SSB can use a list of host and network addresses at a number of places, for example for limiting the client that can send log messages to a log source, or the hosts that can access shared logspaces.
For details on how to create a new hostlist, see Creating hostlists.
For details on how to import hostlists from a file, see Importing hostlists from files.
The following describes how to create a new hostlist.
To create a new hostlist
Navigate to Policies > Hostlists and select .
Enter a name for the hostlist (for example servers).
Figure 92: Policies > Hostlists — Creating hostlists
Enter the IP address of the permitted host into the Match > Address field. You can also enter a network address in the IP address/netmask format (for example 192.168.1.0/24). To add more addresses, click and repeat this step.
To add hosts that are excluded from the list, enter the IP address of the denied host into the Ignore > Address field.
|
TIP:
To add every address except for a few specific hosts or networks to the list, add the 0.0.0.0/0 network to the Match list, and the denied hosts or networks to the Ignore list. |
Click .
|
Caution:
If you modify a hostlist, navigate to Basic Settings > System > Service control > Syslog traffic, indexing & search: and select Restart syslog-ng for the changes to take effect. |
The following describes how to import hostlists from a text file.
To import hostlists from a text file
Create a plain text file containing the hostlist policies and IP addresses to import. Every line of the file will add an IP address or network to a policy. Use the following format:
name_of_the_policy;match
or
ignore;IP address
For example, a policy that ignores the 192.168.5.5 IP address and another one that matches on the 10.70.0.0/24 subnet, use:
policy1;ignore;192.168.5.5 policy2;match;10.70.0.0/24
To add multiple addresses or subnets to the same policy, list every address or subnet in a separate line, for example:
policy1;ignore;192.168.7.5 policy1;ignore;192.168.5.5 policy1;match;10.70.0.0/24
Navigate to Policies > Hostlists > Import from file > Browse and select the text file containing the hostlist policies to import.
Figure 93: Policies > Hostlists — Importing hostlists
If you are updating existing policies and want to add new addresses to them, select Append.
If you are updating existing policies and want to replace the existing addresses with the ones in the text file, select Replace.
Click Upload, then .
|
Caution:
If you modify a hostlist, navigate to Basic Settings > System > Service control > Syslog traffic, indexing & search: and select Restart syslog-ng for the changes to take effect. |
SSB receives log messages from remote hosts via sources. A number of sources are available by default, but you can also create new sources. Apart from the syslog protocols, SSB can also receive messages via the SNMP protocol, and convert these messages to syslog messages.
For details on using the built-in message sources of SSB, see Default message sources in SSB.
For details on receiving SNMP messages, see Receiving SNMP messages.
For details on how to create new syslog message sources, see Creating syslog message sources in SSB.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy