One Identity syslog-ng Store Box 5.3.0 Скачать руководство пользователя | Manualshive

Страница: 16 / 45

background image

warning notification will be displayed on the action bar. Errors are shown in red letters,
warnings are displayed in amber.

If there is more than one notification, the latest will be displayed and the number of
notifications triggered will also be indicated. Clicking the notification will open an

Errors

and warnings

panel:

Figure 6: Search > Logspaces — Errors and warnings panel

The

Errors and warnings

panel displays a list of errors/warnings with their timestamp

and details of their cause.

You can clear notifications one by one by clicking

next to the them, or clear all of them

by clicking

.

Search results:

After running a search query, the action bar displays the number of search results returned
by the query. This is useful information when you are trying to find out how often a certain
element appears in the logs.

List of log messages:

Use the arrow keys and the

Page Up

and

Page Down

keys to navigate the listed log

messages, or use the mouse wheel to scroll. You can disable mouse wheel scrolling in your

User menu > Preferences

. If data is too long to fit on one line, it is automatically

wrapped and only the first line is displayed.

SSB 5.3.0 User Guide

Searching log messages

16

«
...
14
15
16
17
18
...
»

Содержание syslog-ng Store Box 5.3.0

Страница 1: ...syslog ng Store Box 5 3 0 User Guide...

Страница 2: ...OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT EVEN IF ONE IDENTITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES One Identity makes no representations or warranties with respect to the accur...

Страница 3: ...lex search queries 20 Searching encrypted logspaces 27 Using persistent decryption keys 28 Using session only decryption keys 29 Creating reports from log data 31 Creating custom statistics from log d...

Страница 4: ...Technical support resources 45 SSB 5 3 0 User Guide 4...

Страница 5: ...tended for auditors consultants and security experts responsible for auditing monitoring and troubleshooting applications and server administration processes It is also useful for IT decision makers l...

Страница 6: ...log messages from a wide range of platforms including Linux Unix BSD Sun Solaris HP UX IBM AIX IBM System i as well as Microsoft Windows l Forwards messages to log analyzing engines l Classifies mess...

Страница 7: ...m health monitoring reasons A well established log management solution offers several benefits to an organization It ensures that computer security records are stored in sufficient detail and provides...

Страница 8: ...and Accountability Act HIPAA or the Payment Card Industry Data Security Standard PCI DSS These regulations often have explicit or implicit requirements about log management such as the central collec...

Страница 9: ...en if you try loading it through an HTTP connection This is thanks to the HTTP Strict Transport Security HSTS policy which enables web servers to enforce web browsers to restrict communication with th...

Страница 10: ...load external certificates to SSB see Uploading external certificates to SSB in the Administration Guide Supported browsers Mozilla Firefox 52 ESR We also test SSB on the following unsupported browser...

Страница 11: ...earch operators you can use l Searching encrypted logspaces on page 27 describes how to decrypt and browse encrypted logspaces Using the search interface SSB has a search interface for browsing the co...

Страница 12: ...e case insensitive with the exception of operators like AND OR etc which must always be capitalized Click the icon or see Using complex search queries for more details When searching log messages the...

Страница 13: ...5 024 01 00 hostname l Using wildcards might lead to the omission of certain messages from the search results Using the same example as above searching for the value nvpair 2011 12 08T12 32 25 024 01...

Страница 14: ...ning messages l The number of search results returned by a search query Figure 3 Search Logspaces Action bar Link to a search query On clicking the Bookmark links panel is displayed Figure 4 Search Lo...

Страница 15: ...nload CSV export to export large amounts of data as exporting data can be very slow especially if the system is under heavy load If you regularly need a large portion of your data in plain text format...

Страница 16: ...can clear notifications one by one by clicking next to the them or clear all of them by clicking Search results After running a search query the action bar displays the number of search results retur...

Страница 17: ...evious or the next log message with the mouse wheel If the displayed log message consists of several pages of data you can configure the mouse wheel to be able to use it for scrolling the message vert...

Страница 18: ...isplayed columns All other available parameters are listed under Available static columns and Available dynamic columns Dynamic columns are created from structured data parameters name value pairs in...

Страница 19: ...lumn including the log messages enable Show full content of columns Metadata collected about log messages The following information is available about the log messages l Processed Timestamp The date w...

Страница 20: ...istration Guide NOTE It is not possible to search for the whitespace character in the MESSAGE part of the log message since it is a hard coded delimiter character The following sections provide exampl...

Страница 21: ...can also be constructed with parentheses Example Combining keywords in search Search expression keyword1 AND keyword2 Matches returns log messages that contain both keywords Search expres sion keywor...

Страница 22: ...in search The question mark wildcard means exactly one arbitrary character Note that it does not work when trying to find non UTF 8 or multibyte characters If you want to search for these characters t...

Страница 23: ...Wildcard characters also work in any message part for example program postfix Search expression example Matches example examples example com Does not match query by example example Search expression...

Страница 24: ...with a backslash Any character after a backslash is handled as a character to be searched for NOTE Delimiter characters are an exception to the rule It is not possible to search for delimiter characte...

Страница 25: ...ng application Searching the name value pairs of the message You can search the structured data part of log messages using the nvpair prefix Use the delimiter to separate the name and the value of st...

Страница 26: ...ic name add the character after the name Search expression nvpair event_type Matches All log messages where an event_type name exists Example Searching for parameter values To search for a specific va...

Страница 27: ...esults Using the same example as above searching for the value nvpair 2011 12 08T12 32 25 024 01 00 hostname 12345 does not return any results as the 12345 part was not indexed Instead you have to sea...

Страница 28: ...e stored on SSB but they are only made available for this user account and can also be protected encrypted with a passphrase To use persistent decryption keys 1 Select User menu Private keystore A pop...

Страница 29: ...Click Apply Using session only decryption keys You can upload decryption keys to browse encrypted logspaces for the duration of the session only These keys are automatically deleted when you log out...

Страница 30: ...r upload the certificate used to encrypt the logstore 4 Select Key A pop up window is displayed 5 Paste or upload the private key of the certificate used to encrypt the logstore 6 Repeat Steps 2 5 to...

Страница 31: ...eating custom statistics from log data SSB can create statistics from the Facility Priority Program Pid Host Tags and classifier class columns Use Customize columns to add the required column if neces...

Страница 32: ...mber logspaces In this case SSB displays the Number of member statistics has too many entries error message Figure 13 Search Logspaces Displaying log statistics as Bar chart In Pie chart List view per...

Страница 33: ...played in the Count part of the Host pie chart To avoid this do not navigate to the future If this has already happened save the search expression that you have used somewhere and then refresh the pag...

Страница 34: ...al tools for details see Accessing log files across the network in the Administration Guide Creating reports from custom statistics You can save log statistics to include them in reports as a subchapt...

Страница 35: ...the member logspaces In this case SSB displays the Number of member statistics has too many entries error message 6 Select the user group that can access the subchapter in the Grant access for the fol...

Страница 36: ...The reports created from custom statistics are listed at the end 5 Use the arrows to change the order of the subchapters if needed 6 To specify how often SSB should create the report select the relev...

Страница 37: ...ect Recipient Custom address and enter the email address where the reports should be sent Click to list multiple email addresses if needed 9 Click Browsing reports The generated reports are available...

Страница 38: ...te a report for the current day select Generate reports for today The report will contain data for the 00 00 current time interval If artificial ignorance for details see Classifying messages with pat...

Страница 39: ...ss to the Search Logs object on the AAA Access Control page l Or the user group has been added under the Access control option of the relevant logspace on the Log Logspaces page There are two ways to...

Страница 40: ...record an alert target Figure 18 Policies Alert targets Alert targets page c Enter a name for your alert target NOTE Alert target names must be unique d In the Target email address field enter the em...

Страница 41: ...onfiguring an email address from where you wish to receive emails can be useful for filtering purposes If you do not specify such an email address a default one will be used For detailed instructions...

Страница 42: ...a prefix before alert names can help avoid specifying a name that is already in use 8 Select a target from Targets You can select multiple targets if you wish to distribute the alert to multiple email...

Страница 43: ...ick The new tab that opens allows you to specify a content based alert Figure 21 Search Content Based Alerts Setting up content based alerts on the Search 5 Enter a name for your alert NOTE Alert name...

Страница 44: ...on logspace mylogspace alert myalert search expression mysearchexpression To review these matches on your SSB appliance see https IP_address_of_SSB port_number index php _backend SearchLogspace logsp...

Страница 45: ...One Identity customers with a valid maintenance contract and customers who have trial versions You can access the Support Portal at https support oneidentity com The Support Portal provides self help...

Отзывы:

Нет отзывов

Похожие инструкции для syslog-ng Store Box 5.3.0

Premier 23231GK

Бренд: ABSCO SHEDS Страницы: 25

Бренд: ABSCO SHEDS Страницы: 23

Бренд: ABSCO SHEDS Страницы: 37

Бренд: ABSCO SHEDS Страницы: 40

Бренд: ABSCO SHEDS Страницы: 18

Бренд: ABSCO SHEDS Страницы: 22

System Storage DS4000

Бренд: IBM Страницы: 184

WDBAAE3200ASL - My Passport Studio

Бренд: Western Digital Страницы: 2

Бренд: U-Line Страницы: 3

Бренд: Dancover Страницы: 12

STORAGE CAB4000 -

Бренд: Tandberg Data Страницы: 13

Бренд: INTILION Страницы: 121

Бренд: Silverline Страницы: 2

Бренд: SanDisk Страницы: 2

ST9160411AS - Momentus 7200.3 160 GB Hard Drive

Бренд: Seagate Страницы: 2

Бренд: QNAP Страницы: 61

Бренд: Edsal Страницы: 2

Бренд: GMI Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды