Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

syslog-ng Store Box 6.0.5 - Administration Guide

Table of Contents

About this document

What SSB is What SSB is not Why is SSB needed Who uses SSB

The concepts of SSB

The philosophy of SSB Collecting logs with SSB Managing incoming and outgoing messages with flow-control Receiving logs from a secure channel Advanced Log Transfer Protocol Network interfaces High Availability support in SSB Firmware in SSB

Firmware and high availability

Versions and releases of SSB Licensing model and modes of operation

Notes about counting the licensed hosts

Licensing benefits License types

Perpetual license Subscription-based license

Licensing examples The structure of a log message

BSD-syslog or legacy-syslog messages

The PRI message part The HEADER message part The MSG message part

IETF-syslog messages

The PRI message part The HEADER message part The STRUCTURED-DATA message part The MSG message part

The Welcome Wizard and the first login

The initial connection to SSB

Creating an alias IP address (Microsoft Windows) Creating an alias IP address (Linux) Modifying the IP address of SSB

Configuring SSB with the Welcome Wizard

Supported web browsers The structure of the web interface

Elements of the main workspace Multiple web users and locking Web interface and RPC API settings

Network settings

Configuring the management interface Configuring the routing table

Date and time configuration

Configuring a time (NTP) server

SNMP and e-mail alerts

Configuring email alerts Configuring SNMP alerts Querying SSB status information using agents

Configuring system monitoring on SSB

Configuring monitoring Health monitoring Preventing disk space fill up Configuring message rate alerting System-related traps Alerts related to syslog-ng

Data and configuration backups

Creating a backup policy using Rsync over SSH Creating a backup policy using SMB/CIFS Creating a backup policy using NFS Creating configuration backups Creating data backups Encrypting configuration backups with GPG

Archiving and cleanup

Creating a cleanup policy Creating an archive policy using SMB/CIFS Creating an archive policy using NFS Archiving or cleaning up the collected data

User management and access control

Managing SSB users locally

Creating local users in SSB Deleting a local user from SSB

Setting password policies for local users Managing local usergroups Managing SSB users from an LDAP database Authenticating users to a RADIUS server Managing user rights and usergroups

Assigning privileges to usergroups for the SSB web interface Modifying group privileges Finding specific usergroups How to use usergroups Built-in usergroups of SSB

Listing and searching configuration changes

Controlling SSB: restart, shutdown Managing a high availability SSB cluster

Adjusting the synchronization speed Asynchronous data replication Redundant heartbeat interfaces Next-hop router monitoring

Upgrade checklist Upgrading SSB Upgrading an SSB cluster Troubleshooting Updating the SSB license Exporting the configuration of SSB Importing the configuration of SSB

Accessing the SSB console

Using the console menu of SSB Enabling SSH access to the SSB host Changing the root password of SSB

Disabling sealed mode

Out-of-band management of SSB

Configuring the IPMI interface from the console Configuring the IPMI interface from the BIOS

Managing the certificates used on SSB

Generating certificates for SSB Uploading external certificates to SSB Generating TSA certificate with Windows Certificate Authority on Windows Server 2008 Generating TSA certificate with Windows Certificate Authority on Windows Server 2012

Creating hostlist policies

Creating hostlists Importing hostlists from files

Configuring message sources

Default message sources in SSB Receiving SNMP messages Creating syslog message sources in SSB

Storing messages on SSB

Using logstores

Creating logstores Configuring the indexer service Viewing encrypted logs with logcat

Creating text logspaces Managing logspaces Creating filtered logspaces Creating remote logspaces Creating multiple logspaces Accessing log files across the network

Sharing log files in standalone mode Sharing log files in domain mode Accessing shared files

Forwarding messages from SSB

Forwarding log messages to SQL databases SQL templates in SSB

The Legacy template The Full template The Custom template

Forwarding log messages to remote servers Forwarding log messages to HDFS destinations

Configuring a Kerberos policy Configuring the HDFS cluster Configuring an HDFS destination

Log paths: routing and processing messages

Default logpaths in SSB Creating new logpaths Filtering messages Replace message parts or create new macros with rewrite rules Find and replace the text of the log message Parsing sudo log messages Parsing key-value pairs

Configuring syslog-ng options

General syslog-ng settings Timestamping configuration on SSB Using name resolution on SSB Setting the certificates used in TLS-encrypted log transport

Searching log messages

Using the search interface

Customizing columns of the log message search interface Metadata collected about log messages Using complex search queries

Browsing encrypted logspaces

Using persistent decryption keys Using session-only decryption keys Assigning decryption keys to a logstore

Creating custom statistics from log data

Displaying log statistics Creating reports from custom statistics

Creating content-based alerts

Setting up alerts on the search interface Setting up alerts on the Search > Content-Based Alerts page Format of alert messages

Additional tools

Searching the internal messages of SSB

Using the internal search interfaces

Filtering Exporting the results Customizing columns of the internal search interfaces

Changelogs of SSB Configuration changes of syslog-ng peers Log message alerts Notifications on archiving and backups Status history and statistics

Displaying custom syslog-ng statistics Statistics collection options

Contents of the default reports Generating partial reports Configuring custom reports

Classifying messages with pattern databases

The structure of the pattern database How pattern matching works Searching for rulesets Creating new rulesets and rules Exporting databases and rulesets Importing pattern databases Using pattern parsers Using parser results in filters and templates Using the values of pattern parsers in filters and templates

The SSB RPC API

Requirements for using the RPC API RPC client requirements Documentation of the RPC API

Troubleshooting SSB

Network troubleshooting Gathering data about system problems Viewing logs on SSB Collecting logs and system information for error reporting Troubleshooting an SSB cluster

Understanding SSB cluster statuses Recovering SSB if both nodes broke down Recovering from a split brain situation Replacing a node in an SSB HA cluster Resolving an IP conflict between cluster nodes

Restoring SSB configuration and data Configuring the IPMI interface from the BIOS after losing IPMI password Incomplete TSA response received

Security checklist for configuring SSB Glossary

ssb-processing-messages

Parse the message as a syslog message (unless message parsing is explicitly disabled for the source).
Classify the message using a pattern database.
Modify the message using rewrite rules (before filtering).
Filter the messages, for example, based on sender hostname or message content. If the message does not match the configured filter, SSB will not send it to the destination.
Parse the text of the message (that is, the ${MESSAGE} part) using a key-value parser or the sudo parser.
Modify the message using rewrite rules (after filtering and other parsing).
SSB sends the message to the destinations set in the logpath. The destinations are local, optionally encrypted files on SSB, or remote servers, such as a database server.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center