Chat now with support
Chat with Support

syslog-ng Store Box 7.4.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Date and time configuration

You can configure date and time-related settings of syslog-ng Store Box (SSB) on the Date & Time tab of the Basic page.

NOTE: Configuring Date & Time and NTP simultaneously is not possible. Either configure the local date and time manually, or synchronize system time with a time server.

Figure 45: Basic Settings > Date & Time — Set date and time

Caution:

It is essential to set the date and time correctly on SSB, otherwise the date information of the logs will be inaccurate.

SSB displays a warning on this page and sends an alert if the time becomes out of sync.

To explicitly set the date and time on SSB, enter the current date into respective fields of the Date & Time Settings group and click Set Date & Time.

NOTE: If the time of SSB is very inaccurate (that is, the difference between the system time and the actual time is great), it might take a long time to retrieve the date from the NTP server. In this case, click Sync now to sync the time immediately using SNTP.

Configuring a time (NTP) server

This section describes how to retrieve the date automatically from a time server.

Caution:

One Identity recommends not changing the timezone, because logspace rotation is based on your currently configured local timezone. If you change the timezone, you will not be able to search in your previously stored logs. Before changing the timezone, contact our Support Team.

To retrieve the date automatically from a time server

  1. Select your timezone in the Timezone field.

  2. Enter the IP address of an NTP time server into the Address field.

    To add new servers or delete existing ones, click (Add row) and Delete row, respectively.

    NOTE: Use an NTP server of high time accuracy. SSB needs high time accuracy for processing its logs with as exact timestamps as possible. Any inaccuracy will be detected by SSB, and the server will be rejected.

  3. Click .

  4. To sync the time immediately using SNTP, click Sync now.

    NOTE: If your local system time is different from the NTP server time, it can result in a time gap in the time stamp of the logs before synchronization and the logs after synchronization. The time gap may appear longer than the time that has actually passed. Therefore, logs collected before the synchronization might have time stamps that do not correspond to the NTP server time.

SNMP and email alerts

The following sections describe how you can configure email and SNMP alerts on syslog-ng Store Box (SSB).

Topics:

Configuring email alerts

This section describes how to configure email alerts.

To configure email alerts

  1. Navigate to Basic Settings > Management > Mail settings.

  2. Enter the IP address or the hostname of the mail server into the SMTP server address field.

    Figure 46: Basic Settings > Management > Mail settings — Configure email sending

  3. Enter the email address where you want to receive emails from into the Send emails as field. This can be useful for email filtering purposes. syslog-ng Store Box (SSB) sends emails from the address provided here. If no email address is entered, emails will be sent from the default email address.

  4. Enter the email address of the administrator into the Administrator's email address field. SSB sends notifications related to system-events (but not alerts and reports) to this address.

  5. Enter the email address of the administrator into the Send email alerts to field. SSB sends monitoring alerts to this address.

  6. Enter the email address the person who should receive traffic reports from SSB into the Send reports to field. For details on reports, see Reports.

    Caution:

    To get alert emails, provide an email address in this field. Sending alerts fails if these settings are incorrect, since the alerting email address does not fall back to the administrator's email address by default.

  7. Click .

  8. Click Test to send a test message.

    If the test message does not arrive to the server, check if SSB can access the server. For details, see Troubleshooting SSB.

  9. Select in which situations SSB should send an email alert. For details, see Configuring system monitoring on SSB.

  10. Click .

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating