Chat now with support
Chat with Support

syslog-ng Store Box 5.0.3 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Troubleshooting SSB Security checklist for configuring SSB About us Third-party contributions

Sharing log files in standalone mode

Steps:
  1. Navigate to Policies > Shares > SMB/CIFS options and select Standalone mode.

    Figure 108: Policies > Shares > SMB/CIFS options — Sharing logspaces

  2. Select to create a new share policy and enter a name for the policy.

  3. Select the type of the network share from the Type field.

    Figure 109: Policies > Shares > Share policies — Creating share policies

    • To access the log files using NFS (Network File System), select NFS.

    • To access the log files using Samba (Server Message Block protocol), select CIFS.

  4. If you are using the Samba protocol, you can control which users and hosts can access the shares. Otherwise, every user with an SSB account has access to every shared log file.

    • To control which users can access the shared files, enter the name of the usergroup who can access the files into the Allowed group field. For details on local user groups, see Managing local usergroups.

    • To limit the hosts from where the shares can be accessed, create a hostlist and select it from the Hostlist field. For details on creating hostlists, see Creating hostlist policies.

  5. Click Commit.

  6. To display the details of the logspace, navigate to Log > Logspaces and click .

  7. Select the share policy to use from the Sharing policy field.

    Figure 110: Log > Logspaces > Policies — Setting the share policy of a logspace

  8. Click Commit.

  9. Mount the shared logspace from your computer to access it.

Sharing log files in domain mode

Steps:
  1. Navigate to Policies > Shares > SMB/CIFS options and select Domain mode.

  2. Enter the name of the domain (for example mydomain) into the Domain field.

    Figure 111: Policies > Shares > SMB/CIFS options — Joining a domain

  3. Enter the name of the realm (for example mydomain.example.com) into the Full domain name field.

    NOTE:

    Ensure that your DNS settings are correct and that the full domain name can be resolved from SSB. To check this, navigate to Basic Settings > Troubleshooting > Ping, enter the full domain name into the Hostname field, and select Ping host.

    Click Commit.

  4. Click Join domain. A pop-up window is displayed.

  5. SSB requires an account to your domain to be able to join the domain. Enter the name of the user into the Username field, and the corresponding password into the Password field.

    NOTE:

    SSB accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[]^-`{|}

    Optionally, you can enter the name of your domain controller into the Domain controller field. If you leave this field blank, SSB will try to find the domain controller automatically.

    NOTE:

    Ensure that your DNS settings are correct and that the hostname of the domain controller can be resolved from SSB. To check this, navigate to Basic Settings > Troubleshooting > Ping, enter the name of the domain controller into the Hostname field, and select Ping host.

  6. Click Join domain.

  7. Select to create a new share policy and enter a name for the policy.

    Figure 112: Policies > Shares > Share policies — Creating share policies

  8. Select the type of the network share from the Type field.

    • To access the log files using NFS (Network File System), select NFS.

    • To access the log files using Samba (Server Message Block protocol), select CIFS.

  9. If you are using the Samba protocol, you can control which users and hosts can access the shares. Otherwise, every user with an SSB account has access to every shared log file.

    • To control which users can access the shared files, enter the name of the domain that can access the files (specified in Step 2) into the Allowed group field. Note that the users and SSB must be members of the same domain.

    • To limit the hosts from where the shares can be accessed, create a hostlist and select it from the Hostlist field. For details on creating hostlists, see Creating hostlist policies.

  10. Click Commit.

  11. To display the details of the logspace, navigate to Log > Logspaces and click .

  12. Select the share policy to use from the Sharing policy field.

    Figure 113: Log > Logspaces > Policies — Setting the share policy of a logspace

  13. Click Commit.

  14. Mount the shared logspace from your computer to access it.

Accessing shared files

This section describes how to access log files that are shared using a share policy. For details on sharing log files, see Accessing log files across the network.

Every shared logspace is available as a separate shared folder, even if they all use a single share policy. The name of the shared folder is the name of the logspace. Within the shared folder, the log files are organized into the following directory structure: YEAR/MM-DD/. The files are named according to the filename template set for the logspace. The extension of logstore files is .store, while the extension of text files is .log. Note that the root directory of the share may also contain various files related to the logspace, like index files for logstores. All files are read-only.

When using NFS for sharing the logspace, the name of the shared folder will be the following: /exports/{logspace_id}/....

Mount a shared logspace

The following examples show how to mount a shared logspace using NFS.

On Linux:
mount -t nfs {ssb_ip}:/exports/{logspace_id} {where_to_mount}
On Windows:
  1. Make sure that you have the "Services for NFS" Windows component installed. If not, you can install the NFS client from the Windows interface.

  2. Open regedit, and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default

  3. Create two new DWORD keys called AnonymousGID and AnonymousUID. Set their values to 0.

  4. Restart the NFS client service from an elevated privilege command prompt. Use the following commands: nfsadmin client stop, then nfsadmin client start

  5. Mount the share from the command prompt. (Alternatively, you can also use the 'Map network drive...' function of the file explorer.)

    mount {ssb_ip}://exports/{logspace_id} {DRIVE-LETTER}:

    For example, the following command mounts the local logspace as drive G:

    mount 192.168.1.1://exports/local G:

    After mounting the shared logspace, it is visible in the file explorer. If it is not visible in the file explorer, you have probably used a different user to mount the share. To avoid this problem, you can mount the share again with the same user. Otherwise, you can access it from the command prompt using the {DRIVE-LETTER}: command, even if it is not visible in the file explorer.

For information on viewing encrypted logspace files, see Viewing encrypted logs with logcat.

Forwarding messages from SSB

SSB can forward log messages to remote destinations. The remote destination can be an SQL database running on a remote server, or a syslog or log analyzing application running on a remote server.

Related Documents