Other formats |
Share

Instructions for the SSB Live Demo

October 28, 2016


This document gives you a brief overview of the features of syslog-ng Store Box that you can test using the live demo.

Introduction

The SSB Live Demo is configured with limited functionality and grants visitors read-only access. At first, it is probably best to take a look at the life of a log message in SSB's context like how it arrives, gets handled and stored. For this, we need to inspect three basic building blocks: sources, spaces and paths.

Receiving logs

Log > Sources > click on the name of any source. Sources are the entry points through which messages are accepted. A source defines the transport (for example, TCP) as well as the protocol (for example, BSD-syslog) level settings that governs through what means and in what form logs are expected. Transport encryption and mutual authentication of sending hosts can also be enabled here.

Storing logs

Log > Spaces > click on the name of any logspace. Logs can be either stored locally on SSB or forwarded to a remote location (for example, a syslog server or SQL database configured on Log > Destination). Local destinations are called spaces in SSB's terminology and can take two forms: logstores or text files. Logstores provide on-the-fly encryption, compression, digital timestamping and signing. Indexing of selected fields or the entire message can be enabled for logstores that makes it possible to find relevant messages really quickly using the search interface. Archive/clean-up/backup/sharing/access control policies are configured at logstore basis here.

Routing logs

Log > Paths. Once logs arrive, SSB needs to know where to forward them. Log storage is orchestrated by defining path statements with which complex "log routing" decisions can be made. Each row represents a rule on this page. On the left hand-side, there are sources, on the right hand-side there are destinations. Filters can optionally be defined in between.

Browsing and searching

Search > Log. The search interface is used to browse and initiate searches in logstores or SQL destinations. Please select "local" from the drop-down list at the top. The timeline at the top shows the number of entries for each day, week, month, depending on the scale chosen while the result table toward the bottom of the page shows actual messages. Search expressions can be composed manually (the tooltip of the Search input field provides help as to what expressions are supported) or SSB can auto-fill the search field if values are clicked on in the result set. Try clicking on a hostname in the host column to see how it gets added automatically. Additional columns can be added from under "Customize columns" option while statistics can be created and saved for later reporting by using the little pie-chart icons in the header of appropriate columns.

Further information

To learn more about syslog-ng Store Box you can: