Creating hostlist policies
The syslog-ng Store Box (SSB) appliance can use a list of host and network addresses at a number of places, for example for limiting the client that can send log messages to a log source, or the hosts that can access shared logspaces.
Creating hostlists
This section describes how to create a new hostlist.
To create a new hostlist
-
Navigate to Policies > Hostlists and select .
-
Enter a name for the hostlist (for example servers).
Figure 119: Policies > Hostlists — Creating hostlists
-
Enter the IP address of the permitted host into the Match > Address field. You can also enter a network address in the IP address/netmask format (for example 192.168.1.0/24). To add more addresses, click and repeat this step.
-
To add hosts that are excluded from the list, enter the IP address of the denied host into the Ignore > Address field.
TIP: To add every address except for a few specific hosts or networks to the list, add the 0.0.0.0/0 network to the Match list, and the denied hosts or networks to the Ignore list.
-
Click .
NOTE: If you modify a hostlist, you only need to restart syslog-ng if a host, which is already connected, needs to be ignored with a hostlist. Navigate to Basic Settings > System > Service control > Syslog traffic, indexing & search: and select Restart syslog-ng for the changes to take effect.
Importing hostlists from files
This section describes how to import hostlists from a text file.
To import hostlists from a text file
-
Create a plain text file containing the hostlist policies and IP addresses to import. Every line of the file will add an IP address or network to a policy. Use the following format:
name_of_the_policy;match
or
ignore;IP address
For example, a policy that ignores the 192.168.5.5 IP address and another one that matches on the 10.70.0.0/24 subnet, use:
policy1;ignore;192.168.5.5
policy2;match;10.70.0.0/24
To add multiple addresses or subnets to the same policy, list every address or subnet in a separate line, for example:
policy1;ignore;192.168.7.5
policy1;ignore;192.168.5.5
policy1;match;10.70.0.0/24
-
Navigate to Policies > Hostlists > Import from file > Browse and select the text file containing the hostlist policies to import.
Figure 120: Policies > Hostlists — Importing hostlists
-
If you are updating existing policies and want to add new addresses to them, select Append.
If you are updating existing policies and want to replace the existing addresses with the ones in the text file, select Replace.
-
Click Upload, then .
NOTE: If you modify a hostlist, you only need to restart syslog-ng if a host, which is already connected, needs to be ignored with a hostlist. Navigate to Basic Settings > System > Service control > Syslog traffic, indexing & search: and select Restart syslog-ng for the changes to take effect.
Configuring message sources
Configuring message sources
The syslog-ng Store Box (SSB) appliance receives log messages from remote hosts via sources. A number of sources are available by default, but you can also create your own customized message sources. In addition to creating your own, customized message sources based on the Syslog or SQL protocol, SSB can also receive messages via the SNMP protocol, and convert these messages to Syslog messages.