Chat now with support
Chat with Support

syslog-ng Store Box 6.9.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Troubleshooting

If you experience any strange behavior of the web interface, first try to reload the page by holding the Shift key while clicking the Reload button of your browser (or the F5 key on your keyboard) to remove any cached version of the page.

In the unlikely case that syslog-ng Store Box (SSB) encounters a problem during the upgrade process and cannot revert to its original state, SSB performs the following actions:

  • Initializes the network interfaces using the already configured IP addresses.

  • Enables SSH-access to SSB, unless SSB is running in sealed mode. That way it is possible to access the logs of the upgrade process that helps the our Support Team to diagnose and solve the problem. Note that SSH access will be enabled on every active interface, even if management access has not been enabled for the interface.

In case the web interface is not available within 30 minutes of rebooting SSB, check the information displayed on the local console and contact our Support Team.

Updating the SSB license

The syslog-ng Store Box (SSB) license must be updated before the existing license expires or when you purchase a new license. Information of the current license of SSB is displayed on the Basic Settings > System > License page. The following information is displayed:

Figure 73: Basic Settings > System > License — Updating the license

  • Customer: The company permitted to use the license (for example Example Ltd.).

  • Serial: The unique serial number of the license.

  • Host limit: The number of peers SSB accepts log messages from.

  • Valid: The period in which the license is valid. The dates are displayed in YYYY/MM/DD format.

SSB gives an automatic alert one week before the license expires. An alert is sent also when the number of peers exceeds 90% of the limit set in the license.

The following describes how to update the license.

Caution:

Before uploading a new license, you are recommended to backup the configuration of SSB. For details, see Exporting the configuration of SSB.

To update the license

  1. Navigate to Basic Settings > System > License.

  2. Click Choose File and select the new license file.

    NOTE: It is not required to manually decompress the license file. Compressed licenses (for example .zip archives) can also be uploaded.

  3. Click Upload, then .

  4. To activate the new license, navigate to Service control > Syslog traffic, indexing & search: and click Restart syslog-ng.

Exporting the configuration of SSB

The configuration of syslog-ng Store Box (SSB) can be exported (for manual archiving, or to migrate it to another SSB unit) from the Basic Settings > System page. Use the respective action buttons to perform the desired operation.

Figure 74: Basic Settings > System — Exporting the SSB configuration

To export the configuration of SSB

  1. Navigate to Basic Settings > System > Export configuration.

  2. Select how to encrypt the configuration:

    • To export the configuration file without encryption, select No encryption.

      Caution:

      Exporting the SSB configuration without encyption is not recommended, as it contains sensitive information such as password hashes and private keys.

    • To encrypt the configuration file with a simple password, select Encrypt with password and enter the password into the Encryption password and Confirm password fields.

      NOTE: The syslog-ng Store Box (SSB) appliance accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[]^-`{|}

    • To encrypt the configuration file with GPG, select GPG encryption. Note that this option uses the same GPG key that is used to encrypt automatic system backups, and is only available if you have uploaded the public part of a GPG key to SSB at Basic Settings > Management > System backup. For details, see Encrypting configuration backups with GPG.

  3. Click Export.

    NOTE: The exported file is a gzip-compressed archive. On Windows platforms, it can be decompressed with common archive managers such as the free 7-Zip tool.

    The name of the exported file is <hostname_of_SSB>-YYYMMDDTHHMM.config. The -encrypted or -gpg suffix is added for password-encrypted and GPG-encrypted files, respectively.

Importing the configuration of SSB

The configuration of syslog-ng Store Box (SSB) can be imported from the Basic Settings > System page. Use the respective action buttons to perform the desired operation.

Figure 75: Basic Settings > System — Importing the SSB configuration

Caution:

It is possible to import a configuration exported from SSB 2.0 or 3.0 into SSB 6.9.0, but it is not possible to restore an 1.1 or 1.0 backup into 6.9.0.

To import the configuration of SSB

  1. Navigate to Basic Settings > System > Import configuration.

  2. Click Choose File and select the configuration file to import.

  3. Enter the password into the Decryption password field and click Upload.

    NOTE: The syslog-ng Store Box (SSB) appliance accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[]^-`{|}

    Caution:

    When importing an older configuration, it is possible that there are logspaces on SSB that were created after the backing up of the old configuration. In such case, the new logspaces are not lost, but are deactivated and not configured. To make them accessible again, you have to:

    1. Navigate to Log > Logspaces and configure the logspace. Filling the Access Control field is especially important, otherwise the messages stored in the logspace will not be available from the Search > Logspaces interface.

    2. Adjust your log path settings on the Log > Paths page. Here you have to re-create the log path that was sending messages to the logspace.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating