Subscription-based license
For virtual appliances, you can buy a subscription-based license that is valid for a fixed period of twelve (12) or thirty-six (36) months. The subscription-based license automatically includes product support and access to the latest software versions. For details, see the Software Transaction, License and End User License Agreements.
Note that One Identity offers subscription-based licensing only in certain geographic regions and only for limited virtual appliance license options. For details, contact One Identity.
Licensing examples
Example: A simple example
Scenario:
- You want to deploy an SSB appliance as a log server.
- 45 servers with syslog-ng PE installed in client mode send logs to the SSB log server.
- 45 networks devices without syslog-ng PE installed send logs to the SSB log server.
License requirements: You need a syslog-ng Store Box license for at least 100 Log Source Host (LSH) as there are 90 LSHs (45+45=90) in this scenario.
Example: High Availability (HA) cluster
Scenario:
- You want to install syslog-ng PE in server mode on two hosts that run as an active-passive high-availability cluster.
- 45 servers with syslog-ng PE installed in client mode send logs to the syslog-ng PE log server.
- 45 networks devices without syslog-ng PE installed send logs to the syslog-ng PE log server.
License requirements: You need a syslog-ng Store Box license for at least 100 Log Source Host (LSH) as there are 90 LSHs (45+45=90) in this scenario. You also need a High Availability (HA) license for the passive log server.
Example: Using alternative log servers with syslog-ng PE clients
Scenario:
- You want to deploy an SSB appliance as a log server.
- 45 servers with syslog-ng PE installed in client mode send logs to the SSB log server.
- 45 networks devices without syslog-ng PE installed send logs to the SSB log server.
- 100 servers with syslog-ng PE installed send log messages to a log server without syslog-ng PE installed.
License requirements: You need a syslog-ng Store Box license for at least 200 LSHs as there are 190 LSHs (45+45 that send logs to a syslog-ng PE log server, and another 100 that run syslog-ng PE, 45+45+100=190) in this scenario.
Example: Using syslog-ng PE relays
Scenario:
- You want to deploy an SSB appliance as a log server.
- 45 servers with syslog-ng PE installed in client mode send logs directly to the SSB log server.
- 5 servers with syslog-ng PE installed in relay mode send logs to the SSB log server.
- Every syslog-ng PE relay receives logs from 9 networks devices without syslog-ng PE installed (a total of 45 devices).
- 100 servers with syslog-ng PE installed send log messages to a log server without syslog-ng PE installed.
License requirements: You need a syslog-ng Store Box license for at least 200 LSH as there are 195 LSHs (45+5+(5*9)+100=195) in this scenario.
Example: Multiple facilities
You have two facilities (for example, data centers or server farms). Facility 1 has 75 AIX servers and 20 Microsoft Windows hosts, Facility 2 has 5 HP-UX servers and 40 Debian servers. That is 140 hosts altogether.
|
|
NOTE:
If, for example, the 40 Debian servers at Facility 2 are each running 3 virtual hosts, then the total number of hosts at Facility 2 is 125, and the license sizes in the following examples should be calculated accordingly. |
-
Scenario: The log messages are collected to a single, central SSB log server.
License requirements: You need a syslog-ng Store Box license for 150 LSH as there are 140 LSHs (75+20+5+40) in this scenario.
-
Scenario: Each facility has its own SSB log server, and there is no central log server.
License requirements: You need two separate licenses: a license for at least 95 LSHs (75+20) at Facility 1, and a license for at least 45 LSHs (5+40) at Facility 2. You need a license for 100 LSHs at Facility 1, and a license for 50 LSHs at Facility 2.
-
Scenario: The log messages are collected to a single, central SSB log server. Facility 1 and 2 each have a syslog-ng PE relay that forwards the log messages to the central SSB log server.
License requirements: You need a syslog-ng Store Box license for 150 LSH as there are 142 LSHs (1+75+20+1+5+40) in this scenario (since the relays are also counted as an LSH).
-
Scenario: Each facility has its own local SSB log server, and there is also a central SSB log server that collects every log message independently from the two local log servers.
License requirements: You need three separate licenses. A syslog-ng Store Box a license for at least 95 LSHs (75+20) at Facility 1, a license for at least 45 LSHs (5+40) at Facility 2, and also a license for at least 142 LSHs for the central syslog-ng Store Box log server (assuming that you want to collect the internal logs of the local log servers as well).
The structure of a log message
The following sections describe the structure of log messages. Currently there are two standard syslog message formats:
-
The old standard described in RFC 3164 (also called the BSD-syslog or the legacy-syslog protocol): see BSD-syslog or legacy-syslog messages
-
The new standard described in RFC 5424 (also called the IETF-syslog protocol): see IETF-syslog messages
BSD-syslog or legacy-syslog messages
This section describes the format of a syslog message, according to the legacy-syslog or BSD-syslog protocol (see RFC 3164). A syslog message consists of the following parts:
The total message must be shorter than 1024 bytes.
The following example is a sample syslog message:
<133>Feb 25 14:09:07 webserver syslogd: restart
The message corresponds to the following format:
<priority>timestamp hostname application: message
The different parts of the message are explained in the following sections.
|
|
NOTE:
The syslog-ng application supports longer messages as well. For details, see the Message size option. However, it is not recommended to enable messages larger than the packet size when using UDP destinations. |