Chat now with support
Chat with Support

syslog-ng Store Box 6.1.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB

Creating multiple logspaces

If you have several SSBs located at different sites, you can view and search the logs of these machines from the same web interface without having to log on to several different interfaces.

Creating multiple logspaces can also be useful if you want to pre-filter log messages based on different aspects and then share these filtered logs only with certain user groups.

The multiple logspace aggregates the messages that arrive from the member logspaces. The new log messages are listed below each other every second.

Once configured, multiple logspaces can be searched like any other logspace on SSB. You can also create filtered logspaces that are based on the multiple logspace.

NOTE:

The multiple logspace is only a view of the member logspaces. The log messages are still stored in the member logspaces (if the member logspace is a remote logspace, the log messages are stored on the remote SSB). Therefore you cannot alter any configuration parameters of the logspace directly. To do this, navigate to the member logspace itself.

NOTE:

If a remote member logspace becomes inaccessible, you will not be able to view the contents of that logspace.

NOTE:

Using multiple logspaces can decrease the performance of the appliance. If possible, manage your logspaces without using multiple logspaces (for example instead of including several filtered logspaces into a multiple logspace, use several search expressions in a filtered logspace).

Figure 103: Log > Multiple Logspaces — Multiple logspaces

To create multiple logspaces

  1. Navigate to Log > Multiple Logspaces and click .

  2. Enter a name for the logspace into the top field. Use descriptive names that help you to identify the source easily. Note that the name of the logspace must begin with a number or a letter.

  3. Select the Member Logspaces from the list. To add a new member logspace, click and select another logspace. Note that you can only select member logspaces that already exist.

  4. By default, members of the search group can view the stored messages online. Use the Access control option to control which usergroups can access the logspace. For details, see also Managing user rights and usergroups.

  5. Click Commit.

Accessing log files across the network

The log files stored on SSB can be accessed as a network share if needed using the Samba (CIFS) or Network File System (NFS) protocols. Sharing is controlled using policies that specify the type of the share and the clients (hosts) and users who can access the log files. Sharing is possible also if SSB is part of a domain.

Sharing log files in standalone mode

To share log files in standalone mode

  1. Navigate to Policies > Shares > SMB/CIFS options and select Standalone mode.

    Figure 104: Policies > Shares > SMB/CIFS options — Sharing logspaces

  2. Select to create a new share policy and enter a name for the policy.

  3. Select the type of the network share from the Type field.

    Figure 105: Policies > Shares > Share policies — Creating share policies

    • To access the log files using NFS (Network File System), select NFS.

    • To access the log files using Samba (Server Message Block protocol), select CIFS.

      NOTE:

      From SSB version 5.2.0, SSB only supports SMB 2.1 and later. If you are using a Windows version earlier than Windows 2008R2, make sure that it supports SMB 2.1 or later. Otherwise, the Windows machine cannot connect to the SSB share.

  4. If you are using the Samba protocol, you can control which users and hosts can access the shares. Otherwise, every user with an SSB account has access to every shared log file.

    • To control which users can access the shared files, enter the name of the usergroup who can access the files into the Allowed group field. For details on local user groups, see Managing local usergroups.

    • To limit the hosts from where the shares can be accessed, create a hostlist and select it from the Hostlist field. For details on creating hostlists, see Creating hostlist policies.

  5. Click Commit.

  6. To display the details of the logspace, navigate to Log > Logspaces and click .

  7. Select the share policy to use from the Sharing policy field.

    Figure 106: Log > Logspaces > Policies — Setting the share policy of a logspace

  8. Click Commit.

  9. Mount the shared logspace from your computer to access it.

Sharing log files in domain mode

To share log files in domain mode

  1. Navigate to Policies > Shares > SMB/CIFS options and select Domain mode.

  2. Enter the name of the domain (for example mydomain) into the Domain field.

    Figure 107: Policies > Shares > SMB/CIFS options — Joining a domain

  3. Enter the name of the realm (for example mydomain.example.com) into the Full domain name field.

    NOTE:

    Ensure that your DNS settings are correct and that the full domain name can be resolved from SSB. To check this, navigate to Basic Settings > Troubleshooting > Ping, enter the full domain name into the Hostname field, and select Ping host.

    Click Commit.

  4. Click Join domain. A pop-up window is displayed.

  5. SSB requires an account to your domain to be able to join the domain. Enter the name of the user into the Username field, and the corresponding password into the Password field.

    NOTE:

    SSB accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[]^-`{|}

    Optionally, you can enter the name of your domain controller into the Domain controller field. If you leave this field blank, SSB will try to find the domain controller automatically.

    NOTE:

    Ensure that your DNS settings are correct and that the hostname of the domain controller can be resolved from SSB. To check this, navigate to Basic Settings > Troubleshooting > Ping, enter the name of the domain controller into the Hostname field, and select Ping host.

  6. Click Join domain.

  7. Select to create a new share policy and enter a name for the policy.

    Figure 108: Policies > Shares > Share policies — Creating share policies

  8. Select the type of the network share from the Type field.

    • To access the log files using NFS (Network File System), select NFS.

    • To access the log files using Samba (Server Message Block protocol), select CIFS.

      NOTE:

      From SSB version 5.2.0, SSB only supports SMB 2.1 and later. If you are using a Windows version earlier than Windows 2008R2, make sure that it supports SMB 2.1 or later. Otherwise, the Windows machine cannot connect to the SSB share.

  9. If you are using the Samba protocol, you can control which users and hosts can access the shares. Otherwise, every user with an SSB account has access to every shared log file.

    • To control which users can access the shared files, enter the name of the domain that can access the files (specified in Step 2) into the Allowed group field. Note that the users and SSB must be members of the same domain.

    • To limit the hosts from where the shares can be accessed, create a hostlist and select it from the Hostlist field. For details on creating hostlists, see Creating hostlist policies.

  10. Click Commit.

  11. To display the details of the logspace, navigate to Log > Logspaces and click .

  12. Select the share policy to use from the Sharing policy field.

    Figure 109: Log > Logspaces > Policies — Setting the share policy of a logspace

  13. Click Commit.

  14. Mount the shared logspace from your computer to access it.

Related Documents