syslog-ng Store Box 5.3.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Troubleshooting SSB Security checklist for configuring SSB About us Third-party contributions

Creating configuration backups

To create a configuration backup, assign a backup policy as the System backup policy of SSB.

TIP:

To create an immediate backup of SSB's configuration to your machine (not to the backup server), select Basic Settings > System > Export configuration. Note that the configuration export contains only the system settings and configuration files (including changelogs). System backups includes additional information like reports and alerts.

To encrypt your configuration backups, see Encrypting configuration backups with GPG.

Prerequisites:

You have to configure a backup policy before starting this procedure. For details, see Data and configuration backups.

To create a configuration backup

  1. Navigate to Basic Settings > Management > System backup.

    Figure 42: Basic Settings > Management > System backup — Configure system backup

  2. Select the backup policy you want to use for backing up the configuration of SSB in the System backup policy field.

  3. Click Commit.

  4. Optional: To start the backup process immediately, click Backup now. The Backup now functionality works only after a backup policy has been selected and committed.

Creating data backups

To configure data backups, assign a backup policy to the logspace.

TIP:

Data that is still in the memory of SSB is not copied to the remote server, only data that was already written to disk.

To make sure that all data is backed up (for example, before an upgrade), shut down syslog-ng before initiating the backup process.

Caution:

Statistics about syslog-ng and logspace sizes are not backed up. As a result, following a data restore, the Basic Settings > Dashboard page will not show any syslog-ng and logspace statistics about the period before the backup.

Prerequisites:

You have to configure a backup policy before starting this procedure. For details, see Data and configuration backups.

To configure data backups

  1. Navigate to Log > Logpaces.

  2. Select the logspace you want to back up.

  3. Select a backup policy in the Backup policy field.

  4. Click Commit.

  5. Optional: To start the backup process immediately, click Backup or Backup ALL. The Backup and Backup ALL functionalities work only after a backup policy has been selected and committed.

Encrypting configuration backups with GPG

You can encrypt the configuration file of SSB during system backups using the public-part of a GPG key. The system backups of SSB contain other information as well (for example, databases), but only the configuration file is encrypted. Note that system backups do not contain logspace data.

For details on restoring configuration from a configuration backup, see Restoring SSB configuration and data.

NOTE:

It is not possible to directly import a GPG-encrypted configuration into SSB, it has to be decrypted locally first.

Prerequisites:

You have to configure a backup policy before starting this procedure. For details, see Data and configuration backups.

You need a GPG key which must be permitted to encrypt data. Keys that can be used only for signing cannot be used to encrypt the configuration file.

To encrypt configuration backups with GPG

  1. Navigate to Basic > System > Management > System backup.

  2. Select Encrypt configuration.

  3. Select .

    • To upload a key file, click Browse, select the file containing the public GPG key, and click Upload. SSB accepts both binary and ASCII-armored GPG keys.

    • To copy-paste the key from the clipboard, paste it into the Key field and click Set.

  4. Click Commit.

Archiving and cleanup

Archiving transfers data from SSB to an external storage solution, cleanup removes (deletes) old files. Archived data can be accessed and searched, but cannot be restored (moved back) to the SSB appliance.

To configure archiving and cleanup, you first have to create an archive/cleanup policy. Archive/cleanup policies define the retention time, the address of the remote backup server, which protocol to use to access it, and other parameters. SSB can be configured to use the SMB/CIFS and NFS protocols to access the backup server:

Caution:

Hazard of data loss. Never delete an Archive Policy if data has been archived to it. This will make the already archived data inaccessible.

Do not "remake" an Archive Policy (that is, deleting an Archive Policy and then creating another one with the same name but different parameters). This will make data inaccessible, and identifying the root cause of the issue complicated.

If you want to change the connection parameters (that is when you perform a storage server migration), you must make sure that the share contents and file permissions are kept unmodified and there are no archiving or backup tasks running.

On the other hand, if you want to add a new network share to your archives, proceed with the following steps:

  1. Create a new empty SMB/NFS network share.

  2. Create a new Archive Policy that points to this network share.

  3. Modify your Logspace(s) to archive using the newly defined Archive Policy.

  4. Make sure to leave the existing Archive Policy unmodified.

It is also safe to extend the size of the network share on the server side.

The different protocols assign different file ownerships to the files saved on the remote server. The owners of the archives created using the different protocols are the following:

  • SMB/CIFS: The user provided on the web interface.

  • NFS: root with no-root-squash, nobody otherwise.

Caution:

SSB cannot modify the ownership of a file that already exists on the remote server.

Once you have configured an archive/cleanup policy, assign it to the logspace you want to archive. For details, see Archiving or cleaning up the collected data.

Related Documents