Converse agora com nosso suporte
Chat com o suporte

syslog-ng Store Box 6.9.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Configuring SSB as a standalone unit, or as the primary node of a HA cluster

This section describes how you can configure your unit as a standalone unit, or as the primary node of a HA cluster in the syslog-ng Store Box (SSB) Welcome Wizard.

For details on how you can configure your unit as the secondary node of a HA cluster, see Configuring your SSB unit as the secondary node of a HA cluster.

If you want to use your unit as a standalone unit, or as the primary node of a HA cluster, you can configure a new unit in the Welcome Wizard, or import an existing configuration from a backup file to restore a backup configuration after a recovery, or to migrate an existing SSB configuration to a new device.

On the initial screen, choose one of the following options:

Importing an existing SSB configuration

To import an existing SSB configuration to be used as a standalone unit, or as the primary node of a HA cluster

  1. On the initial Configuration screen, select Standalone or primary node configuration.

    Figure 5: Standalone or primary node configuration

  2. Click Choose File and select the configuration file to import.

    NOTE: It is not possible to directly import a GPG-encrypted configuration into SSB, it has to be decrypted locally first.

  3. Enter the password used when the configuration was exported into the Encryption password field.

    For details on restoring configuration from a configuration backup, see Restoring SSB configuration and data.

  4. Click Import.

    Caution:

    If you use the Import function to copy a configuration from one SSB to another, do not forget to configure the IP addresses of the second SSB. Having two devices with identical IP addresses on the same network leads to errors.

  5. Accept the Software Transaction, License and End User License Agreements and install the SSB license.

    Figure 6: The Software Transaction, License and End User License Agreements, and the license key

    1. Read the Software Transaction, License and End User License Agreements and select Accept. The License Agreement covers both the traditional license, and subscription-based licensing as well. Clicking Accept means that you accept the agreement that corresponds to the license you purchased (for details on subscription-based licensing, see License types). After the installation is complete, you can read the Software Transaction, License and End User License Agreements at Basic Settings > System > License.

    2. Click Browse, select the SSB license file received with SSB, then click Upload. Without a license file, SSB will run in demo mode.

      NOTE: It is not required to manually decompress the license file. Compressed licenses (for example .zip archives) can also be uploaded.

    3. Click Next.

Configuring a new SSB unit

To configure your SSB unit as a standalone unit, or as the primary node of a HA cluster

  1. On the initial Configuration screen, select Standalone or primary node configuration.

    Figure 7: Standalone or primary node configuration

  2. Click Next.

  3. Accept the Software Transaction, License and End User License Agreements and install the SSB license.

    Figure 8: The Software Transaction, License and End User License Agreements, and the license key

    1. Read the Software Transaction, License and End User License Agreements and select Accept. The License Agreement covers both the traditional license, and subscription-based licensing as well. Clicking Accept means that you accept the agreement that corresponds to the license you purchased (for details on subscription-based licensing, see License types). After the installation is complete, you can read the Software Transaction, License and End User License Agreements at Basic Settings > System > License.

    2. Click Browse, select the SSB license file received with SSB, then click Upload. Without a license file, SSB will run in demo mode.

      NOTE: It is not required to manually decompress the license file. Compressed licenses (for example .zip archives) can also be uploaded.

    3. Click Next.

  4. Fill the fields to configure networking. The meaning of each field is described below. The background of unfilled required fields is red. All parameters can later be modified using the regular interface of SSB.

    Figure 9: Initial networking configuration

    1. External interface — IP address: IP address of the external interface of SSB (for example, 192.168.1.1). The IP address can be chosen from the range of the corresponding physical subnet. Clients will connect the external interface, therefore it must be accessible to them.

      If you have changed the IP address of SSB from the console before starting the Welcome Wizard, make sure that you use the same address here.

      NOTE: Do not use IP addresses that fall into the following ranges:

      • IPv4 addresses

        • 1.2.0.0/16 (reserved for communication between SSB cluster nodes)

        • 127.0.0.0/8 (localhost IP addresses)

    2. External interface — Netmask: The IP netmask of the given range in IP format. For example, general class C networks have the 255.255.255.0 netmask.

    3. Default gateway: IP address of the default gateway. When using several network cards, the default gateway is usually in the direction of the external interface.

    4. Hostname: Name of the machine running SSB (for example, SSB).

    5. Domain name: Name of the domain used on the network.

    6. DNS server: IP address of the name server used for domain name resolution.

    7. NTP server: The IP address or the hostname of the NTP server.

    8. SMTP server: The IP address or the hostname of the SMTP server used to deliver e-mails.

    9. Administrator's e-mail: E-mail address of the SSB administrator.

    10. Timezone: The timezone where the SSB is located.

      Caution:

      Make sure that you have selected the correct timezone. It is not recommended to change the timezone later, because logspace rotation is based on your local timezone. If you change the timezone later, you will not be able to properly search in your previously stored logs.

    11. Click Next.

  5. Enter the passwords used to access SSB.

    Figure 10: Passwords

    NOTE: The syslog-ng Store Box (SSB) appliance accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[]^-`{|}

    1. Admin password: The password of the admin user who can access the web interface of SSB.

      The default password policy on newly installed SSB appliances does not accept simple passwords for the admin and root users. As you type, SSB shows the strength of the password under the password field. Enter a password that gets at least a "good" rating.

    2. Root password: The password of the root user, required to access SSB via SSH or from the local console.

      The default password policy on newly installed SSB appliances does not accept simple passwords for the admin and root users. As you type, SSB shows the strength of the password under the password field. Enter a password that gets at least a "good" rating.

      NOTE: Accessing SSB using SSH is rarely needed, and recommended only for advanced users for troubleshooting situations.

    3. If you want to prevent users from accessing SSB remotely via SSH or changing the root password of SSB, select the Seal the box checkbox. Sealed mode can be activated later from the web interface as well. For details, see Sealed mode.

    4. Click Next.

  6. Upload or create a certificate for the SSB web interface. This SSL certificate will be displayed by SSB to authenticate administrative HTTPS connections to the web interface and RPC API.

    Figure 11: Creating a certificate for SSB

    To create a self-signed certificate, fill the fields of the Generate new self-signed certificate section and click Generate. The certificate will be self-signed by the SSB appliance, the hostname of SSB will be used as the issuer and common name.

    1. Country: Select the country where SSB is located (for example, HU-Hungary).

    2. Locality: The city where SSB is located (for example, Budapest).

    3. Organization: The company who owns SSB (for example, Example Inc.).

    4. Organization unit: The division of the company who owns SSB (for example, IT Security Department).

    5. State or Province: The state or province where SSB is located.

    6. Click Generate.

    If you want to use a certificate that is signed by an external Certificate Authority, in the Server X.509 certificate field, click to upload the certificate.

    NOTE: If you want to create a certificate with Windows Certificate Authority (CA) that works with SSB, generate a CSR (certificate signing request) on a computer running OpenSSL (for example, using the openssl req -set_serial 0 -new -newkey rsa:2048 -keyout ssbwin2k121.key -out ssbwin2k121.csr -nodes command), sign it with Windows CA, then import this certificate into SSB.

    Figure 12: Uploading a certificate for SSB

    You can choose to upload a single certificate or a certificate chain (that is, intermediate certificates and the end-entity certificate).

    After uploading a certificate or certificate chain, you can review details by clicking the name of the certificate, and looking at the information displayed in the pop-up window that comes up.

    Figure 13: Log > Options > TLS settings — X.509 certificate details

    The pop-up window allows you to:

    • Download the certificate or certificate chain.

      NOTE: Certificate chains can only be downloaded in PEM format.

    • View and copy the certificate or certificate chain.

    • Check the names and the hierarchy of certificates (if it is a certificate chain and there is more than one certificate present).

      On hovering over a certificate name, the subject of the certificate is displayed, describing the entity certified.

    • Check the validity dates of the certificate or certificates making up the chain.

      On hovering over a particular date, the exact time of validity is also displayed.

    After uploading the certificate or certificate chain, the presence or absence of the string (chain) displayed after the name of the certificate will indicate whether the certificate is a certificate chain or a single certificate.

    Then, back on the Certificate page of the Welcome Wizard, in the Server private key field, click , upload the private key, and enter the password protecting the private key.

    Figure 14: Uploading a private key

    NOTE:

    SSB accepts private keys in PEM (RSA and DSA), PUTTY, and SSHCOM/Tectia format. Password-protected private keys are also supported.

    One Identity recommends:

    • Using 2048-bit RSA keys (or stronger).

    • Using the SHA-256 hash algorithm (or stronger) when creating the public key fingerprint.

    NOTE: The syslog-ng Store Box (SSB) appliance accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[]^-`{|}

  7. Review the data entered in the previous steps. This page also displays the certificate generated in the last step, the RSA SSH key of SSB, and information about the license file.

    Figure 15: Review configuration data

    If all information is correct, click Finish.

    Caution:

    The configuration takes effect immediately after clicking Finish. Incorrect network configuration data can render SSB unaccessible.

    SSB is now accessible from the regular web interface via the IP address of its external interface.

    After you finish configuring your SSB unit (which you can use as a standalone SSB unit, or as the primary node of a HA cluster), your browser is automatically redirected to the IP address set as the external interface of SSB, where you can log in to the web interface of SSB using the admin username and the password you set for this user in the Welcome Wizard.

    Figure 16: Logging in to SSB

Preparing the nodes on the SSB web interface for establishing a HA cluster

If you want to use the newly configured SSB unit as the primary node in a future HA cluster, and you want to add an additional SSB unit as the secondary node in your future HA cluster, you have to configure the IP addresses that you want to use for your primary node (referred to as This node on the web interface, and occasionally as master node in error messages and warnings), and the secondary node (referred to as Other node on the web interface, and occasionally as slave node in error messages and warnings).

To prepare the nodes on your SSB web interface for establishing a HA cluster

  1. Log in to the SSB unit configured as the primary node for your future HA cluster.

  2. Navigate to Basic Settings > High Availability.

    The newly configured standalone unit is displayed under High availability & Nodes, labeled as This node. The greyed out Other node is not yet configured, but in the Interface IP field, you can already set the IP address that you want to use on your secondary node later.

    NOTE: Note that your Cluster status displays your primary SSB unit in a STANDALONE HA state.

  3. In the Interface IP field on This node, set the IP address that you want to use for your primary node in your future HA cluster.

  4. In the Interface IP field on Other node, set the IP address that you want to use for the secondary node in your future HA cluster.

    NOTE: Make sure that the IP address you configure on This node is different from the IP address you configure on Other node.

  5. Commit your changes.

    NOTE: When your configuration changes are successfully saved, you will see a warning about the limitations of configuring your secondary node at this point. Click OK.

  6. (Optional) Reboot your SSB unit. Alternatively, you can reboot your SSB unit later, after configuring a different unit as the secondary node of your future HA cluster.

  7. Configure a different SSB unit as the secondary node of your future HA cluster.

  8. Convert your nodes into a HA cluster on the SSB web interface.

Configuring your SSB unit as the secondary node of a HA cluster

This section describes how you can configure your syslog-ng Store Box (SSB) unit as the secondary node of a HA cluster in the in the syslog-ng Store Box (SSB) Welcome Wizard.

Prerequisites

Before configuring your SSB unit as the secondary node of your future HA cluster, you must have a standalone SSB unit configured as the primary node of your HA cluster, and prepare the nodes on your SSB web interface to establish a HA cluster from your SSB units.

For details on how you can configure your SSB unit as a standalone unit, or as the primary node of a HA cluster, see Configuring SSB as a standalone unit, or as the primary node of a HA cluster.

For details on how you can prepare the nodes on your SSB web interface to establish a HA cluster from your SSB units, see Preparing the nodes on the SSB web interface for establishing a HA cluster.

HA IP configuration

If you want to use your SSB unit as the secondary node of a HA cluster, you can use the syslog-ng Store Box Welcome Wizard, but with fewer configuration steps than when you are configuring your primary node.

To configure your SSB unit as the secondary node of a HA cluster

  1. Open the https://<IP-address-of-SSB-external-interface> page in your browser and accept the displayed certificate. The Welcome Wizard of SSB appears.

    TIP: The SSB console displays the IP address the external interface is listening on. SSB either receives an IP address automatically via DHCP, or if a DHCP server is not available, listens on the 192.168.1.1 IP address.

  2. On the initial Configuration screen, select HA IP configuration.

    Figure 17: Select HA IP configuration

  3. Enter the HA IP Address that you previously set in the Interface IP field on Other node.

    Figure 18: Enter the HA IP address for the secondary node

  4. Click Next.

    The Welcome Wizard displays the confirmation that you have successfully configured your secondary node.

    Figure 19: HA IP configuration successful

  5. (Optional) To modify your configured HA IP Address, click Back.

  6. If you do not want to change anything in your configuration, you can continue to convert your nodes into a HA cluster.
Converting your primary node and secondary node to a HA cluster on the SSB web interface
  1. (Optional) If you have not done it previously, reboot the SSB unit that you previously configured as the primary node for your HA cluster.

  2. Log in to the SSB unit configured as the primary node, and navigate to Basic Settings > High Availability.

    Under High availability & Nodes, both configures nodes are displayed, both in STANDALONE HA state.

  3. Click Convert to Cluster.

    Your Cluster status will display that you are in CONVERTED HA state.

  4. Continue by either shutting down, and then powering up your HA cluster, or shutting down, and then powering up your nodes one by one:

    • Rebooting the HA cluster: If you do not want to closely monitor shutting down, and then rebooting your nodes separately, click Reboot cluster.

      You will have to log in to the SSB web interface again.

    • Shutting down, then powering up your nodes separately:

      1. Click Shutdown on your secondary node (Other node).

        While the node of your choice is shutting down, your our Cluster status will display that you are in DEGRADED HA state.

      2. Click Reboot on the primary node (This node).

        You will have to log in to the SSB web interface again.

      3. Power up your secondary node (Other node).

  5. Log in to the SSB unit configured as your primary node, and navigate to Basic Settings > High Availability.

    While SSB is synchronizing the newly rebooted nodes, your Cluster status will display that you are in DEGRADED SYNC HA state. Depending on your configuration, synchronization may take a while.

    When SSB successfully finishes synchronizing your nodes, your Cluster status displays that SSB is operating in HA.

  6. (Optional) After your HA cluster is in HA state, you can change the configuration settings on your nodes if you want to.

Basic settings

syslog-ng Store Box (SSB) is configured via the web interface. Configuration changes take effect automatically after clicking . Only the modifications of the current page or tab are activated — each page and tab must be committed separately.

Supported web browsers

The syslog-ng Store Box (SSB) web interface can be accessed only using TLS encryption and strong cipher algorithms. The browser must support HTTPS connections, JavaScript, and cookies. Make sure that both JavaScript and cookies are enabled.

NOTE: SSB displays a warning message if your browser is not supported or JavaScript is disabled.

If you have successfully accessed the SSB web interface using HTTPS at least once, your browser will remember this, and on any subsequent occasions, it will force you to access SSB using HTTPS, even if you try loading it through an HTTP connection. This is thanks to the HTTP Strict Transport Security (HSTS) policy, which enables web servers to enforce web browsers to restrict communication with the server over an encrypted SSL/TLS connection for a set period. Web servers declare the HSTS policy using a special Strict-Transport-Security response header field.

This might, however, cause issues in any of the following cases:

  • When the SSL certificate of SSB's web interface has expired. In this case, any attempt to access the web interface using a secure connection will fail with an error message.

  • When you switch the trusted CA-signed certificate to a self-signed certificate for SSB's web interface. As per HSTS design, a self-signed certificate is not taken to have been issued by a trusted CA, therefore any secure connections to the SSB web interface will fail with an error message.

The resolution to the above-mentioned issues is to:

  • Remove the HSTS settings in your browser. This must be done locally, in a browser-specific way. For detailed instructions, consult the support site of the browser you are using.

    OR

  • Upload a new certificate, using a different browser on a different machine. For detailed instructions on how to upload external certificates to SSB, see "Uploading external certificates to SSB" in the Administration Guide.

Supported browsers:

Mozilla Firefox 52 ESR

We also test SSB on the following, unsupported browsers. The features of SSB are available and usable on these browsers as well, but the look and feel might be different from the supported browsers. Internet Explorer 11, Microsoft Edge, and the currently available version of Mozilla Firefox and Google Chrome.

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação