Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

syslog-ng Store Box 6.10.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Date and time configuration

You can configure date and time-related settings of syslog-ng Store Box (SSB) on the Date & Time tab of the Basic page.

NOTE: Configuring Date & Time and NTP simultaneously is not possible. Either configure the local date and time manually, or synchronize system time with a time server.

Figure 42: Basic Settings > Date & Time — Set date and time

Caution:

It is essential to set the date and time correctly on SSB, otherwise the date information of the logs will be inaccurate.

SSB displays a warning on this page and sends an alert if the time becomes out of sync.

To explicitly set the date and time on SSB, enter the current date into respective fields of the Date & Time Settings group and click Set Date & Time.

NOTE: If the time of SSB is very inaccurate (that is, the difference between the system time and the actual time is great), it might take a long time to retrieve the date from the NTP server. In this case, click Sync now to sync the time immediately using SNTP.

Configuring a time (NTP) server

This section describes how to retrieve the date automatically from a time server.

Caution:

One Identity recommends not changing the timezone, because logspace rotation is based on your currently configured local timezone. If you change the timezone, you will not be able to search in your previously stored logs. Before changing the timezone, contact our Support Team.

To retrieve the date automatically from a time server

  1. Select your timezone in the Timezone field.

  2. Enter the IP address of an NTP time server into the Address field.

    To add new servers or delete existing ones, click and , respectively.

    NOTE: Use an NTP server of high time accuracy. SSB needs high time accuracy for processing its logs with as exact timestamps as possible. Any inaccuracy will be detected by SSB, and the server will be rejected.

  3. Click .

  4. To sync the time immediately using SNTP, click Sync now.

    NOTE: If your local system time is different from the NTP server time, it can result in a time gap in the time stamp of the logs before synchronization and the logs after synchronization. The time gap may appear longer than the time that has actually passed. Therefore, logs collected before the synchronization might have time stamps that do not correspond to the NTP server time.

SNMP and e-mail alerts

The following sections describe how you can configure e-mail and SNMP alerts on syslog-ng Store Box (SSB).

Topics:

Configuring e-mail alerts

This section describes how to configure e-mail alerts.

To configure e-mail alerts

  1. Navigate to Basic Settings > Management > Mail settings.

  2. Enter the IP address or the hostname of the mail server into the SMTP server address field.

    Figure 43: Basic Settings > Management > Mail settings — Configure e-mail sending

  3. Enter the e-mail address where you want to receive e-mails from into the Send e-mails as field. This can be useful for e-mail filtering purposes. syslog-ng Store Box (SSB) sends e-mails from the address provided here. If no e-mail address is entered, e-mails will be sent from the default e-mail address.

  4. Enter the e-mail address of the administrator into the Administrator's e-mail address field. SSB sends notifications related to system-events (but not alerts and reports) to this address.

  5. Enter the e-mail address of the administrator into the Send e-mail alerts to field. SSB sends monitoring alerts to this address.

  6. Enter the e-mail address the person who should receive traffic reports from SSB into the Send reports to field. For details on reports, see Reports.

    Caution:

    To get alert e-mails, provide an e-mail address in this field. Sending alerts fails if these settings are incorrect, since the alerting e-mail address does not fall back to the administrator's e-mail address by default.

  7. Click .

  8. Click Test to send a test message.

    If the test message does not arrive to the server, check if SSB can access the server. For details, see Troubleshooting SSB.

  9. Select in which situations SSB should send an e-mail alert. For details, see Configuring system monitoring on SSB.

  10. Click .

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating