications, select the Send notification on errors only or the Send notification on all events option. Notifications are sent to the administrator email address set on the Management tab, and include the list of the files that were backed up.

    NOTE: This email notification is sent to the administratorS email address, while the alerts are sent to the alert email address ( see Configuring system monitoring on SSB ).

  3. Click .

  4. To assign the archive policy to the logspace you want to archive, see Archiving or cleaning up the collected data.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación