Chat now with support
Chat with Support

syslog-ng Store Box 5.0.3 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Troubleshooting SSB Security checklist for configuring SSB About us Third-party contributions

Configuring SNMP alerts

Purpose:

SSB can send alerts to a central monitoring server via SNMP (Simple Network Management Protocol). To configure SNMP alerts, complete the following steps:

Steps:
  1. Navigate to Basic Settings > Management > SNMP trap settings.

  2. Enter the IP address or the hostname of the SNMP server into the SNMP server address field.

    Figure 28: Basic Settings > Management > SNMP trap settings — Configure SNMP alerts

  3. Select the SNMP protocol to use.

    • To use the SNMP v2c protocol for SNMP queries, select SNMP v2c, and enter the community to use into the Community field.

    • To use the SNMP v3 protocol, select SNMP v3 and complete the following steps:

      Figure 29: Basic Settings > Management > SNMP trap settings — Configure SNMP alerts using SNMPv3

    1. Enter the username to use into the Username field.

    2. Enter the engine ID to use into the Engine ID field. The engine ID is a hexadecimal number at least 10 digits long, starting with 0x. For example 0xABABABABAB.

    3. Select the authentication method (SHA1) to use from the Authentication method field.

    4. Enter the password to use into the Authentication password field.

    5. Select the encryption method (Disabled or AES) to use from the Encryption method field.

      The supported AES method is AES-128.

    6. In the case of AES, enter the encryption password to use into the Encryption password field.

    NOTE:

    SSB accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[]^-`{|}

  4. Click Commit.

  5. Navigate to Basic Settings > Alerting & Monitoring and select in which situations should SSB send an SNMP alert. For details, see Configuring system monitoring on SSB.

  6. Click Commit.

Querying SSB status information using agents

Purpose:

External SNMP agents can query the basic status information of SSB. To configure which clients can query this information, complete the following steps:

Steps:
  1. Navigate to Basic Settings > Management > SNMP agent settings.

    Figure 30: Basic Settings > Management > SNMP agent settings — Configure SNMP agent access

  2. The status of SSB can be queried dynamically via SNMP. By default, the status can be queried from any host. To restrict access to these data to a single host, enter the IP address of the host into the Client address field.

  3. Optionally, you can enter the details of the SNMP server into the System location, System contact, and System description fields.

  4. Select the SNMP protocol to use.

    • To use the SNMP v2c protocol for SNMP queries, select SNMP v2c agent, and enter the community to use into the Community field.

    • To use the SNMP v3 protocol, select SNMP v3 agent and complete the following steps:

    1. Click .

    2. Enter the username used by the SNMP agent into the Username field.

    3. Select the authentication method (MD5 or SHA1) to use from the Auth. method field.

    4. Enter the password used by the SNMP agent into the Auth. password field.

    5. Select the encryption method (Disabled, DES or AES) to use from the Encryption method field.

      The supported AES method is AES-128.

    6. Enter the encryption password to use into the Encryption password field.

    7. To add other agents, click .

    NOTE:

    SSB accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[]^-`{|}

  5. Click Commit.

Configuring system monitoring on SSB

SSB continuously monitors a number of parameters of the SSB hardware and its environment. If a parameter reaches a critical level (set in its respective Maximum field), SSB sends e-mail and SNMP messages to alert the administrator.

SSB sends SNMP alerts using the management network interface by default, or using the external interface if the management interface is disabled. SSB supports the SNMPv2c and SNMPv3 protocols. The SNMP server set on the Management tab can query status information from SSB.

TIP:

To have your central monitoring system recognize the SNMP alerts sent by SSB, select Basic Settings > Alerting & Monitoring > Download MIBs to download the SSB-specific Management Information Base (MIB), then import it into your monitoring system.

Figure 31: Basic Settings > Alerting & Monitoring — Configure SNMP and e-mail alerts

The following sections describe the parameters you can receive alerts on.

Configuring monitoring

Purpose:

To configure monitoring, complete the following steps:

Steps:
  1. Navigate to Basic Settings > Alerting & Monitoring.

    Figure 32: Basic Settings > Alerting & Monitoring — Configure SNMP and e-mail alerts

  2. The default threshold values of the parameters are suitable for most situations. Adjust the thresholds only if needed.

  3. Select the type of alert (e-mail or SNMP) you want to receive for the different events. For details about the events that trigger an alert, see Health monitoring, System related traps, and Alerts related to syslog-ng. See also Preventing disk space fill up and Configuring message rate alerting.

  4. Click Commit.

  5. Navigate to Basic Settings > Management and verify that the SNMP settings and Mail settings of SSB are correct. SSB sends alerts only to the alert e-mail address and to the SNMP server.

    Caution:

    Sending alerts fails if these settings are incorrect.

Related Documents