Chatta subito con l'assistenza
Chat con il supporto

syslog-ng Store Box 7.0.4 LTS - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Encrypting configuration backups with GPG

You can encrypt the configuration file of syslog-ng Store Box (SSB) during system backups using the public-part of a GPG key. The system backups of SSB contain other information as well (for example, databases), but only the configuration file is encrypted. Note that system backups do not contain logspace data.

For details on restoring configuration from a configuration backup, see Restoring SSB configuration and data.

Prerequisites:

You have to configure a backup policy before starting this procedure. For details, see Data and configuration backups.

You need a GPG key which must be permitted to encrypt data. Keys that can be used only for signing cannot be used to encrypt the configuration file.

To encrypt configuration backups with GPG

  1. Navigate to Basic > System > Management > System backup.

  2. Select Encrypt configuration.

  3. Select .

    • To upload a key file, click Browse, select the file containing the public GPG key, and click Upload. SSB accepts both binary and ASCII-armored GPG keys.

    • To copy-paste the key from the clipboard, paste it into the Key field and click Set.

  4. Click .

Archiving and cleanup

Archiving transfers data from syslog-ng Store Box (SSB) to an external storage solution, while cleanup removes (that is, deletes) old files. Archived data can be accessed and searched, but cannot be restored (that is, moved back) to the SSB appliance.

To configure archiving and cleanup, you first have to create an archive/cleanup policy. Archive/cleanup policies define the retention time, the address of the remote backup server, which protocol to use to access it, and other parameters. SSB can be configured to use the SMB/CIFS and NFS protocols to access the backup server:

Caution:

Hazard of data loss Never delete an Archive Policy if data has been archived to it. This will make the already archived data inaccessible.

Do not "remake" an Archive Policy (that is, deleting an Archive Policy and then creating another one with the same name but different parameters). This will make data inaccessible, and identifying the root cause of the issue complicated.

If you want to change the connection parameters (that is when you perform a storage server migration), you must make sure that the share contents and file permissions are kept unmodified and there are no archiving or backup tasks running.

On the other hand, if you want to add a new network share to your archives, proceed with the following steps:

  1. Create a new empty SMB/NFS network share.

  2. Create a new Archive Policy that points to this network share.

  3. Modify your Logspace(s) to archive using the newly defined Archive Policy.

  4. Make sure to leave the existing Archive Policy unmodified.

It is also safe to extend the size of the network share on the server side.

The different protocols assign different file ownerships to the files saved on the remote server. The owners of the archives created using the different protocols are the following:

  • SMB/CIFS: The user provided on the web interface.

  • NFS: root with no-root-squash, nobody otherwise.

Caution:

SSB cannot modify the ownership of a file that already exists on the remote server.

Once you have configured an archive/cleanup policy, assign it to the logspace you want to archive. For details, see Archiving or cleaning up the collected data.

Creating a cleanup policy

NOTE:Cleanup permanently deletes all log files and data that is older than Retention time in days without creating a backup copy or an archive. Such data is irrecoverably lost. Use this option with care.

NOTE: This policy does not delete existing archives from an external CIFS or NFS server.

  1. Navigate to Policies > Backup & Archive/Cleanup and click in the Archive/Cleanup policies section to create a new cleanup policy.

  2. Enter a name for the cleanup policy.

  3. Enter the time when the cleanup process should start into the Start time field, in HH:MM format (for example, 23:00).

  4. Fill the Retention time in days field. Data older than this value is deleted from syslog-ng Store Box (SSB).

  5. To receive e-mail notifications, select the Send notification on errors only or the Send notification on all events option. Notifications are sent to the administrator email address set on the Management tab, and include the list of the files that were backed up.

    NOTE: This e-mail notification is sent to the administrator's e-mail address, while the alerts are sent to the alert e-mail address (see Configuring system monitoring on SSB)

  6. Click .

  7. To assign the cleanup policy to the logspace you want to clean up, see Archiving or cleaning up the collected data.

Creating an archive policy using SMB/CIFS

The SMB/CIFS archive method connects to a share on the target server with Server Message Block protocol. SMB/CIFS is mainly used on Microsoft Windows Networks.

  1. Navigate to Policies > Backup & Archive/Cleanup and click in the Archive/Cleanup policies section to create a new archive policy.

    Figure 71: Policies > Backup & Archive/Cleanup > Archive/Cleanup Policies — Configure cleanup and archiving

  2. Enter a name for the archive policy.

  3. Enter the time when the archive process should start into the Start time field, in HH:MM format (for example, 23:00).

  1. Select Target settings > SMB/CIFS.

  2. Enter the username used to logon to the remote server into the Username field, and corresponding password into the Password field. For anonymous login, enter anonymous as username, and leave the Password field empty.

    NOTE: The syslog-ng Store Box (SSB) appliance accepts passwords that are not longer than 150 characters. The following special characters can be used:

    ! " # $ % & ' ( ) * + , - . / : ; < > = ? @ [ ] ^ - ` { | }
  3. Enter the name of the share into the Share field.

    SSB saves all data into this directory, automatically creating the subdirectories. Archives of log files are stored in the data, configuration backups in the config subdirectory.

  4. Enter the domain name of the target server into the Domain field.

  1. Fill the Retention time in days field. Data older than this value is archived to the external server.

    NOTE:The archived data is deleted from SSB.

  2. To receive e-mail notifications, select the Send notification on errors only or the Send notification on all events option. Notifications are sent to the administrator e-mail address set on the Management tab, and include the list of the files that were backed up.

    NOTE: This e-mail notification is sent to the administratorS e-mail address, while the alerts are sent to the alert e-mail address ( see Configuring system monitoring on SSB ).

  3. Click .

  4. To assign the archive policy to the logspace you want to archive, see Archiving or cleaning up the collected data.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione