Instructions for the SSB Live Demo

October 20, 2017


This document gives you a brief overview of the features of syslog-ng Store Box that you can test using the live demo.

Introduction

The SSB Live Demo is configured with limited functionality and grants visitors read-only access. At first, it is probably best to take a look at the life of a log message in SSB's context like how it arrives, gets handled and stored. For this, we need to inspect three basic building blocks: sources, spaces and paths.

Receiving logs

Log > Sources > click on the name of any source. Sources are the entry points through which messages are accepted. A source defines the transport (for example, TCP) as well as the protocol (for example, BSD-syslog) level settings that governs through what means and in what form logs are expected. Transport encryption and mutual authentication of sending hosts can also be enabled here.

Storing logs

Log > Spaces > click on the name of any logspace. Logs can be either stored locally on SSB or forwarded to a remote location (for example, a syslog server or SQL database configured on Log > Destination). Local destinations are called spaces in SSB's terminology and can take two forms: logstores or text files. Logstores provide on-the-fly encryption, compression, digital timestamping and signing. Indexing of selected fields or the entire message can be enabled for logstores that makes it possible to find relevant messages really quickly using the search interface. Archive/clean-up/backup/sharing/access control policies are configured at logstore basis here.

Routing logs

Log > Paths. Once logs arrive, SSB needs to know where to forward them. Log storage is orchestrated by defining path statements with which complex "log routing" decisions can be made. Each row represents a rule on this page. On the left hand-side, there are sources, on the right hand-side there are destinations. Filters can optionally be defined in between.

Browsing and searching

Search > Log. The search interface is used to browse and initiate searches in logstores or SQL destinations. Please select "local" from the drop-down list at the top. The timeline at the top shows the number of entries for each day, week, month, depending on the scale chosen while the result table toward the bottom of the page shows actual messages. Search expressions can be composed manually (the tooltip of the Search input field provides help as to what expressions are supported) or SSB can auto-fill the search field if values are clicked on in the result set. Try clicking on a hostname in the host column to see how it gets added automatically. Additional columns can be added from under "Customize columns" option while statistics can be created and saved for later reporting by using the little pie-chart icons in the header of appropriate columns.

Further information

[1]To learn more about syslog-ng Store Box you can:




[1] All questions, comments or inquiries should be directed to or by post to the following address: Balabit SA 1117 Budapest, Alíz Str. 2 Phone: +36 1 398 6700 Fax: +36 1 208 ­0875 Web: https://www.balabit.com/

Copyright © 2017 Balabit SA All rights reserved. This document is protected by copyright and is distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Balabit.

All trademarks and product names mentioned herein are the trademarks of their respective owners.