An additional IP address assigned to an interface that already has an IP address. The normal and alias IP addresses both refer to the same physical interface.
The auditing policy determines which events are logged on host running Microsoft Windows operating systems.
The process of verifying the authenticity of a user or client before allowing access to a network system or service.
The old syslog protocol standard described in RFC 3164. Sometimes also referred to as the legacy-syslog protocol.
A Certificate Authority (CA) is an institute that issues certificates.
[[[Undefined variable TemplateGuideVariables.OneIdentityNameShort]]] font that contains standard icons used in the user interfaces for various [[[Undefined variable TemplateGuideVariables.OneIdentityNameShort]]] products.
A certificate is a file that uniquely identifies its owner. Certificates contains information identifying the owner of the certificate, a public key itself, the expiration date of the certificate, the name of the CA that signed the certificate, and some other data.
An ordered list of certificates, containing an end-user subscriber (or server) certificate and intermediate certificates (that represent the intermediate CAs). A certificate chain enables the receiver to verify that the sender and all intermediate certificates are trustworthy.
In client mode, syslog-ng collects the local logs generated by the host and forwards them through a network connection to the central syslog-ng server or to a relay.
A named collection of configured destination drivers.
A communication method used to send log messages.
A destination that transfers log messages to a logspace.
A destination that transfers log messages within the host, for example writes them to a file, or passes them to a log analyzing application.
The Premium Edition of syslog-ng can store messages on the local hard disk if the central log server or the network connection to the server becomes unavailable.
See disk buffer.
The name of a network, for example: balabit.com.
Flare default style, that can be used to group content within a topic. It is a resource to structure and collapse content especially in non-print outputs.
The external interface (labeled 1 or EXT) is used for general communication between the clients and the servers. If the management interface is not configured, the external interface is used for management purposes as well.
An expression to select messages.
The filtered subset of logs contained in an existing local, remote, or multiple logspace. A filtered logspace is created by using the same search expressions and logic as on the Search interface. See also multiple logspace and remote logspace.
A firmware is a collection of the software components running on SSB. Individual software components cannot be upgraded on SSB, only the entire firmware. SSB contains two firmwares (an external (or boot) firmware, and an internal (or core) firmware). These are bundled into a single ISO file.
A device that connects two or more parts of the network, for example: your local intranet and the external network (the Internet). Gateways act as entrances into other networks.
List of short definitions of product specific terms.
The HA interface (labeled 4 or HA) is an interface reserved for communication between the nodes of SSB clusters.
High Availability (HA) uses a second SSB unit (called slave node) to ensure that the services are available even if the first unit (called master node) breaks down.
A computer connected to the network.
A name that identifies a host on the network.
The base protocol of Citrix products (default port tcp/1494). It does desktop or application remoting through TCP or other network protocols. Independent Computing Architecture (ICA) is a proprietary protocol for an application server system, designed by Citrix Systems. The protocol lays down a specification for passing data between server and clients, but is not bound to any one platform. ICA is broadly similar in purpose to window servers such as the X Window System. It also provides for the feedback of user input from the client to the server, and a variety of means for the server to send graphical output, as well as other media such as audio, from the running application to the client.
The syslog-protocol standard developed by the Internet Engineering Task Force (IETF), described in RFC 5424-5427.
A private key and its related public key. The private key is known only to the owner, while the public key can be freely distributed. Information encrypted with the private key can only be decrypted using the public key.
The Lightweight Directory Access Protocol (LDAP), is an application protocol for querying and modifying data using directory services running over TCP/IP.
A combination of sources, filters, parsers, rewrite rules, and destinations: syslog-ng examines all messages arriving to the sources of the logpath and sends the messages matching all filters to the defined destinations.
A host or network device (including syslog-ng clients and relays) that sends logs to the syslog-ng server. Log source hosts can be servers, routers, desktop computers, or other devices capable of sending syslog messages or running syslog-ng.
See log path.
The virtual container on SSB of log messages collected from clients and from SSB itself. Can be of the type: logstore or plain text logspace. See also logstore and plain text logspace.
A binary logfile format that can encrypt, compress, and time stamp log messages.
Long Term Supported releases are major releases of that are supported for three years after their original release.
See log source host.
The management interface (labeled 2 or MGMT) is used exclusively for communication between SSB and the auditor or the administrator of the syslog-ng Store Box.
The active SSB unit that is inspecting the traffic when SSB is used in High Availability mode.
A logspace that aggregates log messages from several logspaces. A multiple logspace can be searched like any other logspace on SSB, and you can also create filtered logspaces that are based on a multiple logspace. See also filtered logspace.
A network computer storing the IP addresses corresponding to domain names.
An SSB unit running in High Availability mode.
Circumstance, that needs special attention.
A part of the memory of the host where syslog-ng stores outgoing log messages if the destination cannot accept the messages immediately.
Messages from the output queue are sent to the target syslog-ng server. The syslog-ng application puts the outgoing messages directly into the output queue, unless the output queue is full. The output queue can hold 64 messages, this is a fixed value and cannot be modified.
See output buffer.
A set of rules to segment messages into named fields or columns.
A command that sends a message from a host to another host over a network to test connectivity and packet loss.
A number ranging from 1 to 65535 that identifies the destination application of the transmitted data. For example: SSH commonly uses port 22, web servers (HTTP) use port 80, and so on.
An authentication method that uses encryption key pairs to verify the identity of a user or a client.
A redundant Heartbeat interface is a virtual interface that uses an existing interface of the SSB device to detect that the other node of the SSB cluster is still available. The virtual interface is not used to synchronize data between the nodes, only Heartbeat messages are transferred.
A regular expression is a string that describes or matches a set of strings.
In relay mode, syslog-ng receives logs through the network from syslog-ng clients and forwards them to the central syslog-ng server using a network connection.
Remote Desktop Gateway (RD Gateway) is a role service in the Remote Desktop Services server role that allows authorized remote users to connect to resources located on an internal or private network from any Internet-connected device. The accessible resources can be terminal servers, remote applications, remote desktops, and so on. This service is also called Remote Desktop Gateway or RD Gateway.
A set of rules to modify selected elements of a log message.
Software-as-a-Service.
In server mode, syslog-ng acts as a central log-collecting server. It receives messages from syslog-ng clients and relays over the network, and stores them locally in files, or passes them to other applications, for example, log analyzers.
Used to design the online output window.
The passive SSB unit that replaces the active unit (the master node) if the master becomes unavailable.
Flare file type that can be used to reuse content. The One Identity SSB contains various default snippets.
Simple Network Management Protocol (SNMP) is an industry standard protocol used for network management. SSB can send SNMP alerts to a central SNMP server.
A named collection of configured source drivers.
A communication method used to receive log messages.
A source that receives log messages from within the host, for example, from a file.
A source that receives log messages from a remote host using a network connection, for example, network(), syslog().
A split brain situation occurs when for some reason (for example the loss of connection between the nodes) both nodes of an SSB cluster become active (master). This might cause that new data (for example, audit trails) is created on both nodes without being replicated to the other node. Thus, it is likely in this situation that two diverging sets of data are created, which cannot be trivially merged.
syslog-ng Store Box
SSH settings determine the parameters of the connection on the protocol level, including timeout value and greeting message of the connection, as well as the encryption algorithms used.
See TLS.
The syslog-ng application is a flexible and highly scalable system logging application, typically used to manage log messages and implement centralized logging.
The syslog-ng Agent for Windows is a commercial log collector and forwarder application for the Microsoft Windows platform. It collects the log messages of the Windows-based host and forwards them to a syslog-ng server using regular or SSL-encrypted TCP connections.
A host running syslog-ng in client mode.
The syslog-ng Premium Edition is the commercial version of the open-source application. It offers additional features, like encrypted message transfer and an agent for Microsoft Windows platforms.
A host running syslog-ng in relay mode.
A host running syslog-ng in server mode.
A user-defined structure that can be used to restructure log messages or automatically generate file names.
Additional, usefull information.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which provide secure communications on the Internet. The application can encrypt the communication between the clients and the server using TLS to prevent unauthorized access to sensitive log messages.
A command that shows all routing steps (the path of a message) between two hosts.