サポートと今すぐチャット
サポートとのチャット

syslog-ng Store Box 7.4.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Contents of the default reports

The default report of the syslog-ng Store Box(SSB) appliance (called System) is available in Adobe Portable Document Format (PDF), and contains the following information for the given period:

  • Configuration changes: Lists the number of SSB configuration changes per page and per user. The frequency of the configuration changes is also displayed on a chart.

  • Peer configuration: Lists the number of times the configuration of a syslog-ng client was changed per client, as well as the version number of the syslog-ng application running on the client (if this information is available).

  • Alerts: Various statistics about the alerts received from classifying messages using the pattern database (if pattern databases have been uploaded to SSB).

  • syslog-ng traffic statistics: Displays the rate of incoming, forwarded, stored, and dropped messages in messages/second.

  • System health information: Displays information about the filesystem and network use of SSB, as well as the average load.

Generating partial reports

The following describes how to generate a report manually for a period that has not been already covered in an automatic report.

To generate a report manually for a period that has not been already covered in an automatic report

  1. Log in to the syslog-ng Store Box(SSB) web interface, and navigate to Reports > Configuration.

  2. Select the report you want to generate.

    • To create a report from the last daily report until the present time, click Generate partial daily report. For example, if you click this button at 16:30, the report will include the period from 00:01 to 16:30.

    • To create a report from the last weekly report until the present time, click Generate partial weekly report. For example, if you click this button on Wednesday at 16:30, the report will include the period from Monday 00:01 to Wednesday 16:30.

    • To create a report from the last monthly report until the present time, click Generate partial monthly report. For example, if you click this button at 16:30 on 13 December, the report will include the period from 00:01 on 01 December to 16:30 on 13 December.

    The report will be automatically added in the list of reports (Reports > Generated reports), and also sent in an email to the regular recipients of the report.

  3. Click .

Configuring custom reports

The following describes how to configure syslog-ng Store Box(SSB) to create custom reports. Make sure that the user account has read & write/perform access to the use static subchapters privilege.

To configure SSB to create custom reports

  1. Log in to the SSB web interface, and navigate to Reports > Configuration.

    Figure 237: Reports > Configuration — Configuring custom reports

  2. Click and enter a name for the custom report.

  3. Reports are organized into chapters and subchapters. To add a new chapter, go to Table of contents, click Add Chapter, enter a name for the chapter, then click OK. Repeat this step to create further chapters if needed.

  4. Click Add Subchapter to add various reports and statistics to the chapter. The available reports will be displayed in a pop-up window. The reports created from custom statistics are listed at the end.

  5. Use the arrows to change the order of the subchapters if needed.

  6. To specify how often SSB should create the report, select the relevant Generate this report every (Day, Week, Month) option. Weekly reports are created on Mondays, while monthly reports on the first day of the month. You can select multiple options simultaneously.

    If you want to generate the report only manually, leave this field empty.

  7. By default, members of the search group can access the custom reports via the SSB web interface. To change this, enter the name of a different group into the Reports are accessible by the following groups field, or click (Add row) to grant access to other groups.

    NOTE: The members of the listed groups will be able to access only these custom reports, even if their groups do not have read access to the Reporting > Reports page. However, SSB will list only the reports to which their group has access.

  8. By default, SSB sends out the reports in email to the address set in the Basic Settings > Management > Mail settings > Send reports to field.

    NOTE: If this address is not set, the report is sent to the SSB administrator's email address.

    • To disable email sending, clear the Send reports in email option.

    • To email the reports to a different address, select Recipient > Custom address, and enter the email address where the reports should be sent. Click to list multiple email addresses if needed.

  9. Click .

Classifying messages with pattern databases

Using the pattern database allows you to classify messages into various categories, receive alerts on certain messages, and to collect unknown messages using artificial ignorance.

Figure 238: Log > Pattern Database — Pattern database

NOTE: SSB always classifies messages, but uses the results only if you specifically enable the relevant options in Log > Options.

Figure 239: Log > Options — Enabling artificial ignorance and pattern-matching alerts

  • To receive alerts on messages classified as Violation, navigate to Log > Options and enable the Alerts option.

  • To receive reports on messages not included in the pattern database, navigate to Log > Options and enable the Artificial ignorance option.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択