Chat now with support
Chat with Support

syslog-ng Store Box 6.0 - Release Notes

New features between SSB 5.0 and 5.3

Operating system upgrade

In version 5.3, we have upgraded the operating system underlying the SSB appliance. The upgrade brings you a more recent and thus, more secure version of the operating system, with longer support lifetime.

Single-file firmware

Starting with version 5.3, SSB can be updated using a single firmware file instead of having to upload the core and boot firmware separately. Maintenance releases of the 5.3 line will already use this mechanism, and will be released as an ISO file. Note that upgrading to SSB 5.3 still requires two separate firmware files.

OpenSSL upgrade

The OpenSSL package in SSB has been updated. As a result, the rc4 and 3des ciphers, the sslv3 protocol, and the sha-0 digest method became unsupported. For details on the consequences of these changes, see Removed features.

HDFS destination

It is now possible to forward log messages from SSB to Hadoop Distributed File System (HDFS) servers, allowing you to store your log data on a distributed, scalable file system. This is especially useful if you have huge amounts of log messages that would be difficult to store otherwise, or if you want to process your messages using Hadoop tools. For more information, see "Forwarding log messages to HDFS destinations" in the Administration Guide.

New syslog-ng version

SSB now uses syslog-ng Premium Edition version 7.0. As a result, the following features have changed:

  • The Pair separator string option has been added to Log > Parsers. You can now define a character or string that separates the key-value pairs from each other.
  • Reliable Log Transfer Protocol (RLTP) has been renamed to Advanced Log Transfer Protocol (ALTP).

For details on the removed features in connection with this change, see Removed features.

Other changes and enhancements
  • From SSB version 5.2.0, SSB now supports SMB 2.1 or later. This change affects your servers and clients that you use for archive, backup and shared logspace purposes. Make sure that they support SMB 2.1 or later. Otherwise these features will not work.
  • On the Log > Sources page, several options have been rearranged to make configuring log sources easier.
  • On the Log > Sources page, the Do not parse option has been added to the Incoming log protocol and message format section. This option completely disables syslog message parsing and stores the complete log in the message part. It is useful if incoming messages do not comply with the syslog format.
  • Because of the change to syslog-ng Premium Edition version 7.0, the Ignore ambiguous program field option has been removed from the Log > Sources page, because syslog-ng PE now handles this both in case of IETF and BSD protocols.
  • On the Basic Settings > Dashboard page, in the syslog-ng module, the following parameter names have changed to better represent their values:

    • destination_stored has been renamed to destination_queued.
    • source_stored has been renamed to source_queued.
  • The Firmware management menu has been removed from the console menu.
  • The Validity information has been removed from Search > Peer Configuration Change.
  • The Peer configuration - Invalid configuration signature element has been removed from the reports.

Removed features

The following is a list of features that have been removed from SSB 5.3.0.

  • Unsupported protocol: The sslv3 protocol is unsupported. Make sure that your clients support a newer protocol (at least tlsv1.0), otherwise SSB will not be able to receive log messages from them.

  • Unsupported ciphers: The rc4 and 3des cipher suites are unsupported. Make sure that your clients support a cipher suite that contains more secure ciphers, otherwise SSB will not be able to receive log messages from them.

  • Unsupported digest method: The sha-0 (sha) digest method cannot be used in logstores anymore. If you have a logstore that uses this digest method, you must configure the logstore to use a different method before upgrading to SSB 5.3. Note that SSB rotates the logstore files every midnight. After changing the digest method, you must wait for the next logrotation before upgrading to SSB 5.3. For details on changing the digest method, see "General syslog-ng settings" in the Administration Guide.

    Caution:

    After upgrading to SSB 5.3, you will not be able to access and search the logstore files that use the sha-0 digest method.

  • The Special > Firmware user privilege has been removed. To upload a new firmware, the user now needs to have the Basic Settings > System privilege. Note that users who had only the Special > Firmware privilege will not be able to login to SSB after upgrading to version 5.3. For details on managing user privileges, see "User management and access control" in the Administration Guide.

  • Configuration changes of syslog-ng Premium Edition peers can be displayed only for peers running syslog-ng Premium Edition 3.0-6.0.x. Peers running syslog-ng Premium Edition version 7.0.x do not send such notifications. As a result, if you are forwarding the logs of an SSB node to another SSB node, such log messages will not be available. You can check the configuration changes of SSB on the AAA > Accounting page.

The following is a list of features that have been removed from SSB 5.2.0.

SSB now uses syslog-ng Premium Edition version 7.0. As a result, the following features have been removed:

  • The SQL source has been removed from Log > Sources. In connection with this, the ssbSqlSourceAlert alert has been removed from Basic Settings > Alerting Monitoring.

  • The SNMP destination has been removed from Log > Destinations.

This means the following:

  • When attempting to upgrade to version 5.2, if you are using SQL source or SNMP destination in your current SSB configuration, the upgrade process will fail. To remedy this issue, delete any SQL source or SNMP destination and retry the upgrade process.

  • When attempting to import a configuration that contains SQL source or SNMP destination to a newly installed SSB, the import process will fail. To remedy this issue, start the machine that you have exported the configuration from, delete any SQL source or SNMP destination, reexport the configuration and then retry the import process.

Resolved issues

The following is a list of issues addressed in this release.

Table 1: Resolved issues in SSB 6.0.0
Resolved Issue Issue ID

Security package updates

avahi usn-3876-1 (https://usn.ubuntu.com/3876-1/)

bind9 usn-3893-1 (https://usn.ubuntu.com/3893-1/)

curl usn-3882-1 (https://usn.ubuntu.com/3882-1/)

file usn-3911-1 (https://usn.ubuntu.com/3911-1/)

libgd2 usn-3900-1 (https://usn.ubuntu.com/3900-1/)

linux

mysql-5.7 usn-3867-1 (https://usn.ubuntu.com/3867-1/)

nss usn-3898-1 (https://usn.ubuntu.com/3898-1/)

openssh usn-3885-1 (https://usn.ubuntu.com/3885-1/)

usn-3885-2 (https://usn.ubuntu.com/3885-2/)

perl usn-3834-1 (https://usn.ubuntu.com/3834-1/)

systemd usn-3891-1 (https://usn.ubuntu.com/3891-1/)

SSB-2920

Internal log message fragmentation

Logs from the boot firmware's systemd journal were getting fragmented into multiple lines. This has now been fixed.

SSB-2906

Indexer instance crash

Indexer instances could crash when the archive directory was scanned while logindexd was shutting down. This has now been fixed.

SSB-2863

Duplicate destinations error

Multiple destinations pointing to the same protocol, port and host resulted in syslog-ng failing to start. Now committing this type of configuration is prevented by the web UI. Upgrade checks now prevent upgrades with such configuration.

SSB-2515

CRL files are not cleaned up in SSB

CRL files of CAs were left on the device and not cleaned up properly. This has been fixed.

SSB-2376

Alert emails are not sent

If SNMP alerts were not configured, SSB did not send any email alerts. This has been corrected, now SSB sends e-mail alerts properly if only email alerts are selected and the SNMP server is not configured.

SSB-2865

Resolved issues between versions 5.0 and 5.3

The following is a list of issues addressed in this release.

Table 2: Resolved issues in SSB 5.3
Resolved Issue Issue ID

Time is not synchronized to the secondary node

In high availability (HA) installations, the NTP synchronization to the secondary node was not working in some cases. This has been fixed.

SSB-2823

Search causes 'RPC response is too big from indexer' error

In some cases if the search results were too big (for example, many very long messages), the Search interface only received an 'RPC response is too big from indexer' error message instead of the search results. This has been fixed, now large search results are handled properly.

SSB-2806

Accented characters in LDAP group name cause problems

SSB did not properly handle users if the groupname of their LDAP groups contained accented characters. This has been fixed.

SSB-2803

CRL is not updated

When downloading the CRL from an external server, the CRL updater could get stuck when it encountered network issues, causing subsequent updates to fail as well. This has been fixed.

SSB-2788

The username field is empty in xcbLogout alerts

The logout alert did not contain any username. This has been fixed.

SSB-2776

Improper shutdown in HA mode

In some cases, errors occurred and error messages were displayed when shutting down the secondary node of a high availability installation. This has been fixed, now the secondary node can be shut down without any errors.

SSB-2682

Not enough shared memory error in certain HA cases

In certain high availability (HA) installations, SSB sent the following alert:

XCB-SNMP-MIB::description Internal Error, shm_put_var(): not enough shared memory left

This has been fixed.

SSB-2379
Table 3: Security package updates in SSB 5.3
Resolved Issue Issue ID

Security package updates

The operating system of SSB has been updated in this release. As part of the operating system update, several security package updates have been incorporated into the release, including the following.

Table 4: Security package updates in SSB 5.2
Resolved Issue Issue ID

Security package updates

SSB-2789
Table 5: General resolved issues in SSB 5.1
Resolved Issue Issue ID

Unstable indexing under high load

Unresponsive indexer processes are killed and restarted by syslog-ng, and this could cause the unwanted restart of an indexer under high load. We have improved the responsiveness of the indexer in this situation.

SSB-2760

syslog-ng crash

A regression inSSB 5.0.2 could cause a syslog-ng crash in certain situations. This has been fixed.

SSB-2749

Core dumps cannot be removed on the web interface

The option to remove core dumps was missing from the Basic Settings > Troubleshooting page of the web interface. This has been fixed.

SSB-2742

syslog-ng memory consumption issues

The size of syslog-ng's output buffers has been automatically calculated since SSB 4.9. In certain configurations, this could cause syslog-ng to use up all the memory in the system for buffering logs. The method of calculation has been rewritten to achieve a better balance between resource consumption and performance.

SSB-2738
Table 6: Security package updates in SSB 5.1
Resolved Issue Issue ID

Security package updates in version 5.1

SSB-2758
Related Documents