The Basic Settings > Network tab contains the network interface and naming settings of syslog-ng Store Box (SSB).

Figure 61: Basic Settings > Network > Interfaces — Network settings

  • Interfaces > External interface: The address and netmask / prefix of the SSB network interface that receives client connections. Click the and icons to add new alias IP addresses (also called alias interfaces) or delete existing ones. You must configure at least one external interface. If you disable the management interface, you can also access the SSB web interface through the external interface. When multiple external interfaces are configured, the first one refers to the physical network interface, all others are alias interfaces. You can access the SSB web interface from all external interfaces (if no management interface is configured).

    Optionally, you can enable access to the SSB web interface even if the management interface is configured by activating the Management enabled function.

    Caution:

    If you enable management access on an interface and configure alias IP address(es) on the same interface, SSB will accept management connections only on the original address of the interface.

    NOTE: The IPv6 support on syslog-ng Store Box (SSB) only enables management and UI access, but SSB cannot send or accept logs through IPv6 addresses. As a result, the external interface must have at least one IPv4 address configured.

    NOTE: Do not use IP addresses that fall into the following ranges:

    • IPv4 addresses

      • 1.2.0.0/16 (reserved for communication between SSB cluster nodes)

      • 127.0.0.0/8 (localhost IP addresses)

    • IPv6 addresses

      • ::1/128 (loopback address)
      • fe80::/10 (link-local addresses)

    NOTE: The speed of the interface is displayed for every interface. In SSB version 4 F5 and later, you cannot manually change the speed of the interface.

    On SSB T-10 appliances, if both the 1-Gb (label 1) and 10-Gb (label A) interfaces are plugged in, SSB displays the auto-detected speed of the interface where Ethernet link is detected (that is, the cable is plugged in, and the other side is powered on).

    When SSB is deployed in a virtual environment and only a single network interface is configured, that single network interface starts to serve as the management interface. In such cases, the Management enabled function becomes redundant. Instead, a message displays that access to the web interface and the RPC API is enabled on every configured IP address.

    Figure 62: Basic Settings > Network > Interfaces — Management enabled on every configured IP address

  • Interfaces > Management interface: The adress and netmask / prefix of the SSB network interface used to access the SSB web interface. If the management interface is configured, the web interface can be accessed only through this interface, unless:

    • Access from other interfaces is explicitly enabled.

    • Only one network interface has been defined, which then serves as the management interface.

    NOTE: Do not use IP addresses that fall into the following ranges:

    • IPv4 addresses

      • 1.2.0.0/16 (reserved for communication between SSB cluster nodes)

      • 127.0.0.0/8 (localhost IP addresses)

    • IPv6 addresses

      • ::1/128 (loopback address)
      • fe80::/10 (link-local addresses)
  • Interfaces > Routing table: When sending a packet to a remote network, SSB consults the routing table to determine the path it should be sent. If there is no information in the routing table, the packet is sent to the default gateway.

    Use the routing table to define static routes to specific hosts or networks. You have to use the routing table if the internal interface is connected to multiple subnets, because the default gateway is (usually) towards the external interface. Click the and icons to add new routes or delete existing ones. A route means that messages sent to the Address (IPv4/IPv6) / Netmask (IPv4) / Prefix (IPv6) network should be delivered to Gateway (IPv4 / IPv6). An option is also provided to override the default behavior of always routing outgoing packets based on the destination address and instead reply on the interface of the incoming packets.

    For more information, see Configuring the routing table.

  • Naming > Hostname: Name of the machine running SSB.

  • Naming > Nick name: The nickname of SSB. Use it to distinguish the devices. It is displayed in the core and boot login shells.

  • Naming > DNS search domain: Name of the domain used on the network. When resolving the domain names of the audited connections, SSB will use this domain to resolve the target hostname if the appended domain entry of a target address is empty.

  • Naming > Primary DNS server: IP address of the name server used for domain name resolution.

  • Naming > Secondary DNS server: IP address of the name server used for domain name resolution if the primary server is unaccessible.