Chat now with support
Chat with Support

syslog-ng Store Box 6.1.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB

Displaying custom syslog-ng statistics

The following describes how to display statistics of a specific source, destination, or host.

To display statistics of a specific source, destination, or host

  1. Navigate to Basic Settings > Dashboard > syslog-ng statistics.

    • To display the statistics of a particular source, select source from the Search in field, and enter the name of the source into the Search field. Source names all start with the s character.

    • To display the statistics of a particular destination, select destination from the Search in field, and enter the name of the destination into the Search field. Destination names all start with the d character.

    • To display the statistics of a particular host, select src.host from the Search in field, and enter the hostname or IP address of the host into the Search field.

  2. Select the time period to display from the Select resolution field.

  3. Click View graph.

Statistics collection options

To control the quantity and quality of the statistics collected to the Dashboard, set the statistics collection options.

Navigate to Log > Options > Dashboard statistics.

Time-based statistics: The default setting is Enabled.

  • Cleanup if unchanged for: Statistics unchanged (not present in syslog-ng statistics output anymore) for this number of days will be cleaned up from the system. Enter 0 here to keep them forever. To start the cleanup process immediately, click Cleanup now.

  • Enable statistics for: The default setting is that all checkboxes are enabled. This allows you to select which options to collect statistics for. To display the collected statistics for an option, navigate to Basic Settings > Dashboard > Syslog-ng statistics, select Time-based statistics and select the desired option.

NOTE:

When disabling an option, the data will only be deleted after the first cleanup. Until then, the data already collected is still accessible on the dashboard.

Top/Least statistics: the default setting is Enabled and all checkboxes are enabled. This allows you to select which options to collect statistics for. To display the collected statistics for an option, navigate to Basic Settings > Dashboard > Syslog-ng statistics, select Top/Least statistics and select the desired option.

Maximum number of statistics to process: Enter the number of statistics files to keep on the system. Enter 0 here to store unlimited number of statistics files. Statistics over this limit will be dropped, and SSB sends an error message containing the number of entries dropped and the first dropped entry. This setting needs to be increased only if you have more than 10000 hosts.

Sampling interval: Select the sampling interval for the statistics here. A more frequent sampling interval results in more precise graphs at the cost of heavier system load. The default setting is 5 minutes. The possible parameters are 5 minutes, 10 minutes, 30 minutes, 60 minutes, 2 hours, 4 hours, 8 hours, 1 day.

Caution:

Hazard of data loss When changing the Sampling interval, the already existing statistics are not converted to the new sampling rate, but are deleted.

To clear all statistics, click Clear all statistics. It is advised to clear statistics if you have changed the number of the statistics files to keep, or if you have disabled the time-based statistics collection.

Reports

SSB periodically creates reports on the activity of the administrators, the system-health information of SSB, as well as the processed traffic. These reports are available in Portable Document (PDF) format by selecting Reports > Generated reports from the Main menu. The reports are also sent to the email address set at Basic Settings > Management > Mail settings > Send reports to, unless specified otherwise in the configuration of the report.

To access the reports from the SSB web interface, the user must have the appropriate privileges.

NOTE:

If the Basic Settings > Management > Mail settings > Send reports to address is not set, the report is sent to the SSB administrator's email address.

Figure 156: Reports > Generated reports — Browsing reports

Reports are generated as follows:

  • Daily reports are generated every day at 00:01.

  • Weekly reports are generated every week on Monday at 00:01.

  • Monthly reports are generated on the first day of every month at 00:01.

TIP:

Use the time bar to find reports that apply a particular period. If you select a period (for example, click on a bar), only those reports will be displayed that contain information about the selected period.

The following information is available about the reports:

  • Download: A link to download the report.

  • Name: The name of the report.

  • Interval: The length of the reported period, for example, week, month, and so on.

  • Report from: The start of the reported interval.

  • Report to: The end of the reported interval.

  • Generate time: The date when the report was created.

TIP:

To create a report for the current day, select Generate reports for today. The report will contain data for the 00:00 - current time interval. If artificial ignorance (for details, see Classifying messages with pattern databases) is enabled, an artificial ignorance report is created as well.

For details on how to navigate around the user interface and interact with features such as filtering and exporting results, and customizing what data is displayed, see Using the internal search interfaces.

Contents of the default reports

The default report of SSB (called System) is available in Adobe Portable Document Format (PDF), and contains the following information for the given period:

  • Configuration changes: Lists the number of SSB configuration changes per page and per user. The frequency of the configuration changes is also displayed on a chart.

  • Peer configuration: Lists the number of times the configuration of a syslog-ng client was changed per client, as well as the version number of the syslog-ng application running on the client (if this information is available).

  • Alerts: Various statistics about the alerts received from classifying messages using the pattern database (if pattern databases have been uploaded to SSB).

  • syslog-ng traffic statistics: Displays the rate of incoming, forwarded, stored, and dropped messages in messages/second.

  • System health information: Displays information about the filesystem and network use of SSB, as well as the average load.

Related Documents