Chat now with support
Chat with Support

syslog-ng Store Box 6.3.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB

Querying SSB status information using agents

External SNMP agents can query the basic status information of syslog-ng Store Box (SSB). This section describes how you can configure which clients can query SSB's basic status information.

To configure which clients can query this information

  1. Navigate to Basic Settings > Monitoring > SNMP agent settings.

    Figure 29: Basic Settings > Monitoring > SNMP agent settings — Configure SNMP agent access (only SNMP v2c agent enabled)

    Figure 30: Basic Settings > Monitoring > SNMP agent settings — Configure SNMP agent access (only SNMP v3 agent enabled)

    Figure 31: Basic Settings > Monitoring > SNMP agent settings — Configure SNMP agent access (both SNMP v2c and SNMP v3 agent enabled)

  2. The status of SSB can be queried dynamically via SNMP. By default, the status can be queried from any host. To restrict access to these data to a single host, enter the IP address of the host into the Client address field.

  3. Optionally, you can enter the details of the SNMP server into the System location, System contact, and System description fields.

  4. Select the SNMP protocol to use.

    • To use the SNMP v2c protocol for SNMP queries, select SNMP v2c agent, and enter the community to use into the Community field.

      By default, information about SSB is available using the public community. If you are using a high-availability SSB cluster, then each node provides information about its own status using a specific community. This community is the Node ID of the node (as displayed in the Basic Settings > High Availability > This node > Node ID field).

    • To use the SNMP v3 protocol, select SNMP v3 agent and complete the following steps:

    1. Click .

    2. Enter the username used by the SNMP agent into the Username field.

    3. Select the authentication method (MD5 or SHA1) to use from the Auth. method field.

    4. Enter the password used by the SNMP agent into the Auth. password field.

    5. Select the encryption method (Disabled, DES or AES) to use from the Encryption method field.

      The supported AES method is AES-128.

    6. Enter the encryption password to use into the Encryption password field.

    7. To add other agents, click .


    The syslog-ng Store Box (SSB) application accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[]^-`{|}

  5. Click Commit.

View node ID and community

This section provides information about monitoring primary and secondary nodes on syslog-ng Store Box (SSB) with the help of a node ID and community.

To monitor your primary and secondary node, you need the related community ID. Navigate to Basic Settings > Monitoring > SNMP agent settings > Agent access. This information is available if SNMP v2c Agent or SNMP v3 Agent is selected.

Figure 32: Basic Settings > Monitoring > SNMP agent settings > Agent access — Configure SNMP agent access

If either SNMP Agent is selected and your cluster is in HA state, both nodes appear under Agent access. In this case, the first row is the default community, the next rows are the nodes.

The community IDs are displayed under the respective Community (v2c) and Context (v3) columns.

You will use these communities in formulating SNMP queries. The Node names are used to indicate which SNMP objects can be queried from which community in Monitoring SSB.

To view the availability of the nodes, navigate to Basic Settings > High Availability. For details on what type of information you can see on that page, see Managing a high availability SSB cluster. The Node ID. of the node is the same as the ID under Agent access

To gather more information your nodes, query the SSB-SNMP-MIB::ssbHAClusterStatus object. For details, see The status of the HA cluster.

If the query is not responding, it can mean that the target node is down or restarting. In this case, check the node status manually and attempt solving the issue, or contact our Support Team.


If SSB's core firmware is not accessible or down, SNMP queries will not work.

Configuring system monitoring on SSB

The following sections provide information about configuring system monitoring on syslog-ng Store Box (SSB).


Configuring SNMP agent settings

syslog-ng Store Box (SSB) continuously monitors a number of parameters of the SSB hardware and its environment. If a parameter reaches a critical level (set in its respective Maximum field), SSB sends e-mail and SNMP messages to alert the administrator.

SSB sends SNMP alerts using the external network interface by default, or using the management interface if it is enabled. SSB supports the SNMPv2c and SNMPv3 protocols. The SNMP server set on the Alerting tab can query status information from SSB.


To have your central monitoring system recognize the SNMP alerts sent by SSB, select Basic Settings > Monitoring > Download MIBs to download the SSB-specific Management Information Base (MIB), then import it into your monitoring system.

Figure 33: Basic Settings > Monitoring > SNMP agent settings

The following sections describe the parameters you can receive alerts on.

For details on monitoring SSB with an external central monitoring system, see Monitoring SSB.

Related Documents