Chat now with support
Chat with Support

syslog-ng Store Box 7.4.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Sharing log files in Domain mode

To share log files in Domain mode

  1. Navigate to Policies > Shares > SMB/CIFS options and select Domain mode.

  2. Enter the name of the domain (for example, mydomain) into the Domain field.

    Figure 157: Policies > Shares > SMB/CIFS options — Joining a domain

  3. Enter the name of the realm (for example, mydomain.example.com) into the Full domain name field.

    NOTE: Ensure that your DNS settings are correct and that the full domain name can be resolved from syslog-ng Store Box (SSB). To check this, navigate to Basic Settings > Troubleshooting > Ping, enter the full domain name into the Hostname field, and select Ping host.

    Click .

  4. Click Join domain. A pop-up window is displayed.

  5. SSB requires an account to your domain to be able to join the domain. Enter the name of the user into the Username field, and the corresponding password into the Password field.

    NOTE: The syslog-ng Store Box (SSB) appliance accepts passwords that are not longer than 150 characters. The following special characters can be used:

    ! " # $ % & ' ( ) * + , - . / : ; < > = ? @ [ ] ^ - ` { | } \ _ ~

    Optionally, you can enter the name of your domain controller into the Domain controller field. If you leave this field blank, SSB will try to find the domain controller automatically.

    NOTE: Ensure that your DNS settings are correct and that the hostname of the domain controller can be resolved from SSB. To check this, navigate to Basic Settings > Troubleshooting > Ping, enter the name of the domain controller into the Hostname field, and select Ping host.

  6. Click Join domain.

  7. Select to create a new share policy and enter a name for the policy.

    Figure 158: Policies > Shares > Share policies — Creating share policies

  8. Select the type of the network share from the Type field.

    • To access the log files using NFS (Network File System), select NFS.

    • To access the log files using Samba (Server Message Block protocol), select CIFS.

      NOTE: From SSB version 5.2.0, SSB only supports SMB 2.1 and later. If you are using a Windows version earlier than Windows 2008R2, make sure that it supports SMB 2.1 or later. Otherwise, the Windows machine cannot connect to the SSB share.

  9. If you are using the Samba protocol, you can control which users and hosts can access the shares. Otherwise, every user with an SSB account has access to every shared log file.

    • To control which users can access the shared files, enter the name of the domain that can access the files (specified in Step 2) into the Allowed group field. Note that the users and SSB must be members of the same domain.

    • To limit the hosts from where the shares can be accessed, create a hostlist and select it from the Hostlist field. For details on creating hostlists, see Creating hostlist policies.

  10. Click .

  11. To display the details of the logspace, navigate to Log > Logspaces and click .

  12. Select the share policy to use from the Sharing policy field.

    Figure 159: Log > Logspaces > Policies — Setting the share policy of a logspace

  13. Click .

  14. Mount the shared logspace from your computer to access it.

Accessing shared files

This section describes how to access log files that are shared using a share policy. For details on sharing log files, see Accessing log files across the network.

Every shared logspace is available as a separate shared folder, even if they all use a single share policy. The name of the shared folder is the name of the logspace.

Within the shared folder, the log files are organized into the following directory structure: YEAR/MM-DD/. The files are named according to the filename template set for the logspace. The extension of logstore files is .store, while the extension of text files is .log. Note that the root directory of the share may also contain various files related to the logspace, like index files for logstores. All files are read-only.

When using NFS for sharing the logspace, the name of the shared folder will be the following: /exports/{logspace_id}/....

Mount a shared logspace

The following examples show how to mount a shared logspace.

On Linux NFS:
mount -t nfs {ssb_ip}:/exports/{logspace_id} {where_to_mount}
On Linux SMB:

From SSB version 5.2.0, SSB only supports SMB 2.1 and later. If you are using a Linux version that uses SMB protocol version earlier than 2.1, add the option -o vers=2.1 to ensure that SSB uses SMB 2.1. For example:

mount -t cifs //{ssb_ip}/{logspace_id} /path/to/mount/shared/logspace/ -o username={username},password={password},vers=2.1
On Windows NFS:
  1. Make sure that you have the "Services for NFS" Windows component installed. If not, you can install the NFS client from the Windows interface.

  2. Open regedit, and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default

  3. Create two new DWORD keys called AnonymousGID and AnonymousUID. Set their values to 0.

  4. Restart the NFS client service from an elevated privilege command prompt. Use the following commands: nfsadmin client stop, then nfsadmin client start

  5. Mount the share from the command prompt. (Alternatively, you can also use the 'Map network drive...' function of the File Explorer.)

    mount {ssb_ip}://exports/{logspace_id} {drive_letter}:

    For example, the following command mounts the local logspace as drive G:

    mount 192.168.1.1://exports/local G:

    After mounting the shared logspace, it is visible in the file explorer. If it is not visible in the file explorer, you have probably used a different user to mount the share. To avoid this problem, you can mount the share again with the same user. Otherwise, you can access it from the command prompt using the {drive_letter}: command, even if it is not visible in the file explorer.

On Windows SMB:

Map the share from the command prompt. (Alternatively, you can also use the 'Map network drive...' function of the file explorer.)

net use {drive_letter}: \\{ssb_ip}\{logspace_name} /user:{user_name} "{password}"

For example, the following command maps the local logspace as drive G:

net use G: \\192.168.1.1:\local /user:myuser "mypassword"

After mapping the shared logspace, it is visible in the File Explorer. If it is not visible in the file explorer, you have probably used a different user to mount the share. To avoid this problem, you can mount the share again with the same user. Otherwise, you can access it from the command prompt using the {drive_letter}: command, even if it is not visible in the file explorer.

NOTE: NOTE: In case of accessing shared files in domain mode, also include the domain name in the command: net use {drive_letter}: \\{ssb_ip}\{logspace_name} /user:{domain_name}\{user_name} "{password}"

For example, the following command maps the local logspace as drive G:

net use G: \\192.168.1.1:\local /user:mydomain\myuser "mypassword"

For information on viewing encrypted logspace files, see Viewing encrypted logs with logcat.

Managing custom cloud service provider data disks for your logspaces in SSB

From syslog-ng Store Box (SSB) version 7.4.0, you have more options for managing data disks for your logspaces.

For more information about assigning the SSB logspace of your choice to the new custom cloud service provider data disk, see Assigning the SSB logspace of your choice to a custom cloud service provider data disk.

If you need more disk space than the disk size of your default data disk available in syslog-ng Store Box (SSB), from version 6.9.0, you can also add a custom cloud service provider data disk to your configuration. From 6.9.0, SSB supports adding a Microsoft Azure-managed disk and from 6.10.0, SSB supports adding additional disks in VMware ESXi to your SSB configuration as a custom cloud service provider data disk, and assigning the SSB logspace of your choice to it.

NOTE:

In version 7.4.0, SSB supports adding Microsoft Azure managed disks of up to 32,767 GB storage space to your SSB device. For more information about managed data disks in Microsoft Azure, see Disk type comparison in the Microsoft Azure online documentation.

NOTE: From version 6.10.0, SSB supports adding additional hard disks as data disks in VMware ESXi Hypervisor. However, this documentation uses VMware vSphere Client to manage hard disks of SSB virtual machines hosted in VMware ESXi.

Adding a custom cloud service provider data disk to your SSB configuration requires procedures that you must complete in a strict order, both on the SSB side, and on the cloud service provider side, too.

Topics:

Possible use cases and scenarios for using custom cloud service provider data disks with SSB

From syslog-ng Store Box (SSB) version 7.4.0, you have more options for managing data disks for your logspaces.

If you need more disk space than the disk size of your default data disk available in syslog-ng Store Box (SSB), from version 6.9.0, you can also add a custom cloud service provider data disk to your configuration. From 6.9.0, SSB supports adding a Microsoft Azure-managed disk and from 6.10.0, SSB supports adding additional disks in VMware ESXi to your SSB configuration as a custom cloud service provider data disk, and assigning the SSB logspace of your choice to it.

This section lists the possible use cases and scenarios for using custom cloud service provider data disks with SSB.

From version 6.9.0, you can use Microsoft Azure managed disks and from version 6.10.0. you can use additional disks in VMWare ESXi as SSB custom cloud service provider data disks in these scenarios and use cases:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating