One Identity syslog-ng Store Box 5.3.0 страница 20 Скачать руководство пользователя

Страница: 20 / 45

Message

: The text of the log message.

Tag

: Tags assigned to the message matching certain pattern database rules.

: Unique ID of the message.

classifier.rule_id

: ID of the pattern database rule that matched the message.

classifier.class

: Description of the pattern database rule that matched the message.

Dynamic columns, created from additional name-value pairs, might also be
available.

Using complex search queries

You can use wildcards and boolean expressions, and search specific parts of the log
messages collected on SSB.

NOTE:

When searching log messages, the capabilities of the search engine depend on the
delimiters used to index the particular logspace. By default, the indexer uses the
following delimiter characters to separate the message into words (tokens):

& : ~ ?

! [ ] = , ; ( ) ' "

. For details on how to configure the delimiters used for indexing,

see

"Creating logstores" in the Administration Guide

NOTE:

It is not possible to search for the whitespace (

) character in the MESSAGE part of

the log message, since it is a hard-coded delimiter character.

The following sections provide examples for different search queries:

For examples of exact matches, see

Searching for exact matches and using complex

queries

on page

For examples of using boolean operators to combine search keywords, see

Combining search keywords

on page

For examples of wildcard searches, see

Using wildcard searches

on page

For examples of searching for special characters, see

Searching for special

characters

on page

For examples of searching in a specific part of the message, see

Searching in a

specific part of the message

on page

For examples of searching name-value pairs, see

Searching the name-value pairs of

the message

on page

Searching for exact matches and using complex queries

By default, SSB searches for keywords as whole words in the

MESSAGE

part of the log

message and returns only exact matches.

SSB 5.3.0 User Guide

Searching log messages

Содержание syslog-ng Store Box 5.3.0

Страница 1: ...syslog ng Store Box 5 3 0 User Guide...

Страница 2: ...OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT EVEN IF ONE IDENTITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES One Identity makes no representations or warranties with respect to the accur...

Страница 3: ...lex search queries 20 Searching encrypted logspaces 27 Using persistent decryption keys 28 Using session only decryption keys 29 Creating reports from log data 31 Creating custom statistics from log d...

Страница 4: ...Technical support resources 45 SSB 5 3 0 User Guide 4...

Страница 5: ...tended for auditors consultants and security experts responsible for auditing monitoring and troubleshooting applications and server administration processes It is also useful for IT decision makers l...

Страница 6: ...log messages from a wide range of platforms including Linux Unix BSD Sun Solaris HP UX IBM AIX IBM System i as well as Microsoft Windows l Forwards messages to log analyzing engines l Classifies mess...

Страница 7: ...m health monitoring reasons A well established log management solution offers several benefits to an organization It ensures that computer security records are stored in sufficient detail and provides...

Страница 8: ...and Accountability Act HIPAA or the Payment Card Industry Data Security Standard PCI DSS These regulations often have explicit or implicit requirements about log management such as the central collec...

Страница 9: ...en if you try loading it through an HTTP connection This is thanks to the HTTP Strict Transport Security HSTS policy which enables web servers to enforce web browsers to restrict communication with th...

Страница 10: ...load external certificates to SSB see Uploading external certificates to SSB in the Administration Guide Supported browsers Mozilla Firefox 52 ESR We also test SSB on the following unsupported browser...

Страница 11: ...earch operators you can use l Searching encrypted logspaces on page 27 describes how to decrypt and browse encrypted logspaces Using the search interface SSB has a search interface for browsing the co...

Страница 12: ...e case insensitive with the exception of operators like AND OR etc which must always be capitalized Click the icon or see Using complex search queries for more details When searching log messages the...

Страница 13: ...5 024 01 00 hostname l Using wildcards might lead to the omission of certain messages from the search results Using the same example as above searching for the value nvpair 2011 12 08T12 32 25 024 01...

Страница 14: ...ning messages l The number of search results returned by a search query Figure 3 Search Logspaces Action bar Link to a search query On clicking the Bookmark links panel is displayed Figure 4 Search Lo...

Страница 15: ...nload CSV export to export large amounts of data as exporting data can be very slow especially if the system is under heavy load If you regularly need a large portion of your data in plain text format...

Страница 16: ...can clear notifications one by one by clicking next to the them or clear all of them by clicking Search results After running a search query the action bar displays the number of search results retur...

Страница 17: ...evious or the next log message with the mouse wheel If the displayed log message consists of several pages of data you can configure the mouse wheel to be able to use it for scrolling the message vert...

Страница 18: ...isplayed columns All other available parameters are listed under Available static columns and Available dynamic columns Dynamic columns are created from structured data parameters name value pairs in...

Страница 19: ...lumn including the log messages enable Show full content of columns Metadata collected about log messages The following information is available about the log messages l Processed Timestamp The date w...

Страница 20: ...istration Guide NOTE It is not possible to search for the whitespace character in the MESSAGE part of the log message since it is a hard coded delimiter character The following sections provide exampl...

Страница 21: ...can also be constructed with parentheses Example Combining keywords in search Search expression keyword1 AND keyword2 Matches returns log messages that contain both keywords Search expres sion keywor...

Страница 22: ...in search The question mark wildcard means exactly one arbitrary character Note that it does not work when trying to find non UTF 8 or multibyte characters If you want to search for these characters t...

Страница 23: ...Wildcard characters also work in any message part for example program postfix Search expression example Matches example examples example com Does not match query by example example Search expression...

Страница 24: ...with a backslash Any character after a backslash is handled as a character to be searched for NOTE Delimiter characters are an exception to the rule It is not possible to search for delimiter characte...

Страница 25: ...ng application Searching the name value pairs of the message You can search the structured data part of log messages using the nvpair prefix Use the delimiter to separate the name and the value of st...

Страница 26: ...ic name add the character after the name Search expression nvpair event_type Matches All log messages where an event_type name exists Example Searching for parameter values To search for a specific va...

Страница 27: ...esults Using the same example as above searching for the value nvpair 2011 12 08T12 32 25 024 01 00 hostname 12345 does not return any results as the 12345 part was not indexed Instead you have to sea...

Страница 28: ...e stored on SSB but they are only made available for this user account and can also be protected encrypted with a passphrase To use persistent decryption keys 1 Select User menu Private keystore A pop...

Страница 29: ...Click Apply Using session only decryption keys You can upload decryption keys to browse encrypted logspaces for the duration of the session only These keys are automatically deleted when you log out...

Страница 30: ...r upload the certificate used to encrypt the logstore 4 Select Key A pop up window is displayed 5 Paste or upload the private key of the certificate used to encrypt the logstore 6 Repeat Steps 2 5 to...

Страница 31: ...eating custom statistics from log data SSB can create statistics from the Facility Priority Program Pid Host Tags and classifier class columns Use Customize columns to add the required column if neces...

Страница 32: ...mber logspaces In this case SSB displays the Number of member statistics has too many entries error message Figure 13 Search Logspaces Displaying log statistics as Bar chart In Pie chart List view per...

Страница 33: ...played in the Count part of the Host pie chart To avoid this do not navigate to the future If this has already happened save the search expression that you have used somewhere and then refresh the pag...

Страница 34: ...al tools for details see Accessing log files across the network in the Administration Guide Creating reports from custom statistics You can save log statistics to include them in reports as a subchapt...

Страница 35: ...the member logspaces In this case SSB displays the Number of member statistics has too many entries error message 6 Select the user group that can access the subchapter in the Grant access for the fol...

Страница 36: ...The reports created from custom statistics are listed at the end 5 Use the arrows to change the order of the subchapters if needed 6 To specify how often SSB should create the report select the relev...

Страница 37: ...ect Recipient Custom address and enter the email address where the reports should be sent Click to list multiple email addresses if needed 9 Click Browsing reports The generated reports are available...

Страница 38: ...te a report for the current day select Generate reports for today The report will contain data for the 00 00 current time interval If artificial ignorance for details see Classifying messages with pat...

Страница 39: ...ss to the Search Logs object on the AAA Access Control page l Or the user group has been added under the Access control option of the relevant logspace on the Log Logspaces page There are two ways to...

Страница 40: ...record an alert target Figure 18 Policies Alert targets Alert targets page c Enter a name for your alert target NOTE Alert target names must be unique d In the Target email address field enter the em...

Страница 41: ...onfiguring an email address from where you wish to receive emails can be useful for filtering purposes If you do not specify such an email address a default one will be used For detailed instructions...

Страница 42: ...a prefix before alert names can help avoid specifying a name that is already in use 8 Select a target from Targets You can select multiple targets if you wish to distribute the alert to multiple email...

Страница 43: ...ick The new tab that opens allows you to specify a content based alert Figure 21 Search Content Based Alerts Setting up content based alerts on the Search 5 Enter a name for your alert NOTE Alert name...

Страница 44: ...on logspace mylogspace alert myalert search expression mysearchexpression To review these matches on your SSB appliance see https IP_address_of_SSB port_number index php _backend SearchLogspace logsp...

Страница 45: ...One Identity customers with a valid maintenance contract and customers who have trial versions You can access the Support Portal at https support oneidentity com The Support Portal provides self help...

Результаты поиска

Содержание syslog-ng Store Box 5.3.0

Отзывы:

Похожие инструкции для syslog-ng Store Box 5.3.0

Бренды по названию

Популярные бренды

One Identity syslog-ng Store Box 5.3.0, Руководство пользователя

Результаты поиска

Содержание syslog-ng Store Box 5.3.0

Отзывы:

Похожие инструкции для syslog-ng Store Box 5.3.0

Бренды по названию

Популярные бренды