Chat now with support
Chat with Support

syslog-ng Store Box 5.3.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Troubleshooting SSB Security checklist for configuring SSB About us Third-party contributions

Creating hostlist policies

SSB can use a list of host and network addresses at a number of places, for example for limiting the client that can send log messages to a log source, or the hosts that can access shared logspaces.

Creating hostlists

The following describes how to create a new hostlist.

To create a new hostlist

  1. Navigate to Policies > Hostlists and select .

  2. Enter a name for the hostlist (for example servers).

    Figure 92: Policies > Hostlists — Creating hostlists

  3. Enter the IP address of the permitted host into the Match > Address field. You can also enter a network address in the IP address/netmask format (for example 192.168.1.0/24). To add more addresses, click and repeat this step.

  4. To add hosts that are excluded from the list, enter the IP address of the denied host into the Ignore > Address field.

    TIP:

    To add every address except for a few specific hosts or networks to the list, add the 0.0.0.0/0 network to the Match list, and the denied hosts or networks to the Ignore list.

  5. Click Commit.

    Caution:

    If you modify a hostlist, navigate to Basic Settings > System > Service control > Syslog traffic, indexing & search: and select Restart syslog-ng for the changes to take effect.

Importing hostlists from files

The following describes how to import hostlists from a text file.

To import hostlists from a text file

  1. Create a plain text file containing the hostlist policies and IP addresses to import. Every line of the file will add an IP address or network to a policy. Use the following format:

    name_of_the_policy;match

    or

    ignore;IP address

    For example, a policy that ignores the 192.168.5.5 IP address and another one that matches on the 10.70.0.0/24 subnet, use:

    policy1;ignore;192.168.5.5
    policy2;match;10.70.0.0/24

    To add multiple addresses or subnets to the same policy, list every address or subnet in a separate line, for example:

    policy1;ignore;192.168.7.5
    policy1;ignore;192.168.5.5
    policy1;match;10.70.0.0/24
  2. Navigate to Policies > Hostlists > Import from file > Browse and select the text file containing the hostlist policies to import.

    Figure 93: Policies > Hostlists — Importing hostlists

  3. If you are updating existing policies and want to add new addresses to them, select Append.

    If you are updating existing policies and want to replace the existing addresses with the ones in the text file, select Replace.

  4. Click Upload, then Commit.

    Caution:

    If you modify a hostlist, navigate to Basic Settings > System > Service control > Syslog traffic, indexing & search: and select Restart syslog-ng for the changes to take effect.

Configuring message sources

SSB receives log messages from remote hosts via sources. A number of sources are available by default, but you can also create new sources. Apart from the syslog protocols, SSB can also receive messages via the SNMP protocol, and convert these messages to syslog messages.

Related Documents