Log Management syslog-ng Foundation Training
Description
Attend this four-day syslog-ng Log Management Foundation training course to build the knowledge and skills needed to successfully install, configure, operate and troubleshoot One Identity syslog-ng Premium Edition (PE) and One Identity syslog-ng Store Box (SSB). Plus, as part of the course, you can safely hone your syslog-ng Log Management skills in simulated environments to your increase your hands-on experience before you taking on a live implementation.
Intended audience
- Architects and consultants who will plan, install and configure syslog-ng Log Management
- Partners seeking to deploy syslog-ng Log Management
Prerequisites
Proper knowledge of log management and experience with other log management products is helpful to follow the lab lecture-based course.
Objectives
This course covers:
- Overview of the feature-set of syslog-ng Premium Edition
- Introduction to syslog protocols (RFC3164, RFC5424 and Eventlog)
- Installation and basic settings of syslog-ng PE
- Using Macros and Templates to reformat syslog messages
- Setup filters
- Managing syslog-ng daemon from the command line
- Transferring messages via the network and securing them
- Collecting messages from windows machines
- Storing messages in logstores and encrypt them.
- Parsing messages by message parser modules and reformat them by rewrite modules
- Storing messages in SQL databases
- Classifying messages with the radix tree algorithm based patterndb
- Advanced setting and syslog-ng internals
- Troubleshooting syslog-ng PE
- Overview and introduction to syslog-ng Store Box (SSB)
- Configuring and initializing by the Welcome Wizard
- Simple settings of SSB
- Access control on the box
- Backup, Cleanup and archive logspaces
- Filtering and Rewriting messages
- MRA: message rate alerting and Reports
- Forwarding message to external devices
- How HA works and when to use them
- Troubleshooting SSB and how to use the support system
Topics
Introduction syslog-ng PE
- Features
- History of syslog-ng PE
- Protocol Overview
Simple Settings
- Install syslog-ng PE
- Configuration and Licensing
- Sources and source drivers
- Destinations and destination drivers
- The logpath
- Global options
Macros and Templates
- What is message parsing
- What are macros
- What are templates and how to use them
Filters
- Define filters
- Filter modules
- Usage in the logpath
- Flags of the logpath
Command Line Tools
- Command line tools to manage syslog-ng
Networking
- Transfer messages via the network
- Securing the transport
- Increase reliability
Windows Messaging
- Using syslog-ng Agent for windows for message forwarding
- Collecting event logs by Windows WEC
Logstore
- Configuring and displaying logstore files
- Encrypt and decrypt logstores
Message Parsing
- Separate message parts by parser modules
Database support
- Sending messages to SQL databases
Message Content Manipulation
- Rewriting messages and message parts
Message Classification
- Separate and classify messages by patterndb
Advanced Settings
- Syslog-ng Internals
- Message flow and limits
- Disk buffering
- Monitoring syslog-ng
- Configuration tips and tricks
Troubleshooting syslog-ng PE
- Troubleshooting syslog-ng settings
- Troubleshooting syslog-ng Agent for Windows
Introduction and Overview of SSB
- What is SSB
- Basic functions and benefits of the device
Configuration and Welcome Wizard
- Initialize your SSB
- Getting familiar with the interface
Simple Settings
- Basics of SSB
- Sources
- Logspaces
- The search interface
- Sharing logspaces
Access Control
- Layers and methods of access control
Backup, Cleanup and Archive
- Methods of backup and archive
- Setup backup
- Perform a full backup and restore
Filter and Rewrite messages and Parsers
- Setup message filters and parsers
- Configure pattern database
Alerting Monitoring and Reports
- Configure alerting methods
- Configure trap cases
- Configure reports
Forwarding Messages
- Sending messages to syslog servers, SQL servers and HDFS
High Availability
- Introduce the HA concept
- Setup HA clusters
Troubleshooting SSB
- Troubleshooting SBB devices