This section describes how you can configure your unit as a standalone unit, or as the primary node of a HA cluster in the syslog-ng Store Box (SSB) Welcome Wizard.

For details on how you can configure your unit as the secondary node of a HA cluster, see Configuring your SSB unit as the secondary node of a HA cluster.

If you want to use your unit as a standalone unit, or as the primary node of a HA cluster, you can configure a new unit in the Welcome Wizard, import an existing configuration from a backup file to restore a backup configuration after a recovery, or to migrate an existing SSB configuration to a new device, or transfer logspaces and configuration from an existing SSB.

On the initial screen, choose one of the following options:

Configuring a new SSB unit

To configure your SSB unit as a standalone unit, or as the primary node of a HA cluster

  1. On the initial Configuration screen, select Standalone or primary node configuration.

    Figure 20: Standalone or primary node configuration

    Select New Install

    Figure 21: New install

  2. Click Next.

  3. Accept the Software Transaction, License and End User License Agreements and install the SSB license.

    Figure 22: The Software Transaction, License and End User License Agreements, and the license key

    1. Read the Software Transaction, License and End User License Agreements and select I have read and agree with the terms and conditions. The License Agreement covers both the traditional license, and subscription-based licensing as well. Clicking I have read and agree with the terms and conditions means that you accept the agreement that corresponds to the license you purchased (for details on subscription-based licensing, see License types). After the installation is complete, you can read the Software Transaction, License and End User License Agreements at Basic Settings > System > License.

    2. Click Choose File, select the SSB license file received with SSB, then click Upload. Without a license file, SSB will run in demo mode.

      NOTE: It is not required to manually decompress the license file. Compressed licenses (for example .zip archives) can also be uploaded.

    3. Click Next.

  4. Fill the fields to configure networking. The meaning of each field is described below. The background of unfilled required fields is red. All parameters can later be modified using the regular interface of SSB.

    Figure 23: Initial networking configuration

    1. External interface — IP address: IP address of the external interface of SSB (for example, 192.168.1.1). The IP address can be chosen from the range of the corresponding physical subnet. Clients will connect the external interface, therefore it must be accessible to them.

      If you have changed the IP address of SSB from the console before starting the Welcome Wizard, make sure that you use the same address here.

      NOTE: Do not use IP addresses that fall into the following ranges:

      • IPv4 addresses

        • 1.2.0.0/16 (reserved for communication between SSB cluster nodes)

        • 127.0.0.0/8 (localhost IP addresses)

    2. External interface — Netmask: The IP netmask of the given range in IP format. For example, general class C networks have the 255.255.255.0 netmask.

    3. Default gateway: IP address of the default gateway. When using several network cards, the default gateway is usually in the direction of the external interface.

    4. Hostname: Name of the machine running SSB (for example, SSB).

    5. Domain name: Name of the domain used on the network.

    6. DNS server: IP address of the name server used for domain name resolution.

    7. NTP server: The IP address or the hostname of the NTP server.

    8. SMTP server: The IP address or the hostname of the SMTP server used to deliver e-mails.

    9. Administrator's e-mail: E-mail address of the SSB administrator.

    10. Timezone: The timezone where the SSB is located.

      Caution:

      Make sure that you have selected the correct timezone. It is not recommended to change the timezone later, because logspace rotation is based on your local timezone. If you change the timezone later, you will not be able to properly search in your previously stored logs.

    11. Click Next.

  5. Enter the passwords used to access SSB.

    Figure 24: Passwords

    NOTE: The syslog-ng Store Box (SSB) appliance accepts passwords that are not longer than 150 characters. The following special characters can be used:

    ! " # $ % & ' ( ) * + , - . / : ; < > = ? @ [ ] ^ - ` { | }
    1. Admin password: The password of the admin user who can access the web interface of SSB.

      The default password policy on newly installed SSB appliances does not accept simple passwords for the admin and root users. As you type, SSB shows the strength of the password under the password field. Enter a password that gets at least a "good" rating.

    2. Root password: The password of the root user, required to access SSB via SSH or from the local console.

      The default password policy on newly installed SSB appliances does not accept simple passwords for the admin and root users. As you type, SSB shows the strength of the password under the password field. Enter a password that gets at least a "good" rating.

      NOTE: Accessing SSB using SSH is rarely needed, and recommended only for advanced users for troubleshooting situations.

    3. If you want to prevent users from accessing SSB remotely via SSH or changing the root password of SSB, select the Seal the box checkbox. Sealed mode can be activated later from the web interface as well. For details, see Sealed mode.

    4. Click Next.

  6. Upload or create a certificate for the SSB web interface. This SSL certificate will be displayed by SSB to authenticate administrative HTTPS connections to the web interface and RPC API.

    Figure 25: Creating a certificate for SSB

    To create a self-signed certificate, fill the fields of the Generate new self-signed certificate section and click Generate. The certificate will be self-signed by the SSB appliance, the hostname of SSB will be used as the issuer and common name.

    1. Country: Select the country where SSB is located (for example, HU-Hungary).

    2. Locality: The city where SSB is located (for example, Budapest).

    3. Organization: The company who owns SSB (for example, Example Inc.).

    4. Organization unit: The division of the company who owns SSB (for example, IT Security Department).

    5. State or Province: The state or province where SSB is located.

    6. Click Generate certificate.

    If you want to use a certificate that is signed by an external Certificate Authority, in the Server X.509 certificate field, click to upload the certificate.

    NOTE: If you want to create a certificate with Windows Certificate Authority (CA) that works with SSB, generate a CSR (certificate signing request) on a computer running OpenSSL (for example, using the openssl req -set_serial 0 -new -newkey rsa:2048 -keyout ssbwin2k121.key -out ssbwin2k121.csr -nodes command), sign it with Windows CA, then import this certificate into SSB.

    Figure 26: Uploading a certificate for SSB

    You can choose to upload a single certificate or a certificate chain (that is, intermediate certificates and the end-entity certificate).

    After uploading a certificate or certificate chain, you can review details by clicking the name of the certificate, and looking at the information displayed in the pop-up window that comes up.

    Figure 27: Log > Options > TLS settings — X.509 certificate details

    The pop-up window allows you to:

    • Download the certificate or certificate chain.

      NOTE: Certificate chains can only be downloaded in PEM format.

    • View and copy the certificate or certificate chain.

    • Check the names and the hierarchy of certificates (if it is a certificate chain and there is more than one certificate present).

      On hovering over a certificate name, the subject of the certificate is displayed, describing the entity certified.

    • Check the validity dates of the certificate or certificates making up the chain.

      On hovering over a particular date, the exact time of validity is also displayed.

    After uploading the certificate or certificate chain, the presence or absence of the string (chain) displayed after the name of the certificate will indicate whether the certificate is a certificate chain or a single certificate.

    Then, back on the Certificate page of the Welcome Wizard, click in the Server private key field, upload the private key, and enter the password protecting the private key.

    Figure 28: Uploading a private key

    NOTE:SSB accepts private keys in PEM (RSA and DSA), PUTTY, and SSHCOM/Tectia format. Password-protected private keys are also supported.

    One Identity recommends:

    • Using 2048-bit RSA keys (or stronger).

    • Using the SHA-256 hash algorithm (or stronger) when creating the public key fingerprint.

    NOTE: The syslog-ng Store Box (SSB) appliance accepts passwords that are not longer than 150 characters. The following special characters can be used:

    ! " # $ % & ' ( ) * + , - . / : ; < > = ? @ [ ] ^ - ` { | }
  7. Review the data entered in the previous steps. This page also displays the certificate generated in the last step, the RSA SSH key of SSB, and information about the license file.

    Figure 29: Review configuration data

    If all information is correct, click Finish.

    Caution:

    The configuration takes effect immediately after clicking Finish. Incorrect network configuration data can render SSB unaccessible.

    SSB is now accessible from the regular web interface via the IP address of its external interface.

    After you finish configuring your SSB unit (which you can use as a standalone SSB unit, or as the primary node of a HA cluster), your browser is automatically redirected to the IP address set as the external interface of SSB, where you can log in to the web interface of SSB using the admin username and the password you set for this user in the Welcome Wizard.

    Figure 30: Logging in to SSB

Importing an existing SSB configuration

To import an existing SSB configuration to be used as a standalone unit, or as the primary node of a HA cluster

  1. On the initial Configuration screen, select Standalone or primary node configuration.

    Figure 31: Standalone or primary node configuration

  2. Then select Import Configuration.

    Figure 32: Import configuration

  3. Click Choose File and select the configuration file to import.

    NOTE: It is not possible to directly import a GPG-encrypted configuration into SSB, it has to be decrypted locally first.

  4. Enter the password used when the configuration was exported into the Encryption password field.

    For details on restoring configuration from a configuration backup, see Restoring SSB configuration and data.

  5. Click Upload.

    Caution:

    If you use the Import function to copy a configuration from one SSB to another, do not forget to configure the IP addresses of the second SSB. Having two devices with identical IP addresses on the same network leads to errors.

  6. Review the data imported from the uploaded configuration.

    Figure 33: Review configuration data

    If all information is correct, click Finish.

    Caution:

    The configuration takes effect immediately after clicking Finish.

    Incorrect network configuration data can render SSB unaccessible.

Transfer logspaces and configuration from an existing SSB

By using this option you can transfer logs and configuration from a running SSB to a new one in a single step. This saves you from the effort of backing up, archiving and importing logspace data after install, when migrating data from an older SSB model to a newer one.

Prerequisites

  • Your source SSB and the new one must be in the same network, and they must be able to communicate with each other.

  • The source SSB can be connected to with SSH.

  • Your new SSB unit must have at least the amount of disk space that the logspace data takes up on your source SSB’s internal storage.

Limitations

To transfer logspaces, user preferences and configuration from an existing SSB

  1. On the initial Configuration screen, select Standalone or primary node configuration.

    Figure 34: Standalone or primary node configuration

  2. Select Transfer from another node and fill the fields necessary for the transfer.

    Figure 35: Transfer from another node

    1. Source address: The address of the source SSB where you would like to transfer data from.

    2. Source host key: Click to provide the RSA public key of the source SSB.

      Figure 36: Set source SSB public RSA key

      You can query the source SSB directly for its RSA public key, or manually provide the public key either by uploading it or copy-pasting it into the Copy-paste key field.

    3. RSA public key: The RSA public key of your new SSB installation. This key is only used for the data transfer process.

      Please note that this RSA key is newly generated every time you reload the initial Welcome Wizard page before you start the transfer process.

      Copy this key to your clipboard and add it to the list of Authorized keys on your source SSB under the Basic Settings > Management > SSH settings menu.

      Figure 37: Set source SSB public RSA key

      Click and paste the key into the Copy-paste key field, then click Set and Commit your changes.

      Figure 38: Add RSA public key

    4. Click Next.

  3. Review the configuration details which will be transferred from your source SSB.

    Figure 39: Transfer confirmation

    By pressing Finish, the data transfer process will start. At the end of the data transfer process the source SSB will be shut down and this SSB will take its place with the same configuration as the original source SSB.

    NOTE: The transfer process may take a longer time depending on the amount of data and your network speed. In an ideal case, where the source SSB is not accepting logs during the data transfer, and this SSB storage’s write speed does not limit the transfer, over a 1 Gigabit network, approximately 120 MiB can be transferred per second. This means that transferring 1 TiB of data takes at least 2.5 hours.

    Caution:

    You should only use the source SSB for receiving, relaying of and searching for logs during the data transfer. If you change configuration on the source SSB during data transfer you may end up with inconsistent configuration and data loss on your new SSB.

  4. The data transfer takes place in the following eight steps:

    NOTE: You can close this window or navigate away from your source SSB page during the transfer process, it will not be interrupted. However, there is a step which requires user interaction, therefore it is strongly advised to regularly check the transfer status.

    1. Transferring configuration and user preferences: A configuration bundle is automatically created on your source SSB and transferred to the new one.

    2. Synchronizing most of the logs: All already existing logspace data (excluding logspaces residing on external data disks, see Managing custom cloud service provider data disks for your logspaces in SSB) is transferred to your new SSB in this step.

      NOTE: This step may take a longer time to finish depending on the amount of data to be transferred and your network speed.

    3. Synchronizing logs received during the previous step: If your source SSB is receiving logs during the data transfer, then the logs which were received during the previous (and most likely longest) step are transferred in this step.

      NOTE: If your source SSB has received large amount of logs in the last 24 hours then then calculating the delta to transfer in this step may take a long time.

    4. Waiting for confirmation: By pressing Confirm in this step, the rest of the automatic process of the data transfer will take place.

      Figure 40: Waiting for confirmation during transfer

      Caution:

      If you press Confirm, the data transfer process cannot be interrupted anymore, it will be automatically completed.

    5. Stopping syslog-ng on source: Syslog-ng is stopped on your source SSB, logs are not received or relayed by your source SSB from this step.

    6. Synchronizing the remaining logs from the source SSB: Transferring the logs received by your source SSB during the confirmation step and before syslog-ng was shut down.

      NOTE: If your source SSB has received large amount of logs in the last 24 hours then then calculating the delta to transfer in this step may take a long time.

    7. Shutting down source cluster: Your source SSB is shut down in this step. If your source SSB was operating in an HA cluster, then complete cluster will be shut down in the following order: first the secondary node (or Other node) then the primary node (or This node) will be shut down.

    8. Applying configuration: The previously transferred configuration is applied on your new SSB and you will be redirected to the SSB’s login screen, which has the same IP address as your previous (source) SSB.

      Figure 41: Logging in to SSB

  5. (Optional) If your source SSB was operating in HA and you would like to use your new SSB in an HA cluster as well, then please see Configuring your SSB unit as the secondary node of a HA cluster for configuring a second node.

Preparing the nodes on the SSB web interface for establishing a HA cluster

If you want to use the newly configured SSB unit as the primary node in a future HA cluster, and you want to add an additional SSB unit as the secondary node in your future HA cluster, you have to configure the IP addresses that you want to use for your primary node (referred to as This node on the web interface, and occasionally as master node in error messages and warnings), and the secondary node (referred to as Other node on the web interface, and occasionally as slave node in error messages and warnings).

To prepare the nodes on your SSB web interface for establishing a HA cluster

  1. Log in to the SSB unit configured as the primary node for your future HA cluster.

  2. Navigate to Basic Settings > High Availability.

    The newly configured standalone unit is displayed under High availability, labeled as This node. The greyed out Other node is not yet configured, but in the Interface IP field, you can already set the IP address that you want to use on your secondary node later.

    NOTE: Note that your Cluster status displays your primary SSB unit in a STANDALONE HA state.

  3. In the Interface IP field on This node, set the IP address that you want to use for your primary node in your future HA cluster.

  4. In the Interface IP field on Other node, set the IP address that you want to use for the secondary node in your future HA cluster.

    NOTE: Make sure that the IP address you configure on This node is different from the IP address you configure on Other node.

  5. Commit your changes.

    NOTE: When your configuration changes are successfully saved, you will see a warning about the limitations of configuring your secondary node at this point. Click OK.

  6. (Optional) Reboot your SSB unit. Alternatively, you can reboot your SSB unit later, after configuring a different unit as the secondary node of your future HA cluster.

  7. Configure a different SSB unit as the secondary node of your future HA cluster.

  8. Convert your nodes into a HA cluster on the SSB web interface.