What is new in syslog-ng Store Box 4 F8

August 22, 2017


Table of Contents

1. Preface

Operating system upgrade

In this release, we have upgraded the operating system underlying the SSB appliance. The upgrade brings you a more recent and thus, more secure version of the operating system, with longer support lifetime.

Support for Pyramid hardware deprecated

SSB 4 F8/firmware version 4.8.0 is not supported on the following hardware: SSB N1000, SSB N1000d, SSB N5000, SSB N10000.

In case you have SSB deployed on other, newer hardware or you have SSB 4 LTS, those will not be affected in any way. Balabit's regular version policy applies to those.

What the limitation means if you have an SSB deployed on the hardware listed above is that you will not be able to upgrade to the latest feature version (version 4 F8) and subsequent (Feature or Long Term Supported) releases. Balabit will continue to provide support for your SSB 4 F7, up until the End-of-Life (EOL) date of your hardware. In this Extended Support phase, you will continue to receive security updates and critical bug fixes. However, new features will not be made available for your platform.

If you wish to take advantage of new features and remain supported beyond the end date of the Extended Support phase, you need to upgrade your hardware. For assistance with your hardware upgrade, contact Balabit Sales. For further inquiries, contact Balabit Support.

Changes in SNMP v3 trap settings

The MD5 authentication method and the DES encryption method are no longer available as SNMP trap settings, when configuring SSB to:

  • Send alerts to a central monitoring server via SNMP v3.

  • Forward log messages to an SNMP destination using the SNMP v3 protocol.

Support for these has been removed due to concerns over the level of security provided by such methods.

For details, see Procedure 4.5.2, Configuring SNMP alerts in The syslog-ng Store Box 4 F8 Administrator Guide, and Procedure 9.4, Forwarding log messages to SNMP destinations in The syslog-ng Store Box 4 F8 Administrator Guide.

Note that when upgrading your SSB to version 4 F8, your SNMP trap MD5 (authentication method) settings will be automatically set to SHA1, while your SNMP trap DES (encryption method) settings will be automatically set to AES. For more information, see Section 2.1.2, SNMP v3 trap settings in How to upgrade to syslog-ng Store Box 4 F8.

Note that these automatic changes may require you to reset the relevant configuration options at your end, following an upgrade to SSB 4 F8.

SHA-256 replaces MD5 when creating key fingerprints

When calculating the fingerprint of private keys, the SHA-256 algorithm replaces the previously used MD5 hash function. The web user interface of SSB now displays the used hash function next to the fingerprint of a key. Look at the following example:

Changes in the prevention of disk space fill-up

The default value and the possible values you can set at Basic Settings > Management > Disk space fill up prevention > Disconnect clients when disks are have changed.

The default value has changed from 0 to 90, meaning that disk space fill-up prevention is now turned on by default.

Another change concerns the value 100. Starting from version 4 F8, you are only allowed to set values between 1-99. This means that if you had 100 specified before the upgrade, then that will change to 99 following the upgrade.

For more information, see Section 2.1.3, Changes in the prevention of disk space fill-up in How to upgrade to syslog-ng Store Box 4 F8.

Changes in SNMP high disk utilization trap

The SNMP trap that is related to maximum disk utilization has changed. For details on how the changes might affect you, see Section 2.1.4, SNMP high disk utilization trap in How to upgrade to syslog-ng Store Box 4 F8.

Other changes

The Anonymous login option has been removed from SMB/CIFS Archive and Backup policies. To continue to use anonymous login, enter anonymous as username, and leave the Password field empty. (If you had the Anonymous login option enabled, this change is automatic.)