Welcome to the syslog-ng Store Box 5 LTS Administrator Guide!
This document describes how to configure and manage the syslog-ng Store Box (SSB). Background information for the technology and concepts used by the product is also discussed.
This guide is a work-in-progress document with new versions appearing periodically.
The latest version of this document can be downloaded from the Safeguard for Privileged Sessions Documentation page.
The procedures about rewriting incoming log messages have been updated. See Replace message parts or create new macros with rewrite rules and Find and replace the text of the log message.
Password policies set for local SSB users now apply to the admin and root users as well. For details, see Setting password policies for local users.
The following default settings have changed:
Indexing is now enabled by default. For more information, see Creating logstores.
Required trusted is now the default setting for the Peer verification field.
Strong is now the default setting for setting the strength of the cipher suites. Also, the Default option has been renamed to Weak. For more information, see Creating syslog message sources in SSB.
By default, SSB uses the aes-256-cbc cipher method and the SHA-256 digest method.
Password strength is now required to be at least 12 characters including lower case letters, upper case letters, numbers, and special characters.
The SNMP source and the SNMP v2c agent are now turned off by default.
All of the email and SNMP alerts are now enabled by default.
Flow-control is now enabled by default.
You can now search in indexed logspaces even if log traffic is disabled.
The steps describing how to recover from a split brain situation have been clarified. For more information, see Recovering from a split brain situation.
Any feedback is greatly appreciated, especially on what else this document should cover. General comments, errors found in the text, and any suggestions about how to improve the documentation is welcome at