Tchater maintenant avec le support
Tchattez avec un ingénieur du support

syslog-ng Store Box 7.4.0 - User Guide

Using session-only decryption keys

You can upload decryption keys to browse encrypted logspaces for the duration of the session only. These keys are automatically deleted when you log out from syslog-ng Store Box(SSB).

To use session-only decryption keys

  1. Select User menu > Private keystore. A pop-up window is displayed.

  2. Select Temporary > , then select Certificate > . A pop-up window is displayed.

    Figure 12: User menu > Private keystore — Adding decryption keys to the private keystore

  3. Paste or upload the certificate used to encrypt the logstore.

  4. Select Key > . A pop-up window is displayed.

  5. Paste or upload the private key of the certificate used to encrypt the logstore.

  6. Repeat Steps 2-5 to upload additional keys if needed.

  7. Click Apply.

Creating reports from log data

SSB can periodically create reports from the statistics of processed logs. To configure reporting, first you have to create statistics from log data, and save it as a reporting subchapter. You can then configure a report using the saved subchapter. You can include multiple subchapters in a report. The necessary procedures are described in the following chapters:

Creating custom statistics from log data

The syslog-ng Store Box(SSB) appliance can create statistics from the Facility, Priority, Program, Pid, Host, Tags, and .classifier.class columns. Use Customize columns to add the required column, if necessary.

NOTE: The .classifier.class data is the class assigned to the message when pattern database is used. For details, see Classifying messages with pattern databases in the Administration Guide. The pattern databases provided by One Identity currently use the following message classes by default: system, security, violation, or unknown.

You can display statistics on the web interface, export the related data as CSV, and also save the statistics to include in a report.

Displaying log statistics

To display statistics about the log messages, click the icon in the appropriate header of the table.

You can choose from Bar chart or Pie chart & List.

NOTE: For performance reasons, when creating statistics for a Multiple Logspace (see Creating multiple logspaces in the Administration Guide), syslog-ng Store Box(SSB) does not create statistics if the data upon which the statistics is based (for example, the hostname) has over 1000 entries in any of the member logspaces. In this case, SSB displays the Number of member statistics has too many entries error message.

Figure 13: Search > Logspaces — Displaying log statistics as Bar chart

In Pie chart & List view, percentages add up to 100%. The only exception to this is when statistics are based on Tags. Since statistics are provided for tags rather than messages, when messages have multiple tags, the percentages may add up to more than 100%.

Figure 14: Search > Logspaces — Displaying log statistics as Pie chart & List

Statistics will show the item with the largest number of entries first. To display the item with the least number of entries first, select Least.

NOTE: When navigating to a future time in the search bar, the number of logs displayed in the Search results may differ from the number of logs displayed in the Count part of the Host pie chart.

To avoid this, do not navigate to a future time.

If this has already happened, save the search expression that you have used elsewhere, then refresh the page by clicking Log > Search again. Consider that it will display the original state of the Search page, meaning that, for example, it will remove all search expressions that you have entered before.

You can export these statistics in CSV format using the Export all to CSV option, or you can include them in reports as a subchapter.

Caution:

Do not use Export all to CSV to export large amounts of data, as exporting data can be very slow, especially if the system is under heavy load. If you regularly need a large portion of your data in plain text format, consider using the syslog-ng Store Box(SSB) RPC API (for details, see The SSB RPC API in the Administration Guide), or sharing the log files on the network and processing them with external tools (for details, see Accessing log files across the network in the Administration Guide).

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation