Welcome to the syslog-ng Store Box 6.0.0 Administrator Guide!
This document describes how to configure and manage the syslog-ng Store Box (SSB). Background information for the technology and concepts used by the product is also discussed.
This guide is a work-in-progress document with new versions appearing periodically.
The latest version of this document can be downloaded from the syslog-ng Store Box Documentation page.
When using SNMP to monitor SSB, information about SSB is available using the public community by default. If you are using a high-availability SSB cluster, then each node provides information about its own status using a specific community, for example, 00:56:56:6f:00:8F. This community is displayed on the Basic Settings > Management > SNMP trap settings page, and is the Node ID of the node (also displayed in the Basic Settings > High Availability > This node > Node ID field when using SSB in High Availability mode).
The security settings and ciphers supported when accessing the SSB web interface and RPC API have been updated. For details, see Web interface and RPC API settings.
Starting with version 5.3, SSB can be updated using a single firmware file instead of having to upload the core and boot firmware separately. Maintenance releases of the 5.3 line will already use this mechanism, and will be released as an ISO file. For details, see Upgrading SSB. Note that upgrading to SSB 5.3 still requires two separate firmware files.
Unsupported protocol: The sslv3 protocol is unsupported. Make sure that your clients support a newer protocol (at least tlsv1.0), otherwise SSB will not be able to receive log messages from them.
Unsupported ciphers: The rc4 and 3des cipher suites are unsupported. Make sure that your clients support a cipher suite that contains more secure ciphers, otherwise SSB will not be able to receive log messages from them.
Unsupported digest method: The sha-0 (sha) digest method cannot be used in logstores anymore. If you have a logstore that uses this digest method, you must configure the logstore to use a different method before upgrading to SSB 5.3. Note that SSB rotates the logstore files every midnight. After changing the digest method, you must wait for the next logrotation before upgrading to SSB 5.3. For details on changing the digest method, see "General syslog-ng settings" in the Administration Guide.
After upgrading to SSB 5.3, you will not be able to access and search the logstore files that use the sha-0 digest method.
The Special > Firmware user privilege has been removed. To upload a new firmware, the user now needs to have the Basic Settings > System privilege. Note that users who had only the Special > Firmware privilege will not be able to login to SSB after upgrading to version 5.3. For details on managing user privileges, see "User management and access control" in the Administration Guide.
Configuration changes of syslog-ng Premium Edition peers can be displayed only for peers running syslog-ng Premium Edition 3.0-6.0.x. Peers running syslog-ng Premium Edition version 7.0.x do not send such notifications. As a result, if you are forwarding the logs of an SSB node to another SSB node, such log messages will not be available. You can check the configuration changes of SSB on the AAA > Accounting page.
This means the following:
On the Basic Settings > Dashboard page, in the syslog-ng module, the following parameter names have changed to better represent their values:
For details, see: Status history and statistics.
This chapter introduces the syslog-ng Store Box (SSB), discussing how and why it is useful, and what benefits it offers to an existing IT infrastructure.