Chat now with support
Chat with Support

syslog-ng Store Box 6.1.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB

Network settings

The Basic Settings > Network tab contains the network interface and naming settings of SSB.

Figure 21: Basic Settings > Network — Network settings

  • External interface: The Address and Netmask of the SSB network interface that receives client connections. Click the and icons to add new alias IP addresses (also called alias interfaces) or delete existing ones. At least one external interface must be configured. If the management interface is disabled, the SSB web interface can be accessed via the external interface. When multiple external interfaces are configured, the first one refers to the physical network interface, all others are alias interfaces. The SSB web interface can be accessed from all external interfaces (if no management interface is configured).

    Optionally, you can enable access to the SSB web interface even if the management interface is configured by activating the Management enabled function.

    Caution:

    If you enable management access on an interface and configure alias IP address(es) on the same interface, SSB will accept management connections only on the original address of the interface.

    NOTE:

    Do not use IP addresses that fall into the following ranges:

    • 1.2.0.0/16 (reserved for communication between SSB cluster nodes)

    • 127.0.0.0/8 (localhost IP addresses)

    NOTE:

    The speed of the interface is displayed for every interface. In SSB version 4 F5 and later, you cannot manually change the speed of the interface.

    On SSB T-10 appliances, if both the 1Gbit (label 1) and 10Gbit (label A) interfaces are plugged in, SSB displays the auto-detected speed of the interface where Ethernet link is detected (that is, the cable is plugged in, and the other side is powered on).

    When SSB is deployed in a virtual environment and only a single network interface is configured, then that interface starts to serve as the management interface. In such cases, the Management enabled function becomes redundant and is replaced with a message informing the user that access to the web interface and the RPC API is enabled on every configured IP address.

    Figure 22: Basic Settings > Network — Management enabled on every configured IP address

  • Management interface: The Address and Netmask of the SSB network interface used to access the SSB web interface. If the management interface is configured, the web interface can be accessed only via this interface, unless:

    • Access from other interfaces is explicitly enabled.

    • Only one network interface has been defined, which then serves as the management interface.

    NOTE:

    Do not use IP addresses that fall into the following ranges:

    • 1.2.0.0/16 (reserved for communication between SSB cluster nodes)

    • 127.0.0.0/8 (localhost IP addresses)

  • Interfaces > Routing table: When sending a packet to a remote network, SSB consults the routing table to determine the path it should be sent. If there is no information in the routing table then the packet is sent to the default gateway.

    Use the routing table to define static routes to specific hosts or networks. You have to use the routing table if the internal interface is connected to multiple subnets, because the default gateway is (usually) towards the external interface. Click the and icons to add new routes or delete existing ones. A route means that messages sent to the Address/Netmask network should be delivered to Gateway. An option is also provided to override the default behavior of always routing outgoing packets based on the destination address and instead reply on the interface of the incoming packets.

    For detailed examples, see Configuring the routing table.

  • Naming > Hostname: Name of the machine running SSB.

  • Naming > Nick name: The nickname of SSB. Use it to distinguish the devices. It is displayed in the core and boot login shells.

  • Naming > DNS search domain: Name of the domain used on the network. When resolving the domain names of the audited connections, SSB will use this domain to resolve the target hostname if the appended domain entry of a target address is empty.

  • Naming > Primary DNS server: IP address of the name server used for domain name resolution.

  • Naming > Secondary DNS server: IP address of the name server used for domain name resolution if the primary server is unaccessible.

Configuring the management interface

The following describes how to activate the interface.

NOTE:

When SSB is deployed in a virtual environment and only a single network interface is configured, then that interface starts to serve as the management interface. In such cases, the Management interface function becomes redundant and is not displayed on the user interface.

To activate the interface

  1. Navigate to Basic Settings > Network > Interfaces.

    Figure 23: Basic Settings > Network > Interfaces > Management interface — Configuring the management interface

  2. In the Management interface field, select Enable management interface.

  3. Into the Address field, enter the IP address of SSB's management interface.

  4. Into the Netmask field, enter the netmask related to the IP address.

  5. Caution:

    After clicking Commit, the web interface will be available only via the management interface — it will not be accessible using the current (external) interface, unless the Management enabled option is selected for the external interface.

    Ensure that the Ethernet cable is plugged and the management interface is connected to the network, this is indicated by a green check icon in the Basic settings > Networks > Ethernet links > HA interface > Link field. When using High Availability, ensure that the management interface of both SSB units is connected to the network.

    The HA interface section indicates if a link is detected on the high availability interface.

    Click Commit.

Configuring the routing table

The routing table contains the network destinations SSB can reach. You have to make sure that the local services of SSB (including connections made to the backup and archive servers, the syslog server, and the SMTP server) are routed properly.

You can add multiple addresses along with their respective gateways.

Caution:

Complete the following procedure only if the management interface is configured, otherwise the data sent by SSB will be lost. For details on configuring the management interface, see Configuring the management interface.

To configure the routing table

  1. To add a new routing entry, navigate to Basic Settings > Network > Interfaces and in the Routing table field, click .

    Figure 24: Basic Settings > Network > Interfaces > Routing

  2. Enter the IP address of the remote server into the Address field.

  3. Enter the related netmask into the Netmask field.

  4. Enter the IP address of the gateway used on that subnetwork into the Gateway field.

  5. If you wish to reply on the same interface where a packet came in, then check the Reply on same interface checkbox. This instructs SSB to disregard connected networks other than the network of the incoming packet's interface when routing reply packets.

  6. Click Commit.

Date and time configuration

Date and time related settings of SSB can be configured on the Date & Time tab of the Basic page.

Figure 25: Basic Settings > Date & Time — Set date and time

Caution:

It is essential to set the date and time correctly on SSB, otherwise the date information of the logs will be inaccurate.

SSB displays a warning on this page and sends an alert if the time becomes out of sync.

To explicitly set the date and time on SSB, enter the current date into respective fields of the Date & Time Settings group and click Set Date & Time.

NOTE:

If the time setting of SSB is very inaccurate (that is, the difference between the system time and the actual time is great), it might take a long time to retrieve the date from the NTP server. In this case, click Sync now to sync the time immediately using SNTP.

When two SSB units are operating in high availability mode, the Sync now button is named Sync Master, and synchronizes the time of the master node to the NTP server. To synchronize the time between the master and the slave nodes, click Sync Slave to Master.

Related Documents