What is new in syslog-ng Store Box 4 F7

July 24, 2017


Table of Contents

1. Preface

Certificate chain support for web user interface and RPC API

SSB now supports certificate chains, that is, web server certificates that contain intermediate certificates in addition to the end-user subscriber or server certificate. Previously, at the start of an SSL or TLS session, SSB only presented the server certificate to the client machine. From version 4 F7 onwards, you can choose to upload a certificate chain, and SSB will send the client machine both the server certificate and any additional intermediate certificates.

For details, see Procedure 3.2, Configuring SSB with the Welcome Wizard in The syslog-ng Store Box 4 F7 Administrator Guide, Procedure 6.7.2, Uploading external certificates to SSB in The syslog-ng Store Box 4 F7 Administrator Guide, and Procedure 11.4, Setting the certificates used in TLS-encrypted log transport in The syslog-ng Store Box 4 F7 Administrator Guide.

Parsing sudo log messages

SSB separates sudo log messages into name-value pairs. The sudo parser enables you to enrich your log message data with details of privilege escalation events, such as who initiated the event, what command was issued, and so on. Metadata generated from the parsed values is searchable and can be used in statistics and custom reports.

For further information, see Procedure 10.5, Parsing sudo log messages in The syslog-ng Store Box 4 F7 Administrator Guide.

HTTP Strict Transport Security (HSTS) support when switching to a self-signed certificate or when CA-signed certificate expires for SSB's web interface

If you have successfully accessed the SSB web interface using HTTPS at least once, your browser will remember this and force you to access SSB using HTTPS. This can cause issues when you switch to a self-signed certificate from a trusted CA-signed certificate, or when the SSL certificate of the web interface expires.

The resolution to this issue is to remove HSTS settings from the browser or to upload a new certificate using a different browser on a different machine.

For further information, see Section 4.1, Supported web browsers and operating systems in The syslog-ng Store Box 4 F7 Administrator Guide.