立即与支持人员聊天
与支持团队交流

syslog-ng Store Box 6.3.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB

Changelogs of SSB

The syslog-ng Store Box(SSB) application automatically records the activity of its users and administrators. These activities are displayed at AAA > Accounting. The following information is available:

Figure 160: AAA > Accounting — Displaying configuration changes

  • Timestamp: The date when the modification was committed in YEAR-MONTH-DAY HOUR:MINUTE:SECOND format.

  • Author: The SSB user who performed the modification.

  • Page: The main menu item that was modified (for example, Basic Settings > Management).

  • Field name: The name of the field on the page that was modified.

  • New value: The new value of the field after the modification.

  • Description: The changelog entered by the SSB administrator. Changelogs are available only if the AAA > Settings > Require commit log option was enabled at the time of the change.

  • Old value: The original value of the field.

  • Swap: Indicates if the order of objects was modified on the page (for example the order of two policies in the list).

For details on how to navigate around the user interface and interact with features such as filtering and exporting results, and customizing what data is displayed, see Using the internal search interfaces.

Configuration changes of syslog-ng peers

Peers running syslog-ng Premium Edition 3.0-6.0.x automatically send a notification to syslog-ng Store Box(SSB) when their configuration has changed since the last configuration reload or restart. Note that peers running syslog-ng Premium Edition version 7.0.x do not send such notifications. These log messages are available at Search > Peer Configuration Change. Note that the log messages do not contain the actual modification, only indicate that the configuration was modified. The following information is available:

  • Timestamp: The timestamp received in the message — the time when the log message was created in YEAR-MONTH-DAY HOUR:MINUTE:SECOND format.

  • Hostname: The hostname or IP address of the client whose configuration has been changed.

  • Version: The version number of the syslog-ng application that sent the message.

  • Sender address: The IP address of the client or relay that sent the message directly to SSB.

  • Signature: The signature of the syslog-ng client.

  • Fingerprint: The SHA-1 hash of the new configuration file.

For details on how to navigate around the user interface and interact with features such as filtering and exporting results, and customizing what data is displayed, see Using the internal search interfaces.

Log message alerts

When using the pattern database, syslog-ng Store Box(SSB) raises alerts for messages that are classified as Violation. The history of these alerts is available at Search > Alerts. The following information is available about the alerts:

Figure 161: Search > Log Alerts — Displaying alert messages

  • Timestamp: The date of the alert in YEAR-MONTH-DAY HOUR:MINUTE:SECOND format.

  • Sender address: The IP address of the client or relay that sent the message directly to SSB.

  • Hostname: The hostname or IP address of the client that sent the message.

  • Program: The application that generated the message.

  • Message: The content of the message.

  • Rule ID: The ID of the classification rule in the pattern database that matched the message. For details, see Classifying messages with pattern databases.

  • Rule description: The description of the classification rule that matched the message. For details, see Classifying messages with pattern databases.

For details on how to navigate around the user interface and interact with features such as filtering and exporting results, and customizing what data is displayed, see Using the internal search interfaces.

Notifications on archiving and backups

Notifications and error messages of the archiving, cleanup and backup procedures are available at Search > Archive & Cleanup. The following information is available:

Figure 162: Search > Archive & Cleanup — Displaying archiving and backup notifications

  • Timestamp: The date of the message in YEAR-MONTH-DAY HOUR:MINUTE:SECOND format.

  • Logspace: The name of the archived or backed up logspace.

  • Directory name: The name of the folder where the archives and backups are located. A new folder is created each day, using the current date as the folder name.

  • Policy: The name of the archive or backup policy used.

  • Archive target: The address of the remote server used in the policy.

  • Manual archiving: Indicates if the archiving or backup process was started manually.

For details on how to navigate around the user interface and interact with features such as filtering and exporting results, and customizing what data is displayed, see Using the internal search interfaces.

相关文档