Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

syslog-ng Store Box 6.9.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Configuring SNMP alerts

syslog-ng Store Box (SSB) can send alerts to a central monitoring server via SNMP (Simple Network Management Protocol). This section describes how you can configure SNMP trap settings and SNMP alerts.

To configure SNMP trap settings

  1. Navigate to Basic Settings > Alerting > SNMP trap settings.

  2. Enter the IP address or the hostname of the SNMP server into the SNMP server address field.

    Figure 34: Basic Settings > Alerting > SNMP trap settings — Configure SNMP alerts using SNMP v2c

  3. Select the SNMP protocol to use.

    • To use the SNMP v2c protocol for SNMP queries, select SNMP v2c, and enter the community to use into the Community field.

    • To use the SNMP v3 protocol, select SNMP v3 and complete the following steps:

      Figure 35: Basic Settings > Alerting > SNMP trap settings — Configure SNMP alerts using SNMP v3

    1. Enter the username to use into the Username field.

    2. Enter the engine ID to use into the Engine ID field. The engine ID is a hexadecimal number at least 10 digits long, starting with 0x. For example 0xABABABABAB.

    3. Select the authentication method (SHA1) to use from the Authentication method field.

    4. Enter the password to use into the Authentication password field.

    5. Select the encryption method (Disabled or AES) to use from the Encryption method field.

      The supported AES method is AES-128.

    6. In the case of AES, enter the encryption password to use into the Encryption password field.

    NOTE: The syslog-ng Store Box (SSB) appliance accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[]^-`{|}

  4. Click .

  5. Select in which situations SSB should send an SNMP alert. For details, see Configuring system monitoring on SSB.

  6. Click .

Querying SSB status information using agents

External SNMP agents can query the basic status information of syslog-ng Store Box (SSB). This section describes how you can configure which clients can query SSB's basic status information.

To configure which clients can query this information

  1. Navigate to Basic Settings > Monitoring > SNMP agent settings.

    Figure 36: Basic Settings > Monitoring > SNMP agent settings — Configure SNMP agent access (only SNMP v2c agent enabled)

    Figure 37: Basic Settings > Monitoring > SNMP agent settings — Configure SNMP agent access (only SNMP v3 agent enabled)

    Figure 38: Basic Settings > Monitoring > SNMP agent settings — Configure SNMP agent access (both SNMP v2c and SNMP v3 agent enabled)

  2. The status of SSB can be queried dynamically via SNMP. By default, the status can be queried from any host. To restrict access to these data to a single host, enter the IP address of the host into the Client address field.

  3. Optionally, you can enter the details of the SNMP server into the System location, System contact, and System description fields.

  4. Select the SNMP protocol to use.

    • To use the SNMP v2c protocol for SNMP queries, select SNMP v2c agent, and enter the community to use into the Community field.

      By default, information about SSB is available using the public community. If you are using a high-availability SSB cluster, then each node provides information about its own status using a specific community. This community is the Node ID of the node (as displayed in the Basic Settings > High Availability > This node > Node ID field).

    • To use the SNMP v3 protocol, select SNMP v3 agent and complete the following steps:

    1. Click .

    2. Enter the username used by the SNMP agent into the Username field.

    3. Select the authentication method (MD5 or SHA1) to use from the Auth. method field.

    4. Enter the password used by the SNMP agent into the Auth. password field.

    5. Select the encryption method (Disabled, DES or AES) to use from the Encryption method field.

      The supported AES method is AES-128.

    6. Enter the encryption password to use into the Encryption password field.

    7. To add other agents, click .

    NOTE: The syslog-ng Store Box (SSB) appliance accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[]^-`{|}

  5. Click .

View node ID and community

This section provides information about monitoring primary and secondary nodes on syslog-ng Store Box (SSB) with the help of a node ID and community.

To monitor your primary and secondary node, you need the related community ID. Navigate to Basic Settings > Monitoring > SNMP agent settings > Agent access. This information is available if SNMP v2c Agent or SNMP v3 Agent is selected.

Figure 39: Basic Settings > Monitoring > SNMP agent settings > Agent access — Configure SNMP agent access

If either SNMP Agent is selected and your cluster is in HA state, both nodes appear under Agent access. In this case, the first row is the default community, the next rows are the nodes.

The community IDs are displayed under the respective Community (v2c) and Context (v3) columns.

You will use these communities in formulating SNMP queries. The Node names are used to indicate which SNMP objects can be queried from which community in Monitoring SSB.

To view the availability of the nodes, navigate to Basic Settings > High Availability. For details on what type of information you can see on that page, see Managing a high availability SSB cluster. The Node ID. of the node is the same as the ID under Agent access

To gather more information your nodes, query the SSB-SNMP-MIB::ssbHAClusterStatus object. For details, see The status of the HA cluster.

If the query is not responding, it can mean that the target node is down or restarting. In this case, check the node status manually and attempt solving the issue, or contact our Support Team.

NOTE: If SSB's core firmware is not accessible or down, SNMP queries will not work.

Configuring system monitoring on SSB

The following sections provide information about configuring system monitoring on syslog-ng Store Box (SSB).

Topics:
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating