4-eyes authorization is an advanced authorization method where only two administrators logging in simultaneously are permitted to access the server. These administrators can monitor each other's work, reducing the chance of (accidental or intentional) human errors in the server administration process.
Collection of access policies. Access policies define who can authorize and audit a connection.
An additional IP address assigned to an interface that already has an IP address. The normal and alias IP addresses both refer to the same physical interface.
Audit Player is a desktop application that can replay recorded audit trails like movie. The Audit Player is available for the Microsoft Windows and GNU/Linux platforms.
An audit trail is a file storing the recorded activities of the administrators in an encrypted format. Audit trails can be replayed using the Audit Player application.
The auditing policy determines which events are logged on host running Microsoft Windows operating systems.
The process of verifying the authenticity of a user or client before allowing access to a network system or service.
An authentication policy is a list of authentication methods that can be used in a connection. Connection definitions refer to an authentication policy to determine how the client can authenticate to the target server.
The byte order mark (BOM) is a Unicode character used to signal the byte-order of the message text.
The old syslog protocol standard described in RFC 3164. Sometimes also referred to as the legacy-syslog protocol.
A Certificate Authority (CA) is an institute that issues certificates.
A certificate is a file that uniquely identifies its owner. Certificates contains information identifying the owner of the certificate, a public key itself, the expiration date of the certificate, the name of the CA that signed the certificate, and some other data.
The channel policy lists the SSH channels (for example terminal session, SCP, and so on) that can be used in a connection. The channel policy can further restrict access to each channel based on the IP address of the client or the server, a user list, or a time policy.
In client mode, syslog-ng collects the local logs generated by the host and forwards them through a network connection to the central syslog-ng server or to a relay.
Reliable connection is also known as Common Gateway Protocol (CGP). It makes reconnection possible to the server in case of a network failure. Default port number is 2598.
Connection policies determine if a server can be accessed from a particular client. Connection policies reference other resources (policies, usergroups, keys) that must be configured and available before creating a connection policy.
SPS audits and controls only the traffic that is configured in the connection and channel policies, all other traffic is forwarded on the packet level without any inspection.
A named collection of configured destination drivers.
A communication method used to send log messages.
A destination that transfers log messages within the host, for example writes them to a file, or passes them to a log analyzing application.
A destination that sends log messages to a remote host (that is, a syslog-ng relay or server) using a network connection.
The Premium Edition of syslog-ng can store messages on the local hard disk if the central log server or the network connection to the server becomes unavailable.
See disk buffer.
The name of a network, for example: balabit.com.
A log statement that is included in another log statement to create a complex log path.
An expression to select messages.
A firmware is a collection of the software components running on SPS. Individual software components cannot be upgraded on SPS, only the entire firmware. SPS contains two firmwares, an external (or boot) firmware and an internal (or core) firmware. These can be upgraded separately.
A domain name that specifies its exact location in the tree hierarchy of the Domain Name System (DNS). For example, given a device with a local hostname myhost and a parent domain name example.com, the fully qualified domain name is myhost.example.com.
A device that connects two or more parts of the network, for example: your local intranet and the external network (the Internet). Gateways act as entrances into other networks.
The HA interface (labeled 4 or HA) is an interface reserved for communication between the nodes of SPS clusters.
High Availability (HA) uses a second SPS unit (called secondary node) to ensure that the services are available even if the first unit (called primary node) breaks down.
A computer connected to the network.
A name that identifies a host on the network.
The base protocol of Citrix products (default port tcp/1494). It does desktop or application remoting through TCP or other network protocols. Independent Computing Architecture (ICA) is a proprietary protocol for an application server system, designed by Citrix Systems. The protocol lays down a specification for passing data between server and clients, but is not bound to any one platform. ICA is broadly similar in purpose to window servers such as the X Window System. It also provides for the feedback of user input from the client to the server, and a variety of means for the server to send graphical output, as well as other media such as audio, from the running application to the client.
The syslog-protocol standard developed by the Internet Engineering Task Force (IETF), described in RFC 5424-5427.
A private key and its related public key. The private key is known only to the owner, while the public key can be freely distributed. Information encrypted with the private key can only be decrypted using the public key.
The Lightweight Directory Access Protocol (LDAP), is an application protocol for querying and modifying data using directory services running over TCP/IP.
SPS's license determines the number of servers (IP addresses) that SPS protects. The license limits the number of IP addresses accessible.
A combination of sources, filters, parsers, rewrite rules, and destinations: syslog-ng examines all messages arriving to the sources of the logpath and sends the messages matching all filters to the defined destinations.
A host or network device (including syslog-ng clients and relays) that sends logs to the syslog-ng server. Log source hosts can be servers, routers, desktop computers, or other devices capable of sending syslog messages or running syslog-ng.
See log path.
A binary logfile format that can encrypt, compress, and timestamp log messages.
Long Term Supported releases are major releases of that are supported for three years after their original release.
See log source host.
A network computer storing the IP addresses corresponding to domain names.
An SPS unit running in High Availability mode.
The Oracle Instant Client is a small set of libraries, which allow you to connect to an Oracle Database. A subset of the full Oracle Client, it requires minimal installation but has full functionality.
A part of the memory of the host where syslog-ng stores outgoing log messages if the destination cannot accept the messages immediately.
Messages from the output queue are sent to the target syslog-ng server. The syslog-ng application puts the outgoing messages directly into the output queue, unless the output queue is full. The output queue can hold 64 messages, this is a fixed value and cannot be modified.
See output buffer.
A set of rules to segment messages into named fields or columns.
A command that sends a message from a host to another host over a network to test connectivity and packet loss.
A number ranging from 1 to 65535 that identifies the destination application of the transmitted data. For example: SSH commonly uses port 22, web servers (HTTP) use port 80, and so on.
The active SPS unit that is inspecting the traffic when SPS is used in High Availability mode.
An old abbreviation of Safeguard for Privileged Sessions (SPS).
An authentication method that uses encryption key pairs to verify the identity of a user or a client.
A redundant Heartbeat interface is a virtual interface that uses an existing interface of the SPS device to detect that the other node of the SPS cluster is still available. The virtual interface is not used to synchronize data between the nodes, only Heartbeat messages are transferred.
A regular expression is a string that describes or matches a set of strings.
In relay mode, syslog-ng receives logs through the network from syslog-ng clients and forwards them to the central syslog-ng server using a network connection.
Remote Desktop Gateway (RD Gateway) is a role service in the Remote Desktop Services server role that allows authorized remote users to connect to resources located on an internal or private network from any Internet-connected device. The accessible resources can be terminal servers, remote applications, remote desktops, and so on. This service is also called Remote Desktop Gateway or RD Gateway.
A set of rules to modify selected elements of a log message.
An old abbreviation of Safeguard for Privileged Sessions (SPS).
The passive SPS unit that replaces the active unit (the primary node) if the primary node becomes unavailable.
In server mode, syslog-ng acts as a central log-collecting server. It receives messages from syslog-ng clients and relays over the network, and stores them locally in files, or passes them to other applications, for example, log analyzers.
Simple Network Management Protocol (SNMP) is an industry standard protocol used for network management. SPS can send SNMP alerts to a central SNMP server.
A named collection of configured source drivers.
A communication method used to receive log messages.
A source that receives log messages from within the host, for example, from a file.
A source that receives log messages from a remote host using a network connection, for example, network(), syslog().
A split brain situation occurs when for some reason (for example, the loss of connection between the nodes) both nodes of an SPS cluster become active (primary) nodes. This might cause that new data (for example, audit trails) is created on both nodes without being replicated to the other node. Thus, it is likely in this situation that two diverging sets of data are created, which cannot be trivially merged.
Safeguard for Privileged Sessions
SSH settings determine the parameters of the connection on the protocol level, including timeout value and greeting message of the connection, as well as the encryption algorithms used.
See TLS.
The syslog-ng application is a flexible and highly scalable system logging application, typically used to manage log messages and implement centralized logging.
The syslog-ng Agent for Windows is a commercial log collector and forwarder application for the Microsoft Windows platform. It collects the log messages of the Windows-based host and forwards them to a syslog-ng server using regular or SSL-encrypted TCP connections.
A host running syslog-ng in client mode.
The syslog-ng Premium Edition is the commercial version of the open-source application. It offers additional features, like encrypted message transfer and an agent for Microsoft Windows platforms.
A host running syslog-ng in relay mode.
A host running syslog-ng in server mode.
A user-defined structure that can be used to restructure log messages or automatically generate file names.
The time policy determines which hours of a day can the users access a connection or a channel.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which provide secure communications on the Internet. The application can encrypt the communication between the clients and the server using TLS to prevent unauthorized access to sensitive log messages.
A command that shows all routing steps (the path of a message) between two hosts.
A UNIX domain socket (UDS) or IPC socket (inter-procedure call socket) is a virtual socket, used for inter-process communication.
User lists are white- or blacklists of usernames that allow fine-control over who can access a connection or a channel.