Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

syslog-ng Store Box 5.0.3 - Administration Guide

Table of Contents

About this document

Summary of changes Feedback

What SSB is What SSB is not Why is SSB needed Who uses SSB

The concepts of SSB

The philosophy of SSB Collecting logs with SSB Managing incoming and outgoing messages with flow-control Receiving logs from a secure channel Reliable Log Transfer Protocol Network interfaces High Availability support in SSB Firmware in SSB

Firmware and high availability

Versions and releases of SSB Licensing model and modes of operation

Notes about counting the licensed hosts

Licensing benefits License types

Perpetual license Subscription-based license

Licensing examples The structure of a log message

BSD-syslog or legacy-syslog messages

The PRI message part The HEADER message part The MSG message part

IETF-syslog messages

The PRI message part The HEADER message part The STRUCTURED-DATA message part The MSG message part

The Welcome Wizard and the first login

The initial connection to SSB

Creating an alias IP address (Microsoft Windows) Creating an alias IP address (Linux) Modifying the IP address of SSB

Configuring SSB with the Welcome Wizard

Supported web browsers The structure of the web interface

Elements of the main workspace Multiple web users and locking Web interface and RPC API

Network settings

Configuring the management interface Configuring the routing table

Date and time configuration

Configuring a time (NTP) server

SNMP and e-mail alerts

Configuring e-mail alerts Configuring SNMP alerts Querying SSB status information using agents

Configuring system monitoring on SSB

Configuring monitoring Health monitoring Preventing disk space fill up Configuring message rate alerting System related traps Alerts related to syslog-ng

Data and configuration backups

Creating a backup policy using Rsync over SSH Creating a backup policy using SMB/CIFS Creating a backup policy using NFS Creating configuration backups Creating data backups Encrypting configuration backups with GPG

Archiving and cleanup

Creating a cleanup policy Creating an archive policy using SMB/CIFS Creating an archive policy using NFS Archiving or cleaning up the collected data

User management and access control

Managing SSB users locally

Creating local users in SSB Deleting a local user from SSB

Setting password policies for local users Managing local usergroups Managing SSB users from an LDAP database Authenticating users to a RADIUS server Managing user rights and usergroups

Assigning privileges to usergroups for the SSB web interface Modifying group privileges Finding specific usergroups How to use usergroups Built-in usergroups of SSB

Listing and searching configuration changes

Controlling SSB: restart, shutdown Managing a high availability SSB cluster

Adjusting the synchronization speed Asynchronous data replication Redundant heartbeat interfaces Next-hop router monitoring

Upgrade checklist Upgrading SSB (single node) Upgrading an SSB cluster Troubleshooting Updating the SSB license Exporting the configuration of SSB Importing the configuration of SSB

Accessing the SSB console

Using the console menu of SSB Enabling SSH access to the SSB host Changing the root password of SSB

Disabling sealed mode

Out-of-band management of SSB

Configuring the IPMI interface from the console Configuring the IPMI interface from the BIOS

Managing the certificates used on SSB

Generating certificates for SSB Uploading external certificates to SSB Generating TSA certificate with Windows Certificate Authority on Windows Server 2008 Generating TSA certificate with Windows Certificate Authority on Windows Server 2012

Creating hostlist policies

Creating hostlists Importing hostlists from files

Configuring message sources

Default message sources in SSB Receiving SNMP messages Creating syslog message sources in SSB Creating SQL message sources in SSB

Fetching the SQL database Configuring message parts in Basic mode Configuring message parts in Advanced mode Creating a fetch query manually

Storing messages on SSB

Using logstores

Creating logstores Configuring the indexer service Viewing encrypted logs with logcat

Creating text logspaces Managing logspaces Creating filtered logspaces Creating remote logspaces Creating multiple logspaces Accessing log files across the network

Sharing log files in standalone mode Sharing log files in domain mode Accessing shared files

Forwarding messages from SSB

Forwarding log messages to SQL databases SQL templates in SSB

The Legacy template The Full template The Custom template

Forwarding log messages to remote servers Forwarding log messages to SNMP destinations

Log paths: routing and processing messages

Default logpaths in SSB Creating new log paths Filtering messages Replace message parts or create new macros with rewrite rules Find and replace the text of the log message Parsing sudo log messages Parsing key-value pairs

Configuring syslog-ng options

General syslog-ng settings Timestamping configuration on SSB Using name resolution on SSB Setting the certificates used in TLS-encrypted log transport

Searching log messages

Using the search interface

Customizing columns of the log message search interface Metadata collected about log messages Using complex search queries

Browsing encrypted logspaces

Using persistent decryption keys Using session-only decryption keys Assigning decryption keys to a logstore

Creating custom statistics from log data

Displaying log statistics Creating reports from custom statistics

Creating content-based alerts

Setting up alerts on the search interface Setting up alerts on the Search > Content-Based Alerts page Format of alert messages

Additional tools

Searching the internal messages of SSB

Using the internal search interfaces

Filtering Exporting the results Customizing columns of the internal search interfaces

Changelogs of SSB Configuration changes of syslog-ng peers Log message alerts Notifications on archiving and backups Status history and statistics

Displaying custom syslog-ng statistics Statistics collection options

Contents of the default reports Generating partial reports Configuring custom reports

Classifying messages with pattern databases

The structure of the pattern database How pattern matching works Searching for rulesets Creating new rulesets and rules Exporting databases and rulesets Importing pattern databases Using pattern parsers Using parser results in filters and templates Using the values of pattern parsers in filters and templates

The SSB RPC API

Requirements for using the RPC API RPC client requirements Documentation of the RPC API

Troubleshooting SSB

Network troubleshooting Gathering data about system problems Viewing logs on SSB Collecting logs and system information for error reporting Troubleshooting an SSB cluster

Understanding SSB cluster statuses Recovering SSB if both nodes broke down Recovering from a split brain situation Replacing a node in an SSB HA cluster Resolving an IP conflict between cluster nodes

Restoring SSB configuration and data Configuring the IPMI interface from the BIOS after losing IPMI password Incomplete TSA response received

Security checklist for configuring SSB About us Third-party contributions

GNU General Public License

Preamble TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

Section 0 Section 1 Section 2 Section 3 Section 4 Section 5 Section 6 Section 7 Section 8 Section 9 Section 10 NO WARRANTY Section 11 Section 12

How to Apply These Terms to Your New Programs

GNU Lesser General Public License License attributions

Preface

Preface

Welcome to the syslog-ng Store Box 5 LTS Administrator Guide!

This document describes how to configure and manage the syslog-ng Store Box (SSB). Background information for the technology and concepts used by the product is also discussed.

About this document

Preface > About this document

This guide is a work-in-progress document with new versions appearing periodically.

The latest version of this document can be downloaded from the syslog-ng Store Box Documentation page.

Summary of changes

Preface > About this document > Summary of changes

Version 4 F9 - 5 LTS

Changes in product:

The procedures about rewriting incoming log messages have been updated. See Replace message parts or create new macros with rewrite rules and Find and replace the text of the log message.
Password policies set for local SSB users now apply to the admin and root users as well. For details, see Setting password policies for local users.
SSB now prevents brute force attacks when logging in. For more information, see Web interface and RPC API and The SSB RPC API.
The following default settings have changed:
- Indexing is now enabled by default. For more information, see Creating logstores.
- Required trusted is now the default setting for the Peer verification field.
- Strong is now the default setting for setting the strength of the cipher suites. Also, the Default option has been renamed to Weak. For more information, see Creating syslog message sources in SSB.
- By default, SSB uses the aes-256-cbc cipher method and the SHA-256 digest method.
- Password strength is now required to be at least 12 characters including lower case letters, upper case letters, numbers, and special characters.
- The SNMP source and the SNMP v2c agent are now turned off by default.
- All of the email and SNMP alerts are now enabled by default.
- Flow-control is now enabled by default.
- You can now search in indexed logspaces even if log traffic is disabled.
The Backup and Revert configuration items have been removed from the console menu.

Changes in documentation:

The steps describing how to recover from a split brain situation have been clarified. For more information, see Recovering from a split brain situation.

Feedback

Preface > About this document > Feedback

Any feedback is greatly appreciated, especially on what else this document should cover. General comments, errors found in the text, and any suggestions about how to improve the documentation is welcome at documentation@balabit.com.

Self Service Tools: Knowledge Base; Notifications & Alerts; Product Support; Software Downloads; Technical Documentation; User Forums; Video Tutorials; RSS Feed

Contact Us: Licensing Assistance; Technical Support; View All

Related Documents

© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy