Chat now with support
Chat with Support

syslog-ng Store Box 7.3.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Using the internal search interfaces

The internal search interfaces that allow you to browse and filter the configuration changes, alerts, notifications, and reports of syslog-ng Store Box(SSB) are located across various pages. The way the user interface works, however, is uniform across all these pages. This section walks you through the main functionalities that are available to you when browsing internal messages.

The example in AAA > Accounting — An example of an internal search interface shows the AAA > Accounting page but all the search interfaces listed under Configuration changes, Alerts and notifications, and Dashboard statistics and reports have similar features and look and feel.

Figure 230: AAA > Accounting — An example of an internal search interface

The bars display the number of log messages in the selected interval. Use the and icons to zoom, and the arrows to display the previous or the next intervals. To explicitly select a date, select Jump to and set the date in the calendar. You can change the length of the displayed interval with the Scale option.

Hovering the mouse above a bar displays the number of entries and the start and end date of the period that the bar represents. Click a bar to display the entries of that period in the table. Use Shift+Click to select multiple bars.

If data is too long to fit on one line, it is automatically wrapped and only the first line is displayed. To expand a row, click . To shrink the row back to its original size, click . To expand/shrink all rows, click the respective button on the header of the table. The rows can also be expanded/shrunk by double-clicking on the respective row.

Filtering

The tables can be filtered for any parameter, or a combination of parameters. To filter the list, enter the filter expression in the input field of the appropriate column, and press Enter, or click on an entry in the table.

NOTE: When you use filters, the bars display the statistics of the filtered results.

Filtering also displays partial matches. For example, filtering the Author column on the AAA > Accounting page for and displays all changes performed by users whose username contains the adm string.

You can use the (Search exact match) icon to perform an exact search, and the (Invert filter) icon for inverse filtering ("does not include"). To clear filters from a column, click .

To restore the original table, click Clear all filters.

Exporting the results

To save the table of search results as a file, click Export as CSV. This saves the table as a text file containing comma-separated values. Note that if an error occurs when exporting the data, the exported CSV file will include a line (usually as the last line of the file) starting with a zero and the details of the problem, for example, 0;description_of_the_error.

 Caution:

Do not use Export all to CSV to export large amounts of data, as exporting data can be very slow, especially if the system is under heavy load. If you regularly need a large portion of your data in plain text format, consider using the syslog-ng Store Box(SSB) RPC API (for details, see The SSB RPC API in the Administration Guide), or sharing the log files on the network and processing them with external tools (for details, see Accessing log files across the network in the Administration Guide).

Customizing columns of the internal search interfaces

The following describes how to customize the data displayed on the interface.

To customize the data displayed on the interface

  1. Navigate to the database you want to browse, for example, AAA > Accounting.

  2. Click Customize Columns. A pop-up window containing the list of visible and available columns appears.

    Figure 231: AAA > Accounting > Customize Columns — Customizing columns of the search interfaces

  3. The displayed parameters are listed in the Visible columns field. All other available parameters are listed in the Available columns field.

    • To add parameters to the Visible columns field, select the desired parameter(s) and click Add.

    • To remove parameters from the Visible columns field, select the desired parameter(s) and click Remove.

    • To freeze columns (to make them permanently visible, even when scrolling horizontally), enable the Freeze option next to the desired parameter.

    NOTE: To select multiple parameters, press Ctrl while clicking the items.

  4. Click OK. The selected information appears.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating