Chat now with support
Chat with Support

syslog-ng Store Box 5.0.3 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Troubleshooting SSB Security checklist for configuring SSB About us Third-party contributions

Perpetual license

Buying a license for a One Identity product allows you to use the product as described in the Software Transaction, License and End User License Agreements.

You can download and use the latest Long Term Supported (LTS) Release of the product, and any subsequent Feature Release that is based on the Long Term Supported Release that was valid when you bought the license. To access the next Long Term Supported (LTS) Release, you must have a valid support package when the next Long Term Supported (LTS) Release is published.

Example: Accessing updates example

A customer's Support Service Agreement for syslog-ng Store Box (SSB) has expired and the customer did not renew it. At the time of expiration, the latest available versions were SSB 4 LTS and SSB 4 F3. In this case, the customer can access the current and future revisions of these versions, but they will not have access to future releases such as 4 F4 or 5 LTS when they are released.

Buying a subscription-based license automatically includes product support and access to the latest software versions.

You can download your licenses and the purchased software from the support portal.

Subscription-based license

For virtual appliances, you can buy a subscription-based license that is valid for a fixed period of twelve (12) or thirty-six (36) months. The subscription-based license automatically includes product support and access to the latest software versions. For details, see the Software Transaction, License and End User License Agreements.

Note that One Identity offers subscription-based licensing only in certain geographic regions and only for limited virtual appliance license options. For details, contact One Identity.

Licensing examples

Example: A simple example

Scenario:

  • You want to deploy an SSB appliance as a log server.
  • 45 servers with syslog-ng PE installed in client mode send logs to the SSB log server.
  • 45 networks devices without syslog-ng PE installed send logs to the SSB log server.

License requirements: You need a syslog-ng Store Box license for at least 100 Log Source Host (LSH) as there are 90 LSHs (45+45=90) in this scenario.

Example: High Availability (HA) cluster

Scenario:

  • You want to install syslog-ng PE in server mode on two hosts that run as an active-passive high-availability cluster.
  • 45 servers with syslog-ng PE installed in client mode send logs to the syslog-ng PE log server.
  • 45 networks devices without syslog-ng PE installed send logs to the syslog-ng PE log server.

License requirements: You need a syslog-ng Store Box license for at least 100 Log Source Host (LSH) as there are 90 LSHs (45+45=90) in this scenario. You also need a High Availability (HA) license for the passive log server.

Example: Using alternative log servers with syslog-ng PE clients

Scenario:

  • You want to deploy an SSB appliance as a log server.
  • 45 servers with syslog-ng PE installed in client mode send logs to the SSB log server.
  • 45 networks devices without syslog-ng PE installed send logs to the SSB log server.
  • 100 servers with syslog-ng PE installed send log messages to a log server without syslog-ng PE installed.

License requirements: You need a syslog-ng Store Box license for at least 200 LSHs as there are 190 LSHs (45+45 that send logs to a syslog-ng PE log server, and another 100 that run syslog-ng PE, 45+45+100=190) in this scenario.

Example: Using syslog-ng PE relays

Scenario:

  • You want to deploy an SSB appliance as a log server.
  • 45 servers with syslog-ng PE installed in client mode send logs directly to the SSB log server.
  • 5 servers with syslog-ng PE installed in relay mode send logs to the SSB log server.
  • Every syslog-ng PE relay receives logs from 9 networks devices without syslog-ng PE installed (a total of 45 devices).
  • 100 servers with syslog-ng PE installed send log messages to a log server without syslog-ng PE installed.

License requirements: You need a syslog-ng Store Box license for at least 200 LSH as there are 195 LSHs (45+5+(5*9)+100=195) in this scenario.

Example: Multiple facilities

You have two facilities (for example, data centers or server farms). Facility 1 has 75 AIX servers and 20 Microsoft Windows hosts, Facility 2 has 5 HP-UX servers and 40 Debian servers. That is 140 hosts altogether.

NOTE:

If, for example, the 40 Debian servers at Facility 2 are each running 3 virtual hosts, then the total number of hosts at Facility 2 is 125, and the license sizes in the following examples should be calculated accordingly.

  • Scenario: The log messages are collected to a single, central SSB log server.

    License requirements: You need a syslog-ng Store Box license for 150 LSH as there are 140 LSHs (75+20+5+40) in this scenario.

  • Scenario: Each facility has its own SSB log server, and there is no central log server.

    License requirements: You need two separate licenses: a license for at least 95 LSHs (75+20) at Facility 1, and a license for at least 45 LSHs (5+40) at Facility 2. You need a license for 100 LSHs at Facility 1, and a license for 50 LSHs at Facility 2.

  • Scenario: The log messages are collected to a single, central SSB log server. Facility 1 and 2 each have a syslog-ng PE relay that forwards the log messages to the central SSB log server.

    License requirements: You need a syslog-ng Store Box license for 150 LSH as there are 142 LSHs (1+75+20+1+5+40) in this scenario (since the relays are also counted as an LSH).

  • Scenario: Each facility has its own local SSB log server, and there is also a central SSB log server that collects every log message independently from the two local log servers.

    License requirements: You need three separate licenses. A syslog-ng Store Box a license for at least 95 LSHs (75+20) at Facility 1, a license for at least 45 LSHs (5+40) at Facility 2, and also a license for at least 142 LSHs for the central syslog-ng Store Box log server (assuming that you want to collect the internal logs of the local log servers as well).

The structure of a log message

The following sections describe the structure of log messages. Currently there are two standard syslog message formats:

Related Documents