Chat now with support
Chat with Support

syslog-ng Store Box 6.9.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Configuring the Monitoring settings for your Syslog type message source

Under Log > Sources > <your-new-source> > Syslog > Monitoring, you can customize your monitoring settings for your Syslog type message source.

To customize your settings related to monitoring for your Syslog type message source

  1. Navigate to Log > Sources > <your-new-source> > Syslog > Monitoring.

    Log > Sources > <your-new-source> > Syslog > Monitoring.

    Figure 116: Log > Sources > <your-new-source> > Syslog > Monitoring — Customizing your monitoring settings your own, customized Syslog type message source

  2. (Optional) Enable Message rate alerting.

  3. Select the basis of your alerts under Counter.

  4. Select the frequency of alerts (in minutes) under Period.

  5. Specify the amount of alerts you want to receive within the specified Period (ranging between the minimum and maximum numbers of your choice) under Minimum and Maximum.

  6. Select the alerting frequency in the Alert field.

    Once sends only one alert (and after the problem is fixed, a "Fixed" message).

    Always sends an alert each time the result of the measurement falls outside the preset range.

  7. (Optional) To set the configured alert settings as your default, enable Master alert.

  8. (Optional) To leave the Log > Sources > <your-new-source> > SQL > Monitoring page and customize Message rate alerting statistics settings that apply to the entire syslog-ng Store Box (SSB) appliance, clicking Global settings takes you to Log > Options > Message rate alerting statistics.

    For more information about the configurable settings you can customize under Log > Options > Message rate alerting statistics, see Configuring message rate alerting.

NOTE: You can configure multiple alerts under Monitoring and pick the alert of your choice as your Master alert. To add a new alert under Message rate alerting, click . To delete a redundant alert, click .

  1. To configure Message rate alerting for the source, see Configuring message rate alerting.

  2. Set the character Encoding option of the incoming messages if needed.

  3. Click .

    NOTE: In order to actually store the messages arriving to this source, you have to include this source in a log path. For details, see Log paths: routing and processing messages.

  4. (Optional) If you want to receive messages using the ALTP or ALTP TLS protocol, make sure that you have configured your syslog-ng PE clients to transfer the messages to SSB using ALTP or ALTP TPS protocol. For details, see Advanced Log Transfer Protocol.

Customizing encoding for your Syslog type message source

Under Log > Sources > <your-new-source> > Syslog > Other options, you can customize your encoding preferences for your Syslog type message source.

To customize your encoding preferences for your Syslog type message source

  1. Navigate to Log > Sources > <your-new-source> > Syslog > Other options.

    Figure 117: Log > Sources > <your-new-source> > Syslog > Other options — customizing your encoding preferences for your Syslog type message source

  2. Select the Encoding type you want the Syslog source type to use.

Configuring your own, customized SQL type message source

When configuring your own, customized message sources in syslog-ng Store Box (SSB), you can configure two source types: Syslog, or SQL.

For more information about configuring a Syslog source type in your own, customized message source, see Configuring your own, customized Syslog type message source.

There are many applications that natively store their log messages in SQL databases. The SSB appliance can pull messages from SQL database tables in real-time, similarly to receiving messages over the network.

Figure 118: Log > Sources > <your-new-source> — SQL source type in your own, customized message source

Prerequisites for configuring your own, customized SQL type message source

Currently, configuring your own, customized SQL type message source in SSB has the following prerequisites:

  • The Address for the SQL type message source (that is, IP address of the remote database server to collect messages from).

  • The Port of the database server that the SQL type message source will connect to.

  • The Username of the database user.

  • The Password of the database user.

  • A previously configured SQL database that you can specify the SQL type message source to connect to, by entering the database name into Database name.

Limitations to configuring your own, customized SQL type message source

When configuring your message sources, consider that currently, configuring your own, customized SQL type message source in SSB has the following limitations:

  • Database servers

    SSB 6.9.0 was tested with the following database servers:

    • MS SQL (with "select @@version")

      Microsoft SQL Server 2017 (RTM-CU13) (KB4466404) - 14.0.3048.4 (X64) Nov 30 2018 12:57:58
Copyright (C) 2017 Microsoft Corporation Developer Edition (64-bit) on Linux (Ubuntu 16.04.5 LTS)

    • Oracle (with "SELECT * FROM V$VERSION;")

      Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 : 64bit Production
PL/SQL Release 11.2.0.4.0 Production : "CORE 11.2.0.4.0 Production"
TNS for Linux: Version 11.2.0.4.0 Production
NLSRTL : Version 11.2.0.4.0 Production

  • Remote server IP addresses

    NOTE: The current version (version 6.9.0) of SSB only supports configuring IPv4 addresses for Source type > SQL > Database connection > Address in message sources.

Configuration options for your own, customized SQL type message source

While configuring your own, customized SQL type message source, you can customize the following:

  • Configuring and testing the Database connection of your SQL source.

  • Customizing your fetch queries and message fetching settings under Fetching messages.

  • Customizing your fetch history and test message fetching under Fetch history.

  • Customizing your Fetching frequency.

  • Customizing your Monitoring options.

For further details on the configuration options, see the following subsections:

Topics:

Setting up and testing the SQL database connection of your SQL type message source

The following section describes how to setup the SQL database connection of your SQL type message source, and how the connection is tested.

To setup and test the SQL database connection in your SQL type message source

  1. Navigate to Log > Sources > <your-new-source> SQL > Database connection.

    Figure 119: Log > Sources > <your-new-source> > SQL > Database connection — Setting up and testing the SQL database connection for your SQL type message source

  2. Select the Database type to collect log messages from.

  3. Enter the name or the IP address of the remote database server to collect messages from.

  4. Enter the port of the database server to connect to. To use the default port of the database, click Set Default Port.

    NOTE: The default port depends on the database type, but you can configure it according to your preferences.

  5. Enter the Username and the Password of the database user.

    NOTE: The syslog-ng Store Box (SSB) appliance accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[]^-`{|}

  6. Enter the Database name to connect to.

  7. Click Test database connection. SSB reads the tables from the database.

    NOTE: The syslog-ng Store Box (SSB) appliance can only read table names that contain numbers, uppercase and lowercase characters, hyphen (-), underscore (_), hashtag (#), at sign (@), or the dollar sign ($). Tables with names that contain other characters, including full stop (.), cannot be monitored.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating