One Identity syslog-ng Store Box 5.3.0 Скачать руководство пользователя | Manualshive

Страница: 15 / 45

background image

that you set when executing the search query and fetching the link from the

Bookmark

links

panel remain fixed.

The

Last

menu, on the other hand, allows you to specify an interval of time, for example,

the last 15 minutes or the last hour, and fetch search results generated within that period.
The search results that you access using this link may differ on two different occasions as
the start point of the specified interval is always the moment you open the bookmarked
link from your browser.

CSV export:

On clicking

, the

CSV export

panel is displayed:

Figure 5: Search > Logspaces — CSV export panel

Clicking

exports your search results into a CSV file. This saves the

table as a text file containing comma-separated values. Note that if an error occurs when
exporting the data, the exported CSV file will include a line (usually as the last line of the
file) starting with a zero and the details of the problem, for example,

0<description_of_

the_error>

.

CAUTION:

Do not use Download CSV export to export large amounts of data, as
exporting data can be very slow, especially if the system is under heavy
load. If you regularly need a large portion of your data in plain text
format, consider using the SSB RPC API (for details, see

"The SSB RPC

API" in the Administration Guide

), or sharing the log files on the network

and processing them with external tools (for details, see

"Accessing log

files across the network" in the Administration Guide

).

Alert:

The alert functionality enables you to set up content-based alerts for search expressions of
your choice. You will receive an alert when a match is found between the search expression
and the contents of a log message. Note that the alerts are generated for only those log
messages that are stored in the logspace(s) for which you set up the alert.

For detailed information on content-based alerts, see

"Creating content-based alerts" in the

Administration Guide

.

Errors and warnings:

When any user action results in an error condition (for example, if you enter an invalid
search expression, display statistics for a column that has not been indexed), an error or

SSB 5.3.0 User Guide

Searching log messages

15

«
...
13
14
15
16
17
...
»

Содержание syslog-ng Store Box 5.3.0

Страница 1: ...syslog ng Store Box 5 3 0 User Guide...

Страница 2: ...OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT EVEN IF ONE IDENTITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES One Identity makes no representations or warranties with respect to the accur...

Страница 3: ...lex search queries 20 Searching encrypted logspaces 27 Using persistent decryption keys 28 Using session only decryption keys 29 Creating reports from log data 31 Creating custom statistics from log d...

Страница 4: ...Technical support resources 45 SSB 5 3 0 User Guide 4...

Страница 5: ...tended for auditors consultants and security experts responsible for auditing monitoring and troubleshooting applications and server administration processes It is also useful for IT decision makers l...

Страница 6: ...log messages from a wide range of platforms including Linux Unix BSD Sun Solaris HP UX IBM AIX IBM System i as well as Microsoft Windows l Forwards messages to log analyzing engines l Classifies mess...

Страница 7: ...m health monitoring reasons A well established log management solution offers several benefits to an organization It ensures that computer security records are stored in sufficient detail and provides...

Страница 8: ...and Accountability Act HIPAA or the Payment Card Industry Data Security Standard PCI DSS These regulations often have explicit or implicit requirements about log management such as the central collec...

Страница 9: ...en if you try loading it through an HTTP connection This is thanks to the HTTP Strict Transport Security HSTS policy which enables web servers to enforce web browsers to restrict communication with th...

Страница 10: ...load external certificates to SSB see Uploading external certificates to SSB in the Administration Guide Supported browsers Mozilla Firefox 52 ESR We also test SSB on the following unsupported browser...

Страница 11: ...earch operators you can use l Searching encrypted logspaces on page 27 describes how to decrypt and browse encrypted logspaces Using the search interface SSB has a search interface for browsing the co...

Страница 12: ...e case insensitive with the exception of operators like AND OR etc which must always be capitalized Click the icon or see Using complex search queries for more details When searching log messages the...

Страница 13: ...5 024 01 00 hostname l Using wildcards might lead to the omission of certain messages from the search results Using the same example as above searching for the value nvpair 2011 12 08T12 32 25 024 01...

Страница 14: ...ning messages l The number of search results returned by a search query Figure 3 Search Logspaces Action bar Link to a search query On clicking the Bookmark links panel is displayed Figure 4 Search Lo...

Страница 15: ...nload CSV export to export large amounts of data as exporting data can be very slow especially if the system is under heavy load If you regularly need a large portion of your data in plain text format...

Страница 16: ...can clear notifications one by one by clicking next to the them or clear all of them by clicking Search results After running a search query the action bar displays the number of search results retur...

Страница 17: ...evious or the next log message with the mouse wheel If the displayed log message consists of several pages of data you can configure the mouse wheel to be able to use it for scrolling the message vert...

Страница 18: ...isplayed columns All other available parameters are listed under Available static columns and Available dynamic columns Dynamic columns are created from structured data parameters name value pairs in...

Страница 19: ...lumn including the log messages enable Show full content of columns Metadata collected about log messages The following information is available about the log messages l Processed Timestamp The date w...

Страница 20: ...istration Guide NOTE It is not possible to search for the whitespace character in the MESSAGE part of the log message since it is a hard coded delimiter character The following sections provide exampl...

Страница 21: ...can also be constructed with parentheses Example Combining keywords in search Search expression keyword1 AND keyword2 Matches returns log messages that contain both keywords Search expres sion keywor...

Страница 22: ...in search The question mark wildcard means exactly one arbitrary character Note that it does not work when trying to find non UTF 8 or multibyte characters If you want to search for these characters t...

Страница 23: ...Wildcard characters also work in any message part for example program postfix Search expression example Matches example examples example com Does not match query by example example Search expression...

Страница 24: ...with a backslash Any character after a backslash is handled as a character to be searched for NOTE Delimiter characters are an exception to the rule It is not possible to search for delimiter characte...

Страница 25: ...ng application Searching the name value pairs of the message You can search the structured data part of log messages using the nvpair prefix Use the delimiter to separate the name and the value of st...

Страница 26: ...ic name add the character after the name Search expression nvpair event_type Matches All log messages where an event_type name exists Example Searching for parameter values To search for a specific va...

Страница 27: ...esults Using the same example as above searching for the value nvpair 2011 12 08T12 32 25 024 01 00 hostname 12345 does not return any results as the 12345 part was not indexed Instead you have to sea...

Страница 28: ...e stored on SSB but they are only made available for this user account and can also be protected encrypted with a passphrase To use persistent decryption keys 1 Select User menu Private keystore A pop...

Страница 29: ...Click Apply Using session only decryption keys You can upload decryption keys to browse encrypted logspaces for the duration of the session only These keys are automatically deleted when you log out...

Страница 30: ...r upload the certificate used to encrypt the logstore 4 Select Key A pop up window is displayed 5 Paste or upload the private key of the certificate used to encrypt the logstore 6 Repeat Steps 2 5 to...

Страница 31: ...eating custom statistics from log data SSB can create statistics from the Facility Priority Program Pid Host Tags and classifier class columns Use Customize columns to add the required column if neces...

Страница 32: ...mber logspaces In this case SSB displays the Number of member statistics has too many entries error message Figure 13 Search Logspaces Displaying log statistics as Bar chart In Pie chart List view per...

Страница 33: ...played in the Count part of the Host pie chart To avoid this do not navigate to the future If this has already happened save the search expression that you have used somewhere and then refresh the pag...

Страница 34: ...al tools for details see Accessing log files across the network in the Administration Guide Creating reports from custom statistics You can save log statistics to include them in reports as a subchapt...

Страница 35: ...the member logspaces In this case SSB displays the Number of member statistics has too many entries error message 6 Select the user group that can access the subchapter in the Grant access for the fol...

Страница 36: ...The reports created from custom statistics are listed at the end 5 Use the arrows to change the order of the subchapters if needed 6 To specify how often SSB should create the report select the relev...

Страница 37: ...ect Recipient Custom address and enter the email address where the reports should be sent Click to list multiple email addresses if needed 9 Click Browsing reports The generated reports are available...

Страница 38: ...te a report for the current day select Generate reports for today The report will contain data for the 00 00 current time interval If artificial ignorance for details see Classifying messages with pat...

Страница 39: ...ss to the Search Logs object on the AAA Access Control page l Or the user group has been added under the Access control option of the relevant logspace on the Log Logspaces page There are two ways to...

Страница 40: ...record an alert target Figure 18 Policies Alert targets Alert targets page c Enter a name for your alert target NOTE Alert target names must be unique d In the Target email address field enter the em...

Страница 41: ...onfiguring an email address from where you wish to receive emails can be useful for filtering purposes If you do not specify such an email address a default one will be used For detailed instructions...

Страница 42: ...a prefix before alert names can help avoid specifying a name that is already in use 8 Select a target from Targets You can select multiple targets if you wish to distribute the alert to multiple email...

Страница 43: ...ick The new tab that opens allows you to specify a content based alert Figure 21 Search Content Based Alerts Setting up content based alerts on the Search 5 Enter a name for your alert NOTE Alert name...

Страница 44: ...on logspace mylogspace alert myalert search expression mysearchexpression To review these matches on your SSB appliance see https IP_address_of_SSB port_number index php _backend SearchLogspace logsp...

Страница 45: ...One Identity customers with a valid maintenance contract and customers who have trial versions You can access the Support Portal at https support oneidentity com The Support Portal provides self help...

Отзывы:

Нет отзывов

Похожие инструкции для syslog-ng Store Box 5.3.0

Бренд: ECKELMANN Страницы: 134

Бренд: IBM Страницы: 230

Бренд: XOLTA Страницы: 40

Бренд: Euromate Страницы: 23

Cold Frame Single

Бренд: Palram Страницы: 11

Бренд: AIC Страницы: 88

SG-XPCIESAS-R-INT-Z

Бренд: Oracle Страницы: 148

Бренд: Keter Страницы: 28

DJSA-210 - Travelstar 10 GB Hard Drive

Бренд: IBM Страницы: 211

Бренд: Archive Страницы: 131

IC25N040ATCS04 - Travelstar 40 GB Hard Drive

Бренд: IBM Страницы: 217

Бренд: Seagate Страницы: 48

Бренд: Samsung Страницы: 17

Бренд: Samsung Страницы: 18

Бренд: Samsung Страницы: 1

HD080HJ - 80 GB Hard Drive

Бренд: Samsung Страницы: 1

HD080HJ - 80 GB Hard Drive

Бренд: Samsung Страницы: 2

Бренд: Samsung Страницы: 27

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды