Chat now with support
Chat with Support

syslog-ng Store Box 6.5.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary


Welcome to the syslog-ng Store Box (SSB) 6.5 Administration Guide.

This document describes how to configure and manage SSB. Background information for the technology and concepts used by the product is also discussed.

Summary of changes

Version 6.4.0 - 6.5.0

Changes in product:

  • From version 6.5, syslog-ng Store Box (SSB) supports configuring MSSQL and Oracle SQL sources.

    For more information, see Creating new message sources in SSB.

  • Limitations to upgrading your SSB to version 6.5. Consider the following:


    Hazard of data loss!

    SNMP destinations and SQL sources have been removed in SSB version 5.2. Do not upgrade to SSB 6.5.0 if you are currently using and want to continue to use your SNMP destinations.

    These functionalities have been removed from SSB starting with SSB version 5 F2 (5.2.0). Staying on 5 LTS and its minor versions means that you will not have access to the HDFS destination functionality available in SSB starting with version 5.1.0, however, you will continue to get support for 3 years after the original publication date of 5 LTS (December 2017) and for 1 year after the next LTS release is published (whichever date is later).

Version 6.3.0 - 6.4.0

Changes in product:

Changes in documentation:

The following sections and some of their subsections have been changed to reflect the changes listed above:

Version 6.2.0 - 6.3.0

Changes in product:

  • Changes to the Basic Settings menu: settings related to alerting and monitoring have been moved into two separate submenus (Basic Settings > Alerting and Basic Settings > Monitoring), and elements of the Basic Settings > Management page related to alerting and monitoring have been moved to the respective submenus.

  • High Availability cluster improvements to ensure time stamp accuracy between nodes even in case of a failover.
  • New console features for the remote node in a High Availability cluster.
  • OpenSSL version 1.1.1. used for establishing a connection with the web UI.
  • If the firmware of your SSB appliance is tainted, a warning is displayed on the Basic Settings > System > Version details page.

Changes in documentation:

The following sections and some of their subsections have been changed to reflect the changes listed above:

Version 6.1.0 - 6.2.0

Changes in product:

SNMP monitoring improvements to monitor additional parameters (for example, hardware and software RAID status and related information, SSL certificates, and additional data about the HA state of syslog-ng Store Box (SSB) clusters).

Changes in documentation:

For details, see Monitoring SSB.

Version 6.0.0 - 6.1.0

Changes in product:

  • The appliance allows you to monitor certain parameters of SSB and the underlying operating system using SNMP.
  • The NTLM SSP security method is now supported in CIFS connections.

Changes in documentation:


This chapter introduces the syslog-ng Store Box (SSB), discussing how and why it is useful, and what benefits it offers to an existing IT infrastructure.

What SSB is

syslog-ng Store Box (SSB) is a device that collects, processes, stores, monitors, and manages log messages. It is a central log server appliance that can receive system (syslog and eventlog) log messages and Simple Network Management Protocol (SNMP) messages from your network devices and computers, store them in a trusted and signed logstore, automatically archive and back up the messages, and also classify the messages using artificial ignorance.

The most notable features of SSB are as follows:

  • Secure log collection using Transport Layer Security (TLS).

  • Trusted, encrypted, and time stamped storage.

  • Ability to collect log messages from a wide range of platforms, including Linux, Unix, BSD, Sun Solaris, HP-UX, IBM AIX, IBM System i, as well as Microsoft Windows.

  • Forwards messages to log analyzing engines.

  • Classifies messages using customizable pattern databases for real-time log monitoring, alerting, and artificial ignorance.

  • High Availability (HA) support to ensure continuous log collection in business-critical environments.

  • Real-time log monitoring and alerting.

  • Retrieves group memberships of the administrators and users from a Lightweight Directory Access Protocol (LDAP) database.

  • Strict, yet easily customizable access control to grant users access only to selected log messages.

  • Ability to search log data in multiple logspaces, whether on the same SSB applicance or located on a different appliance, even in a remote location.

SSB is configured and managed from any modern web browser that supports HTTPS connections, JavaScript, and cookies.

Supported browsers:

Mozilla Firefox 52 ESR

We also test SSB on the following, unsupported browsers. The features of SSB are available and usable on these browsers as well, but the look and feel might be different from the supported browsers. Internet Explorer 11, Microsoft Edge, and the currently available version of Mozilla Firefox and Google Chrome.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating