Chat now with support
Chat with Support

syslog-ng Store Box 6.1.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB

Monitoring SSB-related parameters

SSB's version number
SNMP object: SSB-SNMP-MIB::ssbFirmwareVersion
Type: String
Short description: Current version of the SSB.

Description: The current version number of SSB. This always changes after a successful upgrade.

Number of session files on SSB
SNMP object: SSB-SNMP-MIB::ssbHTTPSessions
Type: Integer32
Short description: Number of recently active HTTP-based connections to SSB.

Description: The number of session files on SSB. These are generated as a result of the following events:

  • Accessing the web user interface of SSB.
  • Accessing a remote logspace.
  • Performing an RPC API call.
Number of core files on SSB
SNMP object: SSB-SNMP-MIB::ssbCoreFiles
Type: Integer (number of)
Short description: The number of core files in SSB's core firmware.

Description: If the value of this parameter is larger than 0, contact our Support Team.

The status of the HA cluster
SNMP object: SSB-SNMP-MIB::ssbHAClusterStatus
Type: String
Short description: Status of the HA cluster.

Description: The status of the SSB cluster. For details, see Status.

The status of the Redundant Heartbeat interface
SNMP object: SSB-SNMP-MIB::ssbHARedundantStatus
Type: String
Short description: Status of the Redundant Heartbeat interface.

Description: The status of the Redundant Heartbeat interface. For details, see Redundant Heartbeat status.

Available free space on SSB
SNMP object: SSB-SNMP-MIB::ssbUnusedLogStorageCapacity
Type: Integer (% percent)
Short description: Ratio of free space on SSB compared to the Disk space fill up prevention limit.

Description: The available free space on SSB.

Caution:

Hazard of data loss If the value of this parameter is constantly close to 0%, fine-tune your configuration or purchase more SSB appliances. For assistance, contact our Support Team.

If the value of this parameter reaches 0%, SSB will stop receiving logs.

If you have an Archive Policy configured, archiving will start after the value of this parameter reaches 0%. Therefore, SSB might start receiving logs again after some time has passed.

Make sure that you always have enough free space.

The definition of "enough" varies based on your specific configuration settings, for example:

  • The disk size of your SSB appliance.
  • The size, number and frequency of your incoming logs.
  • Your Policies > Backup & Archive/Cleanup settings configuration.
  • Your Basic Settings > Management > Disk space fill up prevention limit configuration. For details, see Preventing disk space fill up
  • and so on
Example: Available free space on SSB

To calculate the available free space on SSB, the following formula is used:

[Disk capacity of the core partition] - [The free space above the Basic Settings > Management > Disk space fill up prevention limit] - [The space that is already in use].

For example:

  • Disk capacity of the core partition: This is always 100%
  • The free space above the Basic Settings > Management > Disk space fill up prevention limit: If SSB is configured to Disconnect clients when disks are 90 percent used, this value is 100% - 90% = 10%
  • The space that is already in use: 35%

Available free space on SSB = 100% - 10% - 35% = 55%

The synchronization progress of HA nodes
SNMP object: SSB-SNMP-MIB::ssbHASynchronizationProgress
Type: Integer32 (0..100 %)
Short description: HA cluster synchronization progress (in percent). 100%, if the cluster is fully synchronized.

Description: This value can be important in the following cases:

  • When enabling HA mode the first time, after navigating to Basic Settings > High Availability and clicking Convert to Cluster, the synchronization process starts. This value will start at 0% and will gradually increase to 100%. When it reaches 100%, it means that the conversion has been finished and the nodes are now in HA status.

  • If one of your nodes becomes unavailable and you decide to reinstall SSB, you will have to rejoin your cluster again by navigating to Basic Settings > High Availability and clicking Join HA. This will start the synchronization progress from 0% again and will gradually increase to 100%. When it reaches 100%, it means that the join progress has been finished and the nodes are now in HA status again.

  • If a node becomes unavailable for a longer period and then gets joined again, it can be possible that the configuration of the two nodes become different. In this case, the two nodes start the synchronization process again so that the new changes are transferred to the previously unavailable node. This does not necessarily mean that the synchronization value will start at 0%, it is possible that it starts from a number somewhere between 0% and 100%.

Determining whether the HA node is the primary node
SNMP object: SSB-SNMP-MIB::ssbHAIsPrimary
Type: TruthValue (SNMP boolean value)
Short description: The current HA node is the primary node

Description: This information is only supplied on HA-cluster nodes and it is available on the SNMP community provided by the boot-firmwares (the ID-based communities on the Basic Settings > Management > SNMP agents settings page).

You can monitor which node is the primary HA node, that is, which node is responsible for SSB's business logic. For example, HTTP configuration, log management (syslog-ng, archive, backup), and so on.

Troubleshooting SSB

This section describes the tools to detect networking problems, and also how to collect core files and view the system logs of SSB.

To find the SSB appliance in the server room, you can use IPMI to control the front panel and back panel identify lights.

  1. On SSB T4 and SSB T10, navigate to Basic Settings > System > Hardware information > Blink system identification lights.

    NOTE:

    SSB T1 does not support identify lights.

  2. To blink the blue LEDs on the front and back of the SSB appliance, click On.

Alternatively, use the command line as follows:

  1. To start the blinking of the blue LEDs on the front and back of the SSB appliance, enter:

    ipmitool chassis identify force

  2. To stop the blinking of the blue LEDs on the front and back of the SSB appliance, enter:

    ipmitool chassis identify 0

Network troubleshooting

The Troubleshooting menu provides a number of diagnostic commands to resolve networking issues. Logfiles of SSB can also be displayed here — for details, see Viewing logs on SSB.

Figure 165: Basic Settings > Troubleshooting > System debug — Network troubleshooting with SSB

The following commands are available:

  • ping: Sends a simple message to the specified host to test network connectivity.

  • traceroute: Sends a simple message from SSB to the specified host and displays all hosts on the path of the message. It is used to trace the path the message travels between the hosts.

  • connect: Attempts to connect the specified host using the specified port. It is used to test the availability or status of an application on the target host.

To execute one of the above commands

  1. Navigate to Basic Settings > Troubleshooting.

  2. Enter the IP address or the hostname of the target host into the Hostname field of the respective command. For the Connect command, enter the target port into the Port field.

  3. Click the respective action button to execute the command.

  4. Check the results in the popup window. Log files are displayed in a separate browser window.

Gathering data about system problems

SSB automatically generates core files if an important software component (for example, syslog-ng, or the indexer) of the system crashes for some reason. These core files can be of great help to the One Identity Support Team to identify problems. To display a list of alerts, navigate to Search > Log Alerts.

To list and download the generated core files, navigate to Basic Settings > Troubleshooting > Core files.

By default, core files are deleted after 14 days. To change the deletion timeframe, navigate to Basic Settings > Management > Core files.

Related Documents