4-eyes authorization

4-eyes authorization is an advanced authorization method where only two administrators logging in simultaneously are permitted to access the server. These administrators can monitor each other's work, reducing the chance of (accidental or intentional) human errors in the server administration process.

access policy

Collection of access policies. Access policies define who can authorize and audit a connection.

alias IP

An additional IP address assigned to an interface that already has an IP address. The normal and alias IP addresses both refer to the same physical interface.

auditing policy

The auditing policy determines which events are logged on host running Microsoft Windows operating systems.


The process of verifying the authenticity of a user or client before allowing access to a network system or service.

Authentication Policy

An authentication policy is a list of authentication methods that can be used in a connection. Connection definitions refer to an authentication policy to determine how the client can authenticate to the target server.

Audit trail

An audit trail is a file storing the recorded activities of the administrators in an encrypted format. Audit trails can be replayed using the Audit Player application.

Audit Player

Audit Player is a desktop application that can replay recorded audit trails like movie. The Audit Player is available for the Microsoft Windows and GNU/Linux platforms.

BSD-syslog protocol

The old syslog protocol standard described in RFC 3164 The BSD syslog Protocol. Sometimes also referred to as the legacy-syslog protocol.


A Certificate Authority (CA) is an institute that issues certificates.


A certificate is a file that uniquely identifies its owner. Certificates contains information identifying the owner of the certificate, a public key itself, the expiration date of the certificate, the name of the CA that signed the certificate, and some other data.

Channel Policy

The channel policy lists the SSH channels (for example terminal session, SCP, and so on) that can be used in a connection. The channel policy can further restrict access to each channel based on the IP address of the client or the server, a user list, or a time policy.

client mode

In client mode, syslog-ng collects the local logs generated by the host and forwards them through a network connection to the central syslog-ng server or to a relay.

Common Gateway Protocol (CGP)

Reliable connection is also known as Common Gateway Protocol (CGP). It makes reconnection possible to the server in case of a network failure. Default port number is 2598.

Connection Policy

Connection policies determine if a server can be accessed from a particular client. Connection policies reference other resources (policies, usergroups, keys) that must be configured and available before creating a connection policy.

controlled traffic

PSM audits and controls only the traffic that is configured in the connection and channel policies, all other traffic is forwarded on the packet level without any inspection.

disk buffer

The Premium Edition of syslog-ng can store messages on the local hard disk if the central log server or the network connection to the server becomes unavailable.

disk queue

See disk buffer.

domain name

The name of a network, for example


A firmware is a collection of the software components running on PSM. Individual software components cannot be upgraded on PSM, only the entire firmware. PSM contains two firmwares, an external (or boot) firmware and an internal (or core) firmware. These can be upgraded separately.


A device that connect two or more parts of the network, for example your local intranet and the external network (the Internet). Gateways act as entrances into other networks.

High Availability

High Availability (HA) uses a second PSM unit (called slave node) to ensure that the services are available even if the first unit (called master node) breaks down.


A computer connected to the network.


A name that identifies a host on the network. Hostnames can contain only alphanumerical characters (A-Z, a-z, 0-9) and the hyphen (-) character.

HA network interface

The HA interface (labeled 4 or HA) is an interface reserved for communication between the nodes of PSM clusters.


The base protocol of Citrix products (default port tcp/1494). It does desktop or application remoting through TCP or other network protocols. Independent Computing Architecture (ICA) is a proprietary protocol for an application server system, designed by Citrix Systems. The protocol lays down a specification for passing data between server and clients, but is not bound to any one platform. ICA is broadly similar in purpose to window servers such as the X Window System. It also provides for the feedback of user input from the client to the server, and a variety of means for the server to send graphical output, as well as other media such as audio, from the running application to the client.

IETF-syslog protocol

The syslog-protocol standard developed by the Internet Engineering Task Force (IETF), described in RFC 5424 The IETF syslog Protocol.

key pair

A private key and its related public key. The private key is known only to the owner, while the public key can be freely distributed. Information encrypted with the private key can only be decrypted using the public key.


The Lightweight Directory Access Protocol (LDAP), is an application protocol for querying and modifying data using directory services running over TCP/IP.


PSM's license determines the number of servers (IP addresses) that PSM protects. The license limits the number of IP addresses accessible.

log path

A combination of sources, filters, parsers, rewrite rules, and destinations: syslog-ng examines all messages arriving to the sources of the logpath and sends the messages matching all filters to the defined destinations.

master node

The active PSM unit that is inspecting the traffic when PSM is used in High Availability mode.

name server

A network computer storing the IP addresses corresponding to domain names.


A PSM unit running in High Availability mode.


A command that sends a message from a host to another host over a network to test connectivity and packet loss.


A number ranging from 1 to 65535 that identifies the destination application of the transmitted data. For example: SSH commonly uses port 22, web servers (HTTP) use port 80, and so on.


An abbreviation of the Balabit’s Privileged Session Management name. Together with Privileged Account Analytics (formerly called Blindspotter), Balabit’s Privileged Session Management (PSM) is a part of Balabit's Privileged Access Management solution.

Public-key authentication

An authentication method that uses encryption key pairs to verify the identity of a user or a client.

redundant Heartbeat interface

A redundant Heartbeat interface is a virtual interface that uses an existing interface of the PSM device to detect that the other node of the PSM cluster is still available. The virtual interface is not used to synchronize data between the nodes, only Heartbeat messages are transferred.

Remote Desktop Gateway

Remote Desktop Gateway (RD Gateway) is a role service in the Remote Desktop Services server role that allows authorized remote users to connect to resources located on an internal or private network from any Internet-connected device. The accessible resources can be terminal servers, remote applications, remote desktops, and so on.

This service is also called Remote Desktop Gateway or RD Gateway.


An old abbreviation of the Balabit’s Privileged Session Management name. Together with Privileged Account Analytics (formerly called Blindspotter), Balabit’s Privileged Session Management (PSM) is a part of Balabit's Privileged Access Management solution.

slave node

The passive PSM unit that replaces the active unit (the master node) if the master becomes unavailable.


Simple Network Management Protocol (SNMP) is an industry standard protocol used for network management. PSM can send SNMP alerts to a central SNMP server.

split brain

A split brain situation occurs when for some reason (for example the loss of connection between the nodes) both nodes of a PSM cluster become active (master). This might cause that new data (for example audit trails) is created on both nodes without being replicated to the other node. Thus, it is likely in this situation that two diverging sets of data are created, which cannot be trivially merged.

SSH settings

SSH settings determine the parameters of the connection on the protocol level, including timeout value and greeting message of the connection, as well as the encryption algorithms used.


The syslog-ng application is a flexible and highly scalable system logging application, typically used to manage log messages and implement centralized logging.

syslog-ng client

A host running syslog-ng in client mode.

syslog-ng Premium Edition

The syslog-ng Premium Edition is the commercial version of the open-source application. It offers additional features, like encrypted message transfer and an agent for Microsoft Windows platforms.

syslog-ng relay

A host running syslog-ng in relay mode.

syslog-ng server

A host running syslog-ng in server mode, like PSM.


Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which provide secure communications on the Internet.

Time Policy

The time policy determines which hours of a day can the users access a connection or a channel.


A command that shows all routing steps (the path of a message) between two hosts.

User List

User lists are white- or blacklists of usernames that allow fine-control over who can access a connection or a channel.