Supported browsers:
Mozilla Firefox 52 ESR
We also test SSB on the following, unsupported browsers. The features of SSB are
available and usable on these browsers as well, but the look and feel might be different
from the supported browsers. Internet Explorer 11, Microsoft Edge, and the currently
available version of Mozilla Firefox and Google Chrome.
What SSB is not
SSB is not a log analyzing engine, though it can classify individual log messages using
artificial ignorance. SSB comes with a built-in feature to store log message patterns that
are considered "normal". Messages matching these patterns are produced during the
legitimate use of the applications (for example sendmail, Postfix, MySQL, and so on), and
are unimportant from the log monitoring perspective, while the remaining messages may
contain something “interesting”. The administrators can define log patterns on the SSB
interface, label matching messages (for example, security event, and so on), and request
alerts if a specific pattern is encountered. For thorough log analysis, SSB can also forward
the incoming log messages to external log analyzing engines.
Why is SSB needed
Log messages contain information about the events happening on the hosts. Monitoring
system events is essential for security and system health monitoring reasons. A well-
established log management solution offers several benefits to an organization. It ensures
that computer security records are stored in sufficient detail, and provides a simple way to
monitor and review these logs. Routine log reviews and continuous log analysis help to
identify security incidents, policy violations, or other operational problems.
Logs also often form the basis of auditing and forensic analysis, product troubleshooting
and support. There are also several laws, regulations and industrial standards that
explicitly require the central collection, periodic review, and long-time archiving of log
messages. Examples of such regulations are the Sarbanes-Oxley Act (SOX), the Basel II
accord, the Health Insurance Portability and Accountability Act (HIPAA), or the Payment
Card Industry Data Security Standard (PCI-DSS).
Built around the popular syslog-ng application used by thousands of organizations
worldwide, the syslog-ng Store Box (SSB) brings you a powerful, easy-to-configure
appliance to collect and store your logs. Using the features of the latest syslog-ng Premium
Edition to their full power, SSB allows you to collect, process, and store log messages from
a wide range of platforms and devices.
All data can be stored in encrypted and optionally timestamped files, preventing any
modification or manipulation, satisfying the highest security standards and policy
compliance requirements.
SSB 5.3.0 User Guide
Introduction
7
