Log Management Appliance

The syslog-ng Store Box™ (SSB) is a high-reliability log management appliance that builds on the strengths of syslog-ng Premium Edition

  • Turnkey log management solution

    • Physical or virtual appliance to fit all infrastructure needs

      SSB is available as a physical appliance in four configurations or as a VMWare image. See hardware specifications.

    • Graphical User Interface

      The syslog-ng Store Box can be configured via an intuitive web-based user interface.

    • Flexible, fast search capability

      Using the web-based user interface, users can search for logs by a variety of message parameters and text searches. Wildcards and Boolean operators allow users to perform complex searches and drill down on the results. Users can gain a quick overview and pinpoint problems fast by generating ad-hoc charts from the distribution of the log messages.

    • Custom Reporting

      Users can easily create customized reports from the charts they create on the search interface.

    • Flexible, low-footprint log collection agent for 50+ platforms

      Every installation of SSB comes with the possibility of using syslog-ng Premium Edition as log collection agents or relay servers at no additional cost. Installers are available for 50+ platforms, including the most popular Linux distributions, commercial flavors of UNIX and Windows. It is of course also possible to receive messages from other sources besides the syslog-ng PE agents.

  • Security

    • Secure Transfer using SSL/TLS

      syslog-ng Premium Edition ensures that messages cannot be accessed by third parties by using the Transport Layer Security (TLS) protocol to encrypt the communication between the agents and syslog-ng Store Box. It is possible to use one-way or mutual authentication between clients and the server using X.509 certificates.

    • Secure, Encrypted Log Storage

      Any sensitive log data can be stored in in encrypted, compressed, and time-stamped binary files restricting access to authorized personnel only.

    • Granular access control

      Authentication, Authorization and Accounting settings can restrict access to the SSB configuration and stored logs based on usergroup privileges and can be integrated with LDAP and Radius databases.

Some of our customers


"The syslog-ng Storebox enabled us to respond quickly to PCI-DSS requirements. With the centralized architecture, we can deploy the solution for all high-risk equipment (firewalls, network core, Active Directory servers) in the infrastructure at Data Base Factory sites."
Project Manager, Data Base Factory.

"SSB is a log management tool, it exactly does Log Management. Many competitors are talking about log management, but, actually, their solutions are about event management. If you have for example 40 types of logs, implementation of an event management solution is a painful and time-consuming exercise. In the same scenario, SSB can be implemented in a few days."
Pavel Hejduk, Head of ICT Security Department, ČEZ ICT Services.

  • Scalability

    • Highly scalable indexing engine

      The syslog-ng Store Box is optimized for performance, and can handle enormous amount of messages. Depending on its exact configuration, it can collect over 100,000 messages per second, and index over 75,000 messages per second, and process over 35 GB of raw logs per hour. Larger versions of the appliance are capable of storing up to 10 terabytes of data.

    • Search interface that can handle billions of events

      The search interface of syslog-ng Store Box is designed to make performing queries over billions of log messages a straightforward task to let you find the needle in the haystack.

    • Collection from thousands of log sources

      A single SSB can collect log messages from more than 10,000 log sources when deployed in a client-relay architecture.

  • Reliability

    • High Availability

      Hardware-based versions of syslog-ng Store Box can be set up to operate in a hot-spare HA cluster configuration.

    • Automated backup of stored data

      Stored log messages and the configuration of SSB can be periodically transferred to a remote server using the following protocols:

      • Network File System protocol (NFS);
      • Rsync over SSH;
      • Server Message Block protocol (SMB/CIFS).
    • Message Rate Alerting

      SSB can be configured to send alerts based on the number of messages being received from sources. Minimum and maximum log message thresholds for specified time periods can be set to monitor the log management infrastructure for any performance and availability issues.

  • Flexibility

    • Collect from a wide variety of sources

      SSB can natively support

      • Remote clients sending traditional syslog messages (as described in RFC3164) using the UDP, TCP, or TLS protocol over IPv4 networks.
      • Remote clients sending messages conforming to the latest IETF syslog protocol standard using the UDP, TCP, or TLS protocol over IPv4 networks.
      • SQL databases - SSB can natively collect and process log messages from SQL databases enabling users to easily manage log messages from a wide variety of enterprise software and custom applications.
      • SNMP sources - SSB can receive SNMP messages using the SNMPv2c protocol and convert these messages to syslog messages.
    • Collection from more than 50 server platforms

      SSB uses the syslog-ng Premium Edition application to collect logs from different operating systems and hardware platforms, including recent and legacy Linux- and Unix-variants, IBM System i (via standalone agent), and Microsoft Windows (via standalone agent).

    • Filter, parse and re-write

      SSB allows for complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations. Messages can be parsed and re-written based on filters to make it possible to integrate with 3rd party tools or to remove sensitive information from the events before storing or forwarding them.

    • Normalize data

      Using the Pattern Database feature, SSB can classify messages based on their content and extract important information. Messages matching pre-defined patterns are selected and can be classified, parsed or re-written.

Login to SSB and see how to configure it to your needs