syslog-ng Store Box

syslog-ng Store Box (SSB) is a log management appliance built on syslog-ng Premium Edition. The appliance collects and indexes log messages from multiple sources, with capacity to process up to 100,000 messages per second and over 70 GB of raw logs per hour. The product provides full-text search capabilities through a web-based interface, allowing users to search through billions of logs using wildcards and boolean operators. Log data is organized into virtual containers called logspaces that enable segmentation and access control based on user profiles. Federated search functionality allows searching across multiple logspaces on the same or different appliances. SSB stores log data in encrypted, compressed, and timestamped binary files. The largest appliance configuration can store up to 10 terabytes of uncompressed data. Automated backup capabilities archive data to remote servers via NFS or SMB/CIFS protocols while maintaining searchability. The appliance includes content-based alerting that performs continuous search on incoming log data and sends alerts when predefined events are detected. Message rate alerting monitors log infrastructure by setting minimum and maximum thresholds for specified time periods. Authentication, authorization, and accounting settings provide access control based on usergroup privileges. The system integrates with LDAP and Radius databases for user management. TLS encryption secures communication between agents and the appliance, with support for X.509 certificate-based authentication. SSB includes PatternDB for message normalization, parsing capabilities for key-value pairs and sudo logs, real-time event correlation, and REST API for data forwarding to third-party analysis tools. The appliance is available as physical hardware or virtual instances for AWS and Azure.