Chat now with support
Chat with Support

syslog-ng Store Box 7.1.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Creating hostlist policies

The syslog-ng Store Box (SSB) appliance can use a list of host and network addresses at a number of places, for example for limiting the client that can send log messages to a log source, or the hosts that can access shared logspaces.

Creating hostlists

This section describes how to create a new hostlist.

To create a new hostlist

  1. Navigate to Policies > Hostlists and select .

  2. Enter a name for the hostlist (for example, servers).

    Figure 119: Policies > Hostlists — Creating hostlists

  3. Enter the IP address of the permitted host into the Match > Address field. You can also enter a network address in the IP address/netmask format (for example 192.168.1.0/24). To add more addresses, click and repeat this step.

  4. To add hosts that are excluded from the list, enter the IP address of the denied host into the Ignore > Address field.

    TIP: To add every address except for a few specific hosts or networks to the list, add the 0.0.0.0/0 network to the Match list, and the denied hosts or networks to the Ignore list.

  5. Click .

    NOTE: If you modify a hostlist, you only need to restart syslog-ng if a host, which is already connected, needs to be ignored with a hostlist. Navigate to Basic Settings > System > Service control > Syslog traffic, indexing & search: and select Restart syslog-ng for the changes to take effect.

Importing hostlists from files

This section describes how to import hostlists from a text file.

To import hostlists from a text file

  1. Create a plain text file containing the hostlist policies and IP addresses to import. Every line of the file will add an IP address or network to a policy. Use the following format:

    name_of_the_policy;match

    or

    ignore;IP address

    For example, a policy that ignores the 192.168.5.5 IP address and another one that matches on the 10.70.0.0/24 subnet, use:

    policy1;ignore;192.168.5.5
policy2;match;10.70.0.0/24

    To add multiple addresses or subnets to the same policy, list every address or subnet in a separate line, for example:

    policy1;ignore;192.168.7.5
policy1;ignore;192.168.5.5
policy1;match;10.70.0.0/24

  2. Navigate to Policies > Hostlists > Import from file > Browse and select the text file containing the hostlist policies to import.

    Figure 120: Policies > Hostlists — Importing hostlists

  3. If you are updating existing policies and want to add new addresses to them, select Append.

    If you are updating existing policies and want to replace the existing addresses with the ones in the text file, select Replace.

  4. Click Upload, then .

    NOTE: If you modify a hostlist, you only need to restart syslog-ng if a host, which is already connected, needs to be ignored with a hostlist. Navigate to Basic Settings > System > Service control > Syslog traffic, indexing & search: and select Restart syslog-ng for the changes to take effect.

Configuring message sources

The syslog-ng Store Box (SSB) appliance receives log messages from remote hosts via sources. A number of sources are available by default, but you can also create your own customized message sources. In addition to creating your own, customized message sources based on the Syslog or SQL protocol, SSB can also receive messages via the SNMP protocol, and convert these messages to Syslog messages.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating