Chat now with support
Chat with Support

syslog-ng Store Box 6.1.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB

Creating a cleanup policy

Cleanup permanently deletes all log files and data that is older than Retention time in days without creating a backup copy or an archive. Such data is irrecoverably lost. Use this option with care.

NOTE:

This policy does not delete existing archives from an external CIFS or NFS server.

  1. Navigate to Policies > Backup & Archive/Cleanup and click in the Archive/Cleanup policies section to create a new cleanup policy.

  2. Enter a name for the cleanup policy.

  3. Enter the time when the cleanup process should start into the Start time field in HH:MM format (for example 23:00).

  4. Fill the Retention time in days field. Data older than this value is deleted from SSB.

  5. To receive e-mail notifications, select the Send notification on errors only or the Send notification on all events option. Notifications are sent to the administrator e-mail address set on the Management tab, and include the list of the files that were backed up.

    NOTE:

    This e-mail notification is different from the one set on the Alerting & Monitoring tab. This notification is sent to the administrator's e-mail address, while the alerts are sent to the alert e-mail address (see Configuring system monitoring on SSB).

  6. Click Commit.

  7. To assign the cleanup policy to the logspace you want to clean up, see Archiving or cleaning up the collected data.

Creating an archive policy using SMB/CIFS

The SMB/CIFS archive method connects to a share on the target server with Server Message Block protocol. SMB/CIFS is mainly used on Microsoft Windows Networks.

NOTE:

Backup and archive policies only work with existing shares and subdirectories.

If a server has a share at, for example, archive and that directory is empty, when the user configures archive/ssb1 (or similar) as a backup/archive share, it will fail.

Caution:

The CIFS implementation of NetApp storage devices is not compatible with the CIFS implementation used in SSB, therefore it is not possible to create backups and archives from SSB to NetApp devices using the CIFS protocol (the operation fails with a similar error message: /opt/ssb/mnt/14719217504d41370514043/reports/2010": Permission denied (13) '2010/day/' rsync: failed to set times on).

To overcome this problem, either:

  • use the NFS protocol to access your NetApp devices, or

  • use a backup device that has a CIFS implementation compatible with SSB, for example, Windows or Linux Samba.

  1. Navigate to Policies > Backup & Archive/Cleanup and click in the Archive/Cleanup policies section to create a new archive policy.

    Figure 43: Policies > Backup & Archive/Cleanup > Archive/Cleanup Policies — Configure cleanup and archiving

  2. Enter a name for the archive policy.

  3. Enter the time when the archive process should start into the Start time field in HH:MM format (for example 23:00).

  1. Select Target settings > SMB/CIFS.

    NOTE:

    From SSB version 5.2.0, SSB only supports SMB 2.1 and later. Make sure that your operating system with the Samba share that you want to mount, supports SMB 2.1 or later. Otherwise, SSB cannot mount the remote share.

  2. Enter the username used to logon to the remote server into the Username field, and corresponding password into the Password field. For anonymous login, enter anonymous as username, and leave the Password field empty.

    NOTE:

    SSB accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[]^-`{|}

  3. Enter the name of the share into the Share field.

    SSB saves all data into this directory, automatically creating the subdirectories. Archives of log files are stored in the data, configuration backups in the config subdirectory.

  4. Enter the domain name of the target server into the Domain field.

  1. Fill the Retention time in days field. Data older than this value is archived to the external server.

    NOTE:

    The archived data is deleted from SSB.

  2. To receive e-mail notifications, select the Send notification on errors only or the Send notification on all events option. Notifications are sent to the administrator e-mail address set on the Management tab, and include the list of the files that were backed up.

    NOTE:

    This e-mail notification is different from the one set on the Alerting & Monitoring tab. This notification is sent to the administrator's e-mail address, while the alerts are sent to the alert e-mail address (see Configuring system monitoring on SSB).

  3. Click Commit.

  4. To assign the archive policy to the logspace you want to archive, see Archiving or cleaning up the collected data.

Creating an archive policy using NFS

The NFS archive method connects to a shared directory of the target server with the Network File Share protocol.

NOTE:

Backup and archive policies only work with existing shares and subdirectories.

If a server has a share at, for example, archive and that directory is empty, when the user configures archive/ssb1 (or similar) as a backup/archive share, it will fail.

  1. Navigate to Policies > Backup & Archive/Cleanup and click in the Archive/Cleanup policies section to create a new archive policy.

    Figure 44: Policies > Backup & Archive/Cleanup > Archive/Cleanup Policies — Configure cleanup and archiving

  2. Enter a name for the archive policy.

  3. Enter the time when the archive process should start into the Start time field in HH:MM format (for example 23:00).

  1. Select NFS from the Target settings radio buttons.

  2. Enter the domain name of the remote server into the Target server field.

  3. Enter the name of the NFS export into the Export field.

    SSB saves all data into this directory, automatically creating the subdirectories.

  4. The remote server must also be configured to accept connections from SSB.

    Add a line that corresponds to the settings of SSB to the /etc/exports file of the remote server. This line should contain the following parameters:

    • The path to the archive directory as set in the Export field of the SSB archive policy.

    • The IP address of the SSB interface that is used to access the remote server. For more information on the network interfaces of SSB, see Network settings.

    • The following parameters: (rw,no_root_squash,sync).

    Example: Configuring NFS on the remote server

    For example, if SSB connects the remote server from the 192.168.1.15 IP address and the data is saved into the /var/backups/SSB directory, add the following line to the /etc/exports file:

    /var/backups/SSB 192.168.1.15(rw,no_root_squash,sync)
  5. On the remote server, execute the following command:

    exportfs -a

    Verify that the rpc portmapper and rpc.statd applications are running.

  1. Fill the Retention time in days field. Data older than this value is archived to the external server.

    NOTE:

    The archived data is deleted from SSB.

  2. To receive e-mail notifications, select the Send notification on errors only or the Send notification on all events option. Notifications are sent to the administrator e-mail address set on the Management tab, and include the list of the files that were backed up.

    NOTE:

    This e-mail notification is different from the one set on the Alerting & Monitoring tab. This notification is sent to the administrator's e-mail address, while the alerts are sent to the alert e-mail address (see Configuring system monitoring on SSB).

  3. Click Commit.

  4. To assign the archive policy to the logspace you want to archive, see Archiving or cleaning up the collected data.

Archiving or cleaning up the collected data

To configure data archiving/cleanup, assign an archive/cleanup policy to the logspace.

Prerequisites:

You have to configure an archive/cleanup policy before starting this procedure. For details, see Archiving and cleanup.

To configure data archiving/cleanup

  1. Navigate to Log > Spaces.

  2. Select the logspace.

  3. Select the archive/cleanup policy you want to use in the Archive/Cleanup policy field.

  4. Click Commit.

  5. Optional: To start the archiving or clean up process immediately, click Archive now. This functionality works only after a corresponding policy has been configured.

Related Documents