Table of Contents

Preface

1. Summary of contents

2. Target audience and prerequisites

3. Products covered in this guide

4. Typographical conventions

5. Contact and support information

5.1. Sales contact

5.2. Support contact

5.3. Training

6. About this document

6.1. Summary of changes

6.2. Feedback

1. Introduction

1.1. What SSB is

1.2. What SSB is not

1.3. Why is SSB needed

1.4. Who uses SSB

2. The concepts of SSB

2.1. The philosophy of SSB

2.2. Collecting logs with SSB

2.3. Managing incoming and outgoing messages with flow-control

2.3.1. Flow-control and multiple destinations

2.4. Receiving logs from a secure channel

2.5. Network interfaces

2.6. High Availability support in SSB

2.7. Firmware in SSB

2.7.1. Firmwares and high availability

2.8. Versions and releases of SSB

2.9. Licenses

2.10. The structure of a log message

2.10.1. BSD-syslog or legacy-syslog messages

2.10.2. IETF-syslog messages

3. The Welcome Wizard and the first login

3.1. The initial connection to SSB

3.1.1. Creating an alias IP address (Microsoft Windows)

3.1.2. Creating an alias IP address (Linux)

3.1.3. Modifying the IP address of SSB

3.2. Configuring SSB with the Welcome Wizard

3.3. Configuring storage access in SSB

4. Configuring and managing SSB

4.1. Supported web browsers and operating systems

4.2. The structure of the web interface

4.2.1. Elements of the main workspace

4.2.2. Multiple web users and locking

4.3. Basic settings

4.3.1. Network settings

4.3.2. Date and time configuration

4.3.3. SNMP and e-mail alerts

4.3.4. Configuring system monitoring on SSB

4.3.5. Data and configuration archiving and backups

4.4. User management and access control

4.4.1. Managing SSB users locally

4.4.2. Setting password policies for local users

4.4.3. Managing local usergroups

4.4.4. Managing SSB users from an LDAP database

4.4.5. Authenticating users to a RADIUS server

4.4.6. Managing user rights and usergroups

4.4.7. Listing and searching configuration changes

4.5. Managing SSB

4.5.1. Controlling SSB — restart, shutdown

4.5.2. Managing a high availability SSB cluster

4.5.3. Upgrading SSB

4.5.4. Troubleshooting SSB

4.5.5. Accessing the SSB console

4.5.6. Sealed mode

4.5.7. Out-of-band management of SSB

4.5.8. Changing the certificates used on SSB

4.5.9. Creating hostlist policies

4.6. Managing SAN access in SSB

5. Configuring the syslog-ng server of SSB

5.1. Configuring message sources

5.1.1. Default message sources in SSB

5.1.2. Receiving SNMP messages

5.1.3. Creating message sources in SSB

5.2. Storing messages on SSB

5.2.1. Default logspaces in SSB

5.2.2. Configuring the indexer

5.2.3. Using logstores

5.2.4. Creating custom message spaces in SSB

5.2.5. Managing log spaces

5.2.6. Accessing log files across the network

5.3. Forwarding messages from SSB

5.3.1. Forwarding log messages to SQL databases

5.3.2. SQL templates in SSB

5.3.3. Forwarding log messages to remote servers

5.4. Managing log paths

5.4.1. Default logpaths in SSB

5.4.2. Creating new log paths

5.4.3. Filtering messages

5.5. Configuring syslog-ng options

5.5.1. General syslog-ng settings

5.5.2. Timestamping configuration on SSB

5.5.3. Using name resolution on SSB

5.5.4. Setting the certificates used in TLS-encrypted log transport

6. Browsing log messages and SSB reports

6.1. Using the search interface

6.1.1. Customizing columns

6.1.2. Adding and removing dynamic columns

6.2. Changelogs of SSB

6.3. Log messages collected on SSB

6.3.1. Metadata collected about log messages

6.3.2. Using and managing search filters

6.3.3. Displaying statistics on search results

6.3.4. Browsing encrypted log spaces

6.4. Configuration changes of syslog-ng peers

6.5. Notifications on archiving and backups

6.6. Log message alerts

6.7. Statistics collection options

6.8. Reports

6.9. Configuring custom reports

7. Classifying messages with pattern databases

7.1. The structure of the pattern database

7.2. How pattern matching works

7.3. Searching for rulesets

7.4. Creating new rulesets and rules

7.5. Exporting databases and rulesets

7.6. Importing pattern databases

7.7. Using pattern parsers

7.8. Using parser results in filters and templates

Appendix 1. Package contents inventory

Appendix 2. syslog-ng Store Box Hardware Installation Guide

2.1. Installing the SSB hardware

2.2. Installing two SSB units in HA mode

2.3. Installing a SAN storage module to SSB

Appendix 3. syslog-ng Store Box VMware Installation Guide

3.1. Limitations of SSB under VMware

3.2. Installing SSB under VMware ESXi

Appendix 4. syslog-ng Store Box License contract

4.1. SUBJECT OF THE LICENSE CONTRACT

4.2. DEFINITIONS

4.3. WORDS AND EXPRESSIONS

4.4. LICENSE GRANTS AND RESTRICTIONS

4.5. SUBSIDIARIES

4.6. INTELLECTUAL PROPERTY RIGHTS

4.7. TRADE MARKS

4.8. NEGLIGENT INFRINGEMENT

4.9. INTELLECTUAL PROPERTY INDEMNIFICATION

4.10. LICENSE FEE

4.11. WARRANTIES

4.12. DISCLAIMER OF WARRANTIES

4.13. LIMITATION OF LIABILITY

4.14. DURATION AND TERMINATION

4.15. AMENDMENTS

4.16. WAIVER

4.17. SEVERABILITY

4.18. NOTICES

4.19. MISCELLANEOUS

Appendix 5. Creative Commons Attribution Non-commercial No Derivatives (by-nc-nd) License

Glossary

Index