One Identity syslog-ng Store Box 5.3.0 страница 25 Скачать руководство пользователя | Manualshive

Страница: 25 / 45

background image

Search expression

nvpair:path=C:\\Program\ Files

Matches

C:\Program Files

Searching in a specific part of the message

You can search in a specific part of the message using the

<type>:

prefix. The

message:

(or

msg:

) prefix means the message part and can be omitted. For example, use the

program:

prefix to search for the name of an application, or use the

host:

prefix to search for a host

name, and so on.

Example: Searching specific parts of messages

Search expression

program:syslog-ng

Matches

All log messages from the syslog-ng application.

Searching the name-value pairs of the message

You can search the structured data part of log messages using the

nvpair:

prefix. Use the

=

delimiter to separate the name and the value of structured data parameters, and remove
the quote marks from the values.

Example: Searching the structured data part of messages

Search
expression

nvpair:[email protected]_type=Alert

Matches

All log messages where there is a [email protected] element with the
event_type="Alert" parameter. For example:

[[email protected] EVENT_TYPE="Alert"]

Example: Using wildcard * to search the structured data

You can use the asterisk (

*

) wildcard to broaden the search to all structured

data elements.

SSB 5.3.0 User Guide

Searching log messages

25

«
...
23
24
25
26
27
...
»

Содержание syslog-ng Store Box 5.3.0

Страница 1: ...syslog ng Store Box 5 3 0 User Guide...

Страница 2: ...OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT EVEN IF ONE IDENTITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES One Identity makes no representations or warranties with respect to the accur...

Страница 3: ...lex search queries 20 Searching encrypted logspaces 27 Using persistent decryption keys 28 Using session only decryption keys 29 Creating reports from log data 31 Creating custom statistics from log d...

Страница 4: ...Technical support resources 45 SSB 5 3 0 User Guide 4...

Страница 5: ...tended for auditors consultants and security experts responsible for auditing monitoring and troubleshooting applications and server administration processes It is also useful for IT decision makers l...

Страница 6: ...log messages from a wide range of platforms including Linux Unix BSD Sun Solaris HP UX IBM AIX IBM System i as well as Microsoft Windows l Forwards messages to log analyzing engines l Classifies mess...

Страница 7: ...m health monitoring reasons A well established log management solution offers several benefits to an organization It ensures that computer security records are stored in sufficient detail and provides...

Страница 8: ...and Accountability Act HIPAA or the Payment Card Industry Data Security Standard PCI DSS These regulations often have explicit or implicit requirements about log management such as the central collec...

Страница 9: ...en if you try loading it through an HTTP connection This is thanks to the HTTP Strict Transport Security HSTS policy which enables web servers to enforce web browsers to restrict communication with th...

Страница 10: ...load external certificates to SSB see Uploading external certificates to SSB in the Administration Guide Supported browsers Mozilla Firefox 52 ESR We also test SSB on the following unsupported browser...

Страница 11: ...earch operators you can use l Searching encrypted logspaces on page 27 describes how to decrypt and browse encrypted logspaces Using the search interface SSB has a search interface for browsing the co...

Страница 12: ...e case insensitive with the exception of operators like AND OR etc which must always be capitalized Click the icon or see Using complex search queries for more details When searching log messages the...

Страница 13: ...5 024 01 00 hostname l Using wildcards might lead to the omission of certain messages from the search results Using the same example as above searching for the value nvpair 2011 12 08T12 32 25 024 01...

Страница 14: ...ning messages l The number of search results returned by a search query Figure 3 Search Logspaces Action bar Link to a search query On clicking the Bookmark links panel is displayed Figure 4 Search Lo...

Страница 15: ...nload CSV export to export large amounts of data as exporting data can be very slow especially if the system is under heavy load If you regularly need a large portion of your data in plain text format...

Страница 16: ...can clear notifications one by one by clicking next to the them or clear all of them by clicking Search results After running a search query the action bar displays the number of search results retur...

Страница 17: ...evious or the next log message with the mouse wheel If the displayed log message consists of several pages of data you can configure the mouse wheel to be able to use it for scrolling the message vert...

Страница 18: ...isplayed columns All other available parameters are listed under Available static columns and Available dynamic columns Dynamic columns are created from structured data parameters name value pairs in...

Страница 19: ...lumn including the log messages enable Show full content of columns Metadata collected about log messages The following information is available about the log messages l Processed Timestamp The date w...

Страница 20: ...istration Guide NOTE It is not possible to search for the whitespace character in the MESSAGE part of the log message since it is a hard coded delimiter character The following sections provide exampl...

Страница 21: ...can also be constructed with parentheses Example Combining keywords in search Search expression keyword1 AND keyword2 Matches returns log messages that contain both keywords Search expres sion keywor...

Страница 22: ...in search The question mark wildcard means exactly one arbitrary character Note that it does not work when trying to find non UTF 8 or multibyte characters If you want to search for these characters t...

Страница 23: ...Wildcard characters also work in any message part for example program postfix Search expression example Matches example examples example com Does not match query by example example Search expression...

Страница 24: ...with a backslash Any character after a backslash is handled as a character to be searched for NOTE Delimiter characters are an exception to the rule It is not possible to search for delimiter characte...

Страница 25: ...ng application Searching the name value pairs of the message You can search the structured data part of log messages using the nvpair prefix Use the delimiter to separate the name and the value of st...

Страница 26: ...ic name add the character after the name Search expression nvpair event_type Matches All log messages where an event_type name exists Example Searching for parameter values To search for a specific va...

Страница 27: ...esults Using the same example as above searching for the value nvpair 2011 12 08T12 32 25 024 01 00 hostname 12345 does not return any results as the 12345 part was not indexed Instead you have to sea...

Страница 28: ...e stored on SSB but they are only made available for this user account and can also be protected encrypted with a passphrase To use persistent decryption keys 1 Select User menu Private keystore A pop...

Страница 29: ...Click Apply Using session only decryption keys You can upload decryption keys to browse encrypted logspaces for the duration of the session only These keys are automatically deleted when you log out...

Страница 30: ...r upload the certificate used to encrypt the logstore 4 Select Key A pop up window is displayed 5 Paste or upload the private key of the certificate used to encrypt the logstore 6 Repeat Steps 2 5 to...

Страница 31: ...eating custom statistics from log data SSB can create statistics from the Facility Priority Program Pid Host Tags and classifier class columns Use Customize columns to add the required column if neces...

Страница 32: ...mber logspaces In this case SSB displays the Number of member statistics has too many entries error message Figure 13 Search Logspaces Displaying log statistics as Bar chart In Pie chart List view per...

Страница 33: ...played in the Count part of the Host pie chart To avoid this do not navigate to the future If this has already happened save the search expression that you have used somewhere and then refresh the pag...

Страница 34: ...al tools for details see Accessing log files across the network in the Administration Guide Creating reports from custom statistics You can save log statistics to include them in reports as a subchapt...

Страница 35: ...the member logspaces In this case SSB displays the Number of member statistics has too many entries error message 6 Select the user group that can access the subchapter in the Grant access for the fol...

Страница 36: ...The reports created from custom statistics are listed at the end 5 Use the arrows to change the order of the subchapters if needed 6 To specify how often SSB should create the report select the relev...

Страница 37: ...ect Recipient Custom address and enter the email address where the reports should be sent Click to list multiple email addresses if needed 9 Click Browsing reports The generated reports are available...

Страница 38: ...te a report for the current day select Generate reports for today The report will contain data for the 00 00 current time interval If artificial ignorance for details see Classifying messages with pat...

Страница 39: ...ss to the Search Logs object on the AAA Access Control page l Or the user group has been added under the Access control option of the relevant logspace on the Log Logspaces page There are two ways to...

Страница 40: ...record an alert target Figure 18 Policies Alert targets Alert targets page c Enter a name for your alert target NOTE Alert target names must be unique d In the Target email address field enter the em...

Страница 41: ...onfiguring an email address from where you wish to receive emails can be useful for filtering purposes If you do not specify such an email address a default one will be used For detailed instructions...

Страница 42: ...a prefix before alert names can help avoid specifying a name that is already in use 8 Select a target from Targets You can select multiple targets if you wish to distribute the alert to multiple email...

Страница 43: ...ick The new tab that opens allows you to specify a content based alert Figure 21 Search Content Based Alerts Setting up content based alerts on the Search 5 Enter a name for your alert NOTE Alert name...

Страница 44: ...on logspace mylogspace alert myalert search expression mysearchexpression To review these matches on your SSB appliance see https IP_address_of_SSB port_number index php _backend SearchLogspace logsp...

Страница 45: ...One Identity customers with a valid maintenance contract and customers who have trial versions You can access the Support Portal at https support oneidentity com The Support Portal provides self help...

Отзывы:

Нет отзывов

Похожие инструкции для syslog-ng Store Box 5.3.0

Бренд: Hallowell Страницы: 6

Mobile Ultra Memory Stick Micro

Бренд: SanDisk Страницы: 1

Tape Library Magstar 3494

Бренд: IBM Страницы: 378

Бренд: Acard Страницы: 54

Бренд: Kingston Technology Страницы: 2

Бренд: IBM Страницы: 16

VERTEX 2 SATA II 3.5

Бренд: OCZ Страницы: 3

Бренд: LaCie Страницы: 22

Бренд: SanDisk Страницы: 7

Бренд: GOO Страницы: 8

Brilliant by Design Deck Box DB7000

Бренд: Suncast Страницы: 12

Barracuda 36ES2 ST318418N

Бренд: Seagate Страницы: 2

Бренд: NEC Страницы: 4

Бренд: NEC Страницы: 8

Бренд: NEC Страницы: 12

Бренд: NEC Страницы: 48

Бренд: NEC Страницы: 53

Бренд: NEC Страницы: 106

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды