You can save log statistics to include them in reports as a subchapter.
Figure 15: Search > Logspaces — Creating reports from custom log statistics
In the Statistics view, click Report settings.
Add a name for the statistics in the Report subchapter name field.
Select the Visualization for the report: List, Pie chart, or Bar chart.
Choose how the entries are sorted: descending (Top) or ascending (Least).
Choose the Number of entries to include.
Selecting All includes only the first 1000 results. The remaining results are aggregated as 'others'.
For performance reasons, when creating statistics for a Multiple Logspace (see "Creating multiple logspaces" in the Administration Guide), syslog-ng Store Box(SSB) does not create statistics if the data upon which the statistics is based (for example, the hostname) has over 1000 entries in any of the member logspaces. In this case, SSB displays the Number of member statistics has too many entries error message.
Select the user group that can access the subchapter in the Grant access for the following user groups field.
Click Save as Report subchapter.
To add the saved subchapter to a report, follow the instructions provided in Configuring custom reports.
The following describes how to configure syslog-ng Store Box(SSB) to create custom reports. Make sure that the user account has read & write/perform access to the use static subchapters privilege.
To configure SSB to create custom reports
Log in to the SSB web interface, and navigate to Reports > Configuration.
Figure 16: Reports > Configuration — Configuring custom reports
Click and enter a name for the custom report.
Reports are organized into chapters and subchapters. To add a new chapter, go to Table of contents, click Add Chapter, enter a name for the chapter, then click OK. Repeat this step to create further chapters if needed.
Click Add Subchapter to add various reports and statistics to the chapter. The available reports will be displayed in a pop-up window. The reports created from custom statistics are listed at the end.
Use the arrows to change the order of the subchapters if needed.
To specify how often SSB should create the report, select the relevant Generate this report every (Day, Week, Month) option. Weekly reports are created on Mondays, while monthly reports on the first day of the month. You can select multiple options simultaneously.
If you want to generate the report only manually, leave this field empty.
By default, members of the search group can access the custom reports via the SSB web interface. To change this, enter the name of a different group into the Reports are accessible by the following groups field, or click to grant access to other groups.
Members of the listed groups will be able to access only these custom reports even if their groups do not have read access to the Reporting > Reports page. However, only those reports will be listed, to which their group has access.
By default, SSB sends out the reports in email to the address set in the Basic Settings > Management > Mail settings > Send reports to field.
If this address is not set, the report is sent to the SSB administrator's email address.
To disable email sending, unselect the Send reports in e-mail option.
To email the reports to a different address, select Recipient > Custom address, and enter the email address where the reports should be sent. Click to list multiple email addresses if needed.
The generated reports are available in Portable Document (PDF) format by selecting Reports > Generated reports from the Main Menu.
Use the time bar to find reports that apply to a particular period. If you select a period (for example, click a bar), only those reports will be displayed that contain information about the selected period.
Figure 17: Browsing reports
The following information is available about the reports:
Download: A link to download the report.
Name: The name of the report.
Interval: The length of the reported period, for example, week, month, and so on.
Report from: The start of the reported interval.
Report to: The end of the reported interval.
Generate time: The date when the report was created.
To create a report for the current day, select Generate reports for today. The report will contain data for the 00:00 - current time interval. If artificial ignorance (for details, see "Classifying messages with pattern databases" in the Administration Guide) is enabled, an artificial ignorance report is created as well.
The syslog-ng Store Box(SSB) application can create content-based alerts about log messages based on specific search expressions. Search queries are run every few seconds and an alert is triggered whenever a match between the contents of a log message and a search expression is found. Alerts are collected and sent to a pre-defined email address (or email addresses).
Some log messages might have particular significance and therefore getting notifications about those can often be more efficient than searching for them manually.
You can set up or modify alerts for local logspaces or those logspaces to which you have the relevant privileges, meaning that:
Either the relevant user group has been assigned read and write/perform access to the Search > Logs object on the AAA > Access Control page.
Or the user group has been added under the Access control option of the relevant logspace on the Log > Logspaces page.
There are two ways to create alerts, using the search interface or the Search > Content-Based Alerts page:
For details on how to set up alerts on the search interface, see Setting up alerts on the search interface.
For details on how to set up alerts on the Search > Content-Based Alerts page, see Setting up alerts on the Search > Content-Based Alerts page.
Content-based alerting is currently not available for filtered, multiple, and remote logspaces.
In the case of encrypted logspaces, no decryption key is required for content-based alerting to work. SSB has access to the log messages while processing them, and the indexer and content-based alerting services run before encryption happens.
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité