Chatta subito con l'assistenza
Chat con il supporto

syslog-ng Store Box 7.0.4 LTS - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Additional tools

The syslog-ng Store Box(SSB) appliance provides additional tools to obtain information about log messages that can come from external sources. They are as follows:

  • Pattern database: You can use the pattern database of SSB to alert on certain log messages. If you are using the pattern database for such purposes and you wish to check the history of the alerts raised by SSB, then refer to Log message alerts.

  • Reports: SSB periodically creates reports on processed traffic. If you wish to retrieve information available in such reports, see Reports.

Searching the internal messages of SSB

The syslog-ng Store Box(SSB) appliance allows you to search, filter, and export internal messages. These internal messages contain the logs created by SSB itself (not the messages collected from external sources), including log messages of the SSB appliance, configuration changes, notifications, alerts, and dashboard statistics.

Log messages of the SSB appliance:
  • All available log messages are listed in the local logspace in Search > Logspaces.

    For detailed instructions on using the log search interface, see Using the search interface.

  • Recent log messages are also available in Basic settings > Troubleshooting.

    For detailed instructions on using the troubleshooting tools, see Troubleshooting SSB.

Configuration changes:
  • The configuration-related activity of SSB users and administrators is available at AAA > Accounting. The configuration changes performed on the SSB web interface are all listed here.

    For the list of displayed parameters, see Changelogs of SSB.

  • Peers (client computers) that use syslog-ng Premium Edition 3.0 or newer send a special log message to SSB when their configuration is modified. These changes are listed at Search > Peer configuration change.

    For the list of displayed parameters, see Configuration changes of syslog-ng peers.

Alerts and notifications:
  • If you use the pattern database of SSB to alert on certain log messages, then a history of the alerts is available at Search > Alerts.

    For the list of displayed parameters, see Log message alerts.

  • Backup and archive notifications, including errors encountered during backup or archiving, are stored at Search > Archive & Cleanup.

    For the list of displayed parameters, see Notifications on archiving and backups.

Dashboard statistics and reports:
  • The statistics of SSB are available at Basic settings > Dashboard.

    For detailed information and the list of available options, see Status history and statistics.

  • PDF reports about the configuration changes, system health parameters, and other activities of SSB are available at Reporting > Reports.

    For the list of displayed parameters, see Reports.

Using the internal search interfaces

The internal search interfaces that allow you to browse and filter the configuration changes, alerts, notifications, and reports of syslog-ng Store Box(SSB) are located across various pages. The way the user interface works, however, is uniform across all these pages. This section walks you through the main functionalities that are available to you when browsing internal messages.

The example in AAA > Accounting — An example of an internal search interface shows the AAA > Accounting page but all the search interfaces listed under Configuration changes:, Alerts and notifications:, and Dashboard statistics and reports: have similar features and look and feel.

Figure 222: AAA > Accounting — An example of an internal search interface

The bars display the number of log messages in the selected interval. Use the and icons to zoom, and the arrows to display the previous or the next intervals. To explicitly select a date, select Jump to and set the date in the calendar. You can change the length of the displayed interval with the Scale option.

Hovering the mouse above a bar displays the number of entries and the start and end date of the period that the bar represents. Click a bar to display the entries of that period in the table. Use Shift+Click to select multiple bars.

If data is too long to fit on one line, it is automatically wrapped and only the first line is displayed. To expand a row, click . To shrink the row back to its original size, click . To expand/shrink all rows, click the respective button on the header of the table. The rows can also be expanded/shrunk by double-clicking on the respective row.

Filtering

The tables can be filtered for any parameter, or a combination of parameters. To filter the list, enter the filter expression in the input field of the appropriate column, and press Enter, or click on an entry in the table.

NOTE: When you use filters, the bars display the statistics of the filtered results.

Filtering also displays partial matches. For example, filtering the Author column on the AAA > Accounting page for and displays all changes performed by users whose username contains the adm string.

You can use the icon to perform an exact search, and the icon for inverse filtering ("does not include"). To clear filters from a column, click .

To restore the original table, click Clear all filters.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione