2
Introduction
This chapter introduces the syslog-ng Store Box (SSB), discussing how and why it is useful,
and what benefits it offers to an existing IT infrastructure.
What SSB is
SSB is a device that collects, processes, stores, monitors, and manages log messages. It is
a central log server appliance that can receive system (syslog and eventlog) log messages
and Simple Network Management Protocol (SNMP) messages from your network devices
and computers, store them in a trusted and signed logstore, automatically archive and
back up the messages, and also classify the messages using artificial ignorance.
The most notable features of SSB are as follows:
l
Secure log collection using Transport Layer Security (TLS).
l
Trusted, encrypted, and timestamped storage.
l
Ability to collect log messages from a wide range of platforms, including Linux, Unix,
BSD, Sun Solaris, HP-UX, IBM AIX, IBM System i, as well as Microsoft Windows.
l
Forwards messages to log analyzing engines.
l
Classifies messages using customizable pattern databases for real-time log
monitoring, alerting, and artificial ignorance.
l
High Availability (HA) support to ensure continuous log collection in business-critical
environments.
l
Real-time log monitoring and alerting.
l
Retrieves group memberships of the administrators and users from a Lightweight
Directory Access Protocol (LDAP) database.
l
Strict, yet easily customizable access control to grant users access only to selected
log messages.
l
Ability to search log data in multiple logspaces, whether on the same SSB applicance
or located on a different appliance, even in a remote location.
SSB is configured and managed from any modern web browser that supports HTTPS
connections, JavaScript, and cookies.
SSB 5.3.0 User Guide
Introduction
6
