Collect and index
The syslog-ng Store Box’s indexing engine is optimized for performance. Depending on its exact configuration, one syslog-ng Store Box can collect and index up to 100,000 messages per second for sustained periods.
When deployed in a client-relay configuration, a single SSB can collect logs from tens of thousands of log sources
Every installation of SSB comes with the possibility of using syslog-ng Premium Edition as log collection agents or relay servers at no additional cost.
Installers are available for 50+ platforms, including the most popular Linux distributions, commercial flavors of UNIX and Windows.
The syslog-ng Store Box is optimized for performance, and can handle enormous amounts of messages.
Depending on its configuration, it can index over 100,000 messages per second for sustained periods and process over 70 GB of raw logs per hour.
SSB can sort the incoming logs based on their content and various parameters. Directories, files and database tables can be created dynamically using macros.
Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important messages to the selected destinations.
Search and report
With full-text search, you can search through billions of logs in seconds via the web-based user interface. Wildcards and boolean operators allow you to perform complex searches and drill down on the results.
Users can easily create customized reports from the charts and statistics they create on the search interface to demonstrate compliance with standards and regulations such as PCI-DSS, ISO 27001, SOX and HIPAA.
SSB has an intuitive web-based user interface for configuring, searching, drilling down and generating reports. It's easy to get an overview and quickly identify problems.
This user interface is exclusive to SSB and is not available separately for syslog-ng Premium Edition, which remains a purely command line interface solution.
SSB offers an automatic search functionality for quicker detection of anomalies: it is able to perform continuous search on the incoming log data and send alerts when predefined critical events are detected.
The alerts are actionable, so the detailed investigation of the corresponding logs can immediately and easily be started.
SSB collects and indexes logs in virtual containers called logspaces that enable organizations to segment their log data based on any number of criteria and restrict access to logs based on user profiles.
With the federated search feature, you can search in multiple logspaces whether on the same SSB appliance or located on a different appliance even at a remote location.
Store and forward
You can store large amounts of log data, create automated retention policies, and backup data to remote servers.
The largest appliance can store up to 10 terabytes of uncompressed data.
You can also forward logs to 3rd party analysis tools or fetch data from syslog-ng Store Box via its REST API.
SSB provides automated data archiving to remote servers. The data on the remote server remains accessible and searchable.
SSB uses the remote server as a network drive via the Network File System (NFS) or the Server Message Block (SMB/CIFS) protocol.
SSB can forward logs to 3rd party analysis tools or fetch data from SSB via its REST API.
You can access the API using a RESTful protocol over HTTPS, meaning that you can use any programming language that has access to a RESTful HTTPS client to integrate SSB into your environment, including popular languages such as Java and Python.
Secure log data
Log data frequently contains sensitive information. SSB can store log data in encrypted, compressed, and time-stamped binary files restricting access to authorized personnel only.
Authentication, Authorization and Accounting settings can restrict access to the SSB configuration and stored logs based on usergroup privileges and can be integrated with LDAP and Radius databases.
Authentication, authorization and accounting settings provide granular access control restricting access to the SSB configuration and stored logs based on usergroup privileges.
SSB can be integrated with LDAP and Radius databases.
SSB’s logstore stores log data in encrypted, compressed, and timestamped binary files, restricting access to authorized personnel only.
The largest SSB appliance can store up to 10 terabytes of uncompressed data.
syslog-ng Premium Edition ensures that messages cannot be accessed by third parties by using the Transport Layer Security (TLS) protocol to encrypt the communication between the agents and syslog-ng Store Box.
It is possible to use one-way or mutual authentication between clients and the server using X.509 certificates.