{"id":704,"date":"2022-03-21T16:53:30","date_gmt":"2022-03-21T09:53:30","guid":{"rendered":"https:\/\/dt-corp.com.vn\/?page_id=704"},"modified":"2022-04-09T10:34:23","modified_gmt":"2022-04-09T03:34:23","slug":"syslog-store-box","status":"publish","type":"page","link":"https:\/\/dt-corp.com.vn\/?page_id=704","title":{"rendered":"Syslog Store Box"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

What is syslog ?<\/h1>

In\u00a0computing,\u00a0syslog\u00a0is a widely used standard for\u00a0message logging. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyses them.<\/p>

Computer system designers may use syslog for system management and security auditing as well as general informational, analysis, and debugging messages. A wide variety of devices, such as printers and routers, and message receivers across many platforms use the syslog standard. This permits the consolidation of logging data from different types of systems in a central repository. Implementations of syslog exist for many operating systems.<\/p>

Each message is labelled with a facility code, and assigned a severity label. The facility code indicates the software type of the application that generated the message.<\/p>

The destination of messages may be directed to various destinations, tuned by facility and severity, including\u00a0console, files, remote syslog servers, or relays.<\/p>

Most implementations provide a command line utility, often called\u00a0logger<\/em>, as well as a link library, to send messages to the log.<\/p>

Some implementations include reporting programs for filtering and displaying of syslog messages.<\/p>

\u00a0<\/p>

The complexity of modern application and systems is ever increasing and to understand the behaviour of complex systems, administrators\/developers\/Ops etc. often need to collect and monitor all relevant information produced by their applications. Such information often needs to be analysed and correlated to determine how their systems are behaving. Consequently, administrators can apply data analytic techniques to either diagnose root causes once problems occur or gain an insight into current system behaviour based on statistical analysis.<\/p>

<\/u>What is SSB (syslog store box)?<\/u><\/strong><\/p>

The syslog-ng Store Box\u2122 (SSB) is a high-performance, high-reliability log management appliance that builds on the strengths of syslog-ng Premium Edition. With SSB, you can search logs, secure sensitive information with granular access policies, generate reports to demonstrate compliance, and forward log data to 3rd party analysis tools.<\/p>

Collect and index log data at unparalleled speeds<\/u><\/strong><\/p>

SSB uses the syslog-ng Premium Edition as log collection agents which provide highly scalable and reliable log collection. Installers are available for 50+ platforms, including the most popular Linux distributions, commercial versions of UNIX and Windows The syslog-ng Store Box\u2019s indexing engine is optimized for performance. Depending on its exact configuration, one syslog-ng Store Box can collect and index up to 100,000 messages per second for sustained periods. A single SSB can collect log messages from more than 5,000 log sources. When deployed in a client-relay configuration, a single SSB can collect logs from tens of thousands of log sources<\/p>

Search, troubleshoot, and report<\/u><\/strong><\/p>

With SSB\u2019s full-text search, you can search through billions of logs in seconds via the intuitive web-based user interface. Wildcards and Boolean operators allow you to perform complex searches and drill down on the results. Users can gain a quick overview and pinpoint problems. Users can easily create customized reports from the charts and statistics they create on the search interface to demonstrate compliance with standards and regulations such as PCI-DSS, ISO 27001, SOX and HIPAA.<\/p>

Store and forward<\/u><\/strong><\/p>

With SSB you can store large amounts of log data, create automated retention policies, and backup data to remote servers. The largest SSB appliance can store up to 10 terabytes of uncompressed data. You can also forward logs to 3rd party analysis tools or fetch data from SSB via its REST API.<\/p>

Secure your log data<\/u><\/strong><\/p>

Log data frequently contains sensitive information. SSB can store log data in encrypted, compressed, and time-stamped binary files restricting access to authorized personnel only. Authentication, Authorization and Accounting settings can restrict access to the SSB configuration and stored logs based on user group privileges and can be integrated with LDAP and Radius databases<\/p>

\u00a0<\/p>

Features of SSB<\/u><\/strong><\/p>

Flexible, low-footprint log collection agent for 50+ platforms<\/u><\/strong><\/p>

Every installation of SSB comes with the possibility of using syslog-ng Premium Edition as log collection agents or relay servers at no additional cost. Installers are available for 50+ platforms, including the most popular Linux distributions, commercial flavors of UNIX and Windows.<\/p>

Highly scalable indexing engine<\/u><\/strong><\/p>

The syslog-ng Store Box is optimized for performance, and can handle enormous amounts of messages. Depending on its exact configuration, it can index over 100,000 messages per second for sustained periods and process over 70 GB of raw logs per hour. Larger versions of the appliance are capable of storing up to 10 terabytes of data.<\/p>

Real-Time Log Data Transformation<\/u><\/strong><\/p>

Filter, Parse, Re-Write<\/p>

  • The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.<\/li><\/ul>

    Normalize data with PatternDB<\/u><\/strong><\/p>

    The syslog-ng application can compare the contents of the log messages to a database of predefined message patterns.<\/p>

    Real-time log message classification<\/u><\/strong><\/p>

    By comparing log messages to known patterns, syslog-ng is able to identify the exact type of the messages, and sort them into message classes. The message classes can be used to classify the type of the event described in the log message. The message classes can be customized, and, for example, can label the messages as user login, application crash, file transfer, etc.<\/p>

    Extracting important information from messages<\/u><\/strong><\/p>

    In addition to classifying messages, you can also add different tags which can be used later for filtering messages, for example, to collect messages tagged as user_login to a separate file or to perform conditional post processing on the tagged messages.<\/p>

    Real-time event correlation<\/u><\/strong><\/p>

    syslog-ng also makes real time event correlation possible. This can be useful in many different situations. For example, important data for a single event is often scattered into multiple syslog messages. Also, login and logout events are often logged far away from each other, even in different log files, making log analysis difficult. Using correlation these can be collected into a single new message.<\/p>

    \u00a0<\/p>

    Flexible, fast search capability<\/u><\/strong><\/p>

    Using the web-based user interface, users can search for logs by a variety of message parameters and text searches. Wildcards and Boolean operators allow users to perform complex searches and drill down on the results. Users can get an overview and quickly identify problems.<\/p>

    Multi-logspace search<\/u><\/strong><\/p>

    SSB collects and indexes logs in virtual containers called logspaces that enable organizations to segment their log data based on any number of criteria and restrict access to logs based on user profiles. With the multi-logspace search feature, you can search log data in multiple logspaces whether on the same SSB appliance or located on a different appliance even in a remote location. The ability to search across multiple appliances offers organizations the option to scale out their log management by adding additional appliances in a costs effective way.<\/p>

    Customized reporting<\/u><\/strong><\/p>

    Users can easily create customized reports from the charts they create on the search interface.<\/p>

    REST API<\/u><\/strong><\/p>

    You can also forward logs to 3rd party analysis tools or fetch data from SSB via its REST API. You can access the API using a RESTful protocol over HTTPS, meaning that you can use any programming language that has access to a RESTful HTTPS client to integrate SSB into your environment, including popular languages such as Java and Python.<\/p>

    Secure Transfer using TLS<\/u><\/strong><\/p>

    syslog-ng Premium Edition ensures that messages cannot be accessed by third parties by using the Transport Layer Security (TLS) protocol to encrypt the communication between the agents and syslog-ng Store Box. It is possible to use one-way or mutual authentication between clients and the server using X.509 certificates.<\/p>

    Secure, Encrypted Log Storage<\/u><\/strong><\/p>

    Any sensitive log data can be stored in in encrypted, compressed, and time-stamped binary files restricting access to authorized personnel only.<\/p>

    Granular access control<\/u><\/strong><\/p>

    Authentication, Authorization and Accounting settings can restrict access to the SSB configuration and stored logs based on usergroup privileges and can be integrated with LDAP and Radius databases.<\/p>

    Automated backup of stored data<\/u><\/strong><\/p>

    Stored log messages and the configuration of SSB can be periodically transferred to a remote server using the following protocols:<\/p>

    • Network File System protocol (NFS);<\/li>
    • Rsync over SSH;<\/li>
    • Server Message Block protocol (SMB\/CIFS)<\/li><\/ul>

      High Performance Hardware<\/u><\/strong><\/p>

      • High Availability<\/li><\/ul>

        Hardware-based versions of syslog-ng Store Box\u00a0can be set up to operate in a hot-spare HA cluster configuration.<\/p>

        Message Rate Alerting<\/u><\/strong><\/p>

        SSB can be configured to send alerts based on the number of messages being received from sources. Minimum and maximum log message thresholds for specified time periods can be set to monitor the log management infrastructure for any performance issues.<\/p>

        \u00a0<\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

        What is syslog ? In\u00a0computing,\u00a0syslog\u00a0is a widely used standard for\u00a0message logging. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyses them.","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-704","page","type-page","status-publish","hentry"],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/pages\/704","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=704"}],"version-history":[{"count":7,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/pages\/704\/revisions"}],"predecessor-version":[{"id":907,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/pages\/704\/revisions\/907"}],"wp:attachment":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}