Chat now with support
Chat with Support

syslog-ng Store Box 6.9.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Importing hostlists from files

This section describes how to import hostlists from a text file.

To import hostlists from a text file

  1. Create a plain text file containing the hostlist policies and IP addresses to import. Every line of the file will add an IP address or network to a policy. Use the following format:

    name_of_the_policy;match

    or

    ignore;IP address

    For example, a policy that ignores the 192.168.5.5 IP address and another one that matches on the 10.70.0.0/24 subnet, use:

    policy1;ignore;192.168.5.5
policy2;match;10.70.0.0/24

    To add multiple addresses or subnets to the same policy, list every address or subnet in a separate line, for example:

    policy1;ignore;192.168.7.5
policy1;ignore;192.168.5.5
policy1;match;10.70.0.0/24

  2. Navigate to Policies > Hostlists > Import from file > Browse and select the text file containing the hostlist policies to import.

    Figure 108: Policies > Hostlists — Importing hostlists

  3. If you are updating existing policies and want to add new addresses to them, select Append.

    If you are updating existing policies and want to replace the existing addresses with the ones in the text file, select Replace.

  4. Click Upload, then .

    NOTE: If you modify a hostlist, you only need to restart syslog-ng if a host, which is already connected, needs to be ignored with a hostlist. Navigate to Basic Settings > System > Service control > Syslog traffic, indexing & search: and select Restart syslog-ng for the changes to take effect.

Configuring message sources

The syslog-ng Store Box (SSB) appliance receives log messages from remote hosts via sources. A number of sources are available by default, but you can also create your own customized message sources. In addition to creating your own, customized message sources based on the Syslog or SQL protocol, SSB can also receive messages via the SNMP protocol, and convert these messages to Syslog messages.

Default message sources in SSB

The syslog-ng Store Box (SSB) appliance automatically accepts messages from the following built-in sources:

Figure 109: Log > Sources — Default message sources in SSB

  • legacy: Accepts UDP messages using the legacy BSD-syslog protocol on the port 514.

  • tcp: Accepts TCP messages using the IETF-syslog protocol (RFC 5424) on port 601.

  • tls: Accepts TLS-encrypted messages using the IETF-syslog protocol on port 6514. Mutual authentication is required: the client must show a (not necessarily valid) certificate, SSB sends the certificate created with the Welcome Wizard.

  • tcp_legacy: Accepts TCP messages using the BSD-syslog protocol (RFC 3164) on port 514.

NOTE: All default sources have name resolution enabled.

In addition to the default message sources in the previous list, you can also create your own, customized message sources. For the details of the various settings, see Creating new message sources in SSB and its subsections.

Creating new message sources in SSB

The syslog-ng Store Box (SSB) appliance receives log messages from remote hosts via sources. A number of sources are available by default, but you can also create your own, customized message sources, based on the Syslog or SQL protocol.

For details on using the default message sources of SSB, see Default message sources in SSB.

Creating your own, customized message source

If you do not want to use the default message sources available in SSB, you can create your own, customized message source.

To create your own, customized message source

  1. Navigate to Log > Sources and click .

    Figure 110: Log > Sources — Creating new message sources

  2. Enter a name for the source into the top field. Use descriptive names (for example, sql_source, or syslog_source ) that help you to identify the source easily.

    NOTE: In these sections and subsections, some figures show a custom message source named your-new-source, but you can use any descriptive name to identify your message source.

  3. In your new source, select your preferred Source type.

    NOTE: When configuring new message sources in SSB, you can configure two source types: Syslog, or SQL.

    Figure 111: Two available source types under Log > Sources > <your-new-source>

For further details about each source type, see the following subsections:

Topics:
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating