syslog-ng Store Box

The syslog-ng Store Box (SSB) is a log server appliance that collects, stores and monitors the log messages sent by network devices, applications and computers. SSB can receive traditional syslog messages, syslog messages that comply with the new Internet Engineering Task Force (IETF) standard, eventlog messages from Microsoft Windows hosts, as well as SNMP messages.


Be the first to review this product

Pricing   Contact us for Quote now
SoftwareAsia SKU   SYSNGVT
Publisher's SKU   SYSNGL


The syslog-ng application is used worldwide by companies and institutions who collect and manage logs centrally. Using syslog-ngis particularly advantageous for:

  • Telecommunications Operators
  • Internet Service Providers;
  • Financial institutions and companies requiring policy compliance;
  • Server, web, and application hosting companies;
  • Educational Institutions
  • Government Agencies
Secure, reliable log transfer  
The syslog-ng Store Box can receive log messages sentusing both the legacy BSD-syslog protocol, as well as thelatest syslog protocol standards. Transferring messages toSSB is supported using the UDP, TCP, and TLS protocols.Mutual authentication of the TLS-encrypted channelsmaintains the integrity and confidentiality of the transferredinformation. Using syslog-ng to transfer the log messageshelps you avoid losing messages even in case of network orhardware errors.
Trusted, timestamped log storage  
The syslog-ng Store Box can store log messages securely in encrypted, compressed, and digitally signed binary files. That wayany sensitive data is available only for authorized personnel who have the appropriate encryption key. Sections of the log files canbe timestamped; timestamps can be requested from externalTimestamping Authorities as well. The contents of the log filesare indexed and terabytes of data can be browsed online oraccessed via the REST-based API providing a secure interfaceto 3rd party or custom log analysis tools. All data is stored onmirrored RAID devices to prevent data loss in case of hardwarefailure. Using two SSB units in high availability is a simple andconvenient way of ensuring continuous log collection.
Direct database access
SSB natively supports SQL database sources allowing users to fetch log messages directly from MySQL, Microsoft SQL (MSSQL),Oracle, and PostgreSQL databases. In addition to storing messages locally on SSB, log messages can be transferred directly toSQL databases. 
REST-based API to access and search logs
The SSB API allows you to access and query the log messages stored on SSB from remote applications. You can access the APIusing a RESTful protocol over HTTPS, meaning that you can use any programming language that has access to a RESTful HTTPSclient to integrate SSB into your environment, including popular languages such as Java and Python. 
Managing SSB

SSB is configured from a clean, intuitive web interface. The rolesof each SSB administrator can be clearly defined using a set ofprivileges:


  • manage SSB as a host;
  • manage log collection, forwarding and storage;
  • configure various alerts;
  • browse the collected logs reports.

The web interface is accessible via a network interface dedicated to management traffic. This management interface is also usedfor backup, sending alerts, and other administrative traffic. All configuration changes are automatically logged, simplifying auditingof SSB.

Granular access control

The SSB web interface features highly customizable access control. Using this together with the powerful message-sortingcapabilities of syslog-ng, you can specify exactly which log messages to which a user has access. For example, it is possible togrant access only to the logs of a specific application to the support engineer for that application – it is even possible to restrictaccess based on the time frame of the data.

LDAP integration

SSB can connect to a remote LDAP database (for example, a Microsoft Active Directory server) to resolve group memberships ofthe users who access the SSB web interface. Privileges to configure SSB or browse different logs can be defined based on groupmemberships.

Real-time log monitoring

Even though SSB is not a log analysis engine, it is able to classify individual log messages. Administrators can define log patternson the SSB interface, label matching messages (for example, security event, user login, and so on), and also extract importantdata (for example, usernames and IP addresses) from messages. SSB can create statistics and custom reports on the extractedinformation. SSB can send message rate alerts to detect if the syslog-ng inside SSB has stopped working, one of the clients/sitessending logs is not detectable, or one of the clients/sites is sending too many logs, probably unnecessarily.

Log collection from more than 50 platforms

SSB uses the syslog-ng Premium Edition application to collect logs fromdifferent operating systems and hardware platforms, including recentand legacy Linux- and Unix-variants, BSD, HP-UX, IBM AIX, IBM SystemI (via standalone agent), Microsoft Windows (via standalone agent) XP,Server 2003, Vista, Server 2008, Windows 7, Sun Solaris, and Tru64.

Automatic data and configuration backups

Stored log messages and the configuration of SSB can be periodicallytransferred to a remote server using the following protocols:


  • Network File System protocol (NFS);
  • Rsync over SSH;
  • Server Message Block protocol (SMB/CIFS).


The latest backup – including the data backup – can be easily restoredvia SSB’s web interface.

Automatic data archiving

Stored log messages can automatically be archived to a remote server.The data on the remote server remains accessible and searchable;several terabytes of audit trails can be accessed from the SSB webinterface. SSB uses the remote server as a network drive via the NetworkFile System (NFS) or the Server Message Block (SMB/CIFS) protocol. 


High Availability support

When log messages are sent to SSB and not stored locally, SSB can be a single point of failure. If SSB fails, the collected logsare unavailable and might be lost forever. Since this is not acceptable for critical servers and services, SSB is available with HAsupport. In this case, two SSB units (a master and a slave) having identical configuration operate simultaneously. The mastershares all data with the slave node, and if the master unit stops functioning, the other one becomes immediately active, so theservers are continuously accessible. SSB1000d and larger versions are also equipped with dual power units.

Handle extreme load

The syslog-ng Store Box is optimized for performance, and can handle enormous amount of messages. Depending on its exactconfiguration, it can collect over 100,000 messages per second, and index over 75,000 messages per second, and process over35 GB of raw logs per hour. Larger versions of the appliance are capable of storing up to 10 Terabytes of data.

Software upgrades

Software upgrades are provided as firmware images – upgrading SSB using the SSB web interface is as simple as upgrading anetwork router. SSB stores up to five previous firmware versions, allowing easy rollback in case of any problems. Upgrades forsyslog-ng Premium Edition – the log collector agent of SSB – are available from the BalaBit website.

Hardware specifications

SSB appliances are built on high performance, energy efficient, and reliable servers that are easily mounted into standard rackmounts.

syslog-ng Store Box SSB T1

  • 1xQuad Core CPU, 8 GB RAM, 1 TB HDD
  • Software licenses available from 100 to 1,000 LogSource Hosts.

syslog-ng Store Box SSB T4

  • 2xQuad Core CPU, 8 GB RAM, redundant powersupply, 4 TB HDD
  • Software licenses available from 100 to 1,000 LogSource Hosts.

syslog-ng Store Box SSB T10

  • 2xQuad Core CPU, 32 GB RAM, redundant powersupply, 10 TB HDD, RAID50
  • Software licenses available from 500 to unlimitednumber of Log Source Hosts.

syslog-ng Store Box VA

  • Virtual appliance to be run under VMware ESXi
  • Software licenses available from 25 to unlimited numberof Log Source Hosts
Product Name Price Qty
syslog-ng Store Box
Contact Us For Quote


syslog-ng Store Box

trusted log collection and storage

  • Central logserver appliance
  • Log collector agent for Windows, IBM System i andUnix-variant hosts
  • Complete log-lifecycle management
  • Collect more than 100,000, and index more than75,000 log messages per second real-time
  • Encrypted, signed, and timestamped log storage
  • Up to 10 Terabytes of effective disk space
  • Web-based configuration interface and log search
  • REST-based API to access and search logs
  • Fast search capability via log message indexing
  • Forward logs to external database or SIEM devices

Built around the popular syslog-ng application used by thousands of organizations worldwide, the syslog-ng Store Box(SSB) brings you a powerful, easy to configure appliance to collect and store your logs. SSB allows you to collect, process,and store log messages from a wide range of platforms and devices.

Name:    BalaBit

SoftwareAsia (via its parent company LOGON Software Asia Limited) is a Balabit reseller in Asia..    

BalaBit – headquartered in Luxembourg – is a European IT security innovator, specialized in advanced monitoring technologies. The company is widely-known for syslog-ng™, its open source log management solution, used by more than a million companies worldwide. This significant user base provides a solid ground for the business expansion which is fueled by Shell Control Box™, a pioneering development for the rapidly-growing niche of privileged activity monitoring market.

 SoftwareAsia is a Balabit Reseller and Value based in Asia with operations in Hong Kong, Singapore, Malaysia, Philippines, India, Thailand and Indonesia. We offer First line support, training, and customisation services.

Questions and Answers

add your question

There are no entries.

Product Tags

Use spaces to separate tags. Use single quotes (') for phrases.

Featured Brands