RSS Feed
Latest Updates
syslog-ng Store Box 3 LTS End of Support
Posted by Gergely Csordás on 2015 September 15 10:27

In accordance with our version policy, support for syslog-ng Store Box
3 LTS ends on 30th September, 2015

Updates, security fixes, and technical support of syslog-ng Store Box
3 LTS will be discontinued from this date.

You are recommended to upgrade to syslog-ng Store Box 4 LTS before the
support of the above versions ends.

In order to upgrade to syslog-ng Store Box 4 LTS, follow the
instructions of the "How to upgrade to syslog-ng Store Box 4 LTS" guide:

If you need help performing the upgrade, please contact BalaBit support.

Best Regards,


Read more »

syslog-ng Store Box 4 LTS (4.0.4) has been released
Posted by Gergely Csordás on 2015 September 08 16:51

A new version of syslog-ng Store Box 4 LTS (4 LTS (4.0.4)) has been
 released. For latest fixes in the 4 LTS (4.0.x) branch you are
 recommended to upgrade to this version.


4 LTS (4.0.4)
   Thu, 31 Aug 2015 15:34:00 +0100

   Fixed bug:
     #33318 SSB now properly handles when bad stripes appear on the
            hard disk stripes in HW raid, and sends out alerts.
     #33520 When configuring SNMP agent settings, SSB sometimes
            unnecessarily enclosed the set value between double-quote
            characters ("). This has been corrected.
     #33493 Debug messages were not properly logged when syslog-ng was
            disabled, causing the following error message to appear in the
            system logs: "PHP Fatal error:  Call to undefined method
            Log::log_debug() in /opt/ssb/lib/LogSpaces.php"
            This has been corrected, now debug messages are logged properly
            even if syslog-ng is disabled.
     #33492 On newer, hardware RAID-based appliances, SSB sends false-
            positive alert events while the weekly scheduled consistency
            check is running, even if the array and all disks are in optimal
            This has been fixed, now SSB does not send alerts under
            these circumstances.
     #32522 MSSQL did not create a new table for every month because
            syslog-ng used the same transaction to create the table and
            insert values.
            Now these are done in two separate steps: if the new table does
            not exist, it is created first, and the values are inserted in a
            separate transaction. If any transaction fails, syslog-ng sends
            a rollback sql command and starts a new transaction.
     #33270 After generating a debug bundle on T4 or T10 machines, and then
            updating the SSB firmware, synchronizing the boot firmware to
            the slave not failed if SSB was not rebooted between generating
            the debug bundle and updating the firmware. This has been
            corrected, synchronization now works as expected.
     #33265 Because of changes in nfs-utils, SSB could connect to NFSv4
            servers only. From now on, SSB can connect to NFS server with
            protocol version lower than 4.
     #33394 Accessing the Policies > Shares page unnecessarily invokes the
            "net ads testjoin" function, even if no share is configured.
            This has been corrected.
     #32127 The configuration file of syslog-ng was world-readable. The file
            permissions have been adjusted, now only the necessary processes
            can access this file.

   Security updates:
     Upgraded to Ubuntu security upstream: apt, bash, batik, bind9, binutils, coreutils, cpio, cups, curl, dbus, e2fsprogs, elfutils, freetype, fuse, gnupg, gnutls26, icu, jinja2, libav, libdrm, libgcrypt11, libtasn1-3, libx11, libxalan2-java, libxext, libxfont, libxi, libxrender, libyaml, mime-support, munin, net-snmp, nspr, nss, ntp, openjdk-7, openssh, pcre3, pixman, python2.7, python3.2, pyyaml, qt4-x11, rsyslog, sqlite3, tcpdump, tiff, tzdata, unzip packages has been updated

   If you upgrade from a version preceeding SSB 4.0.1, you must manually download and execute a script.

   The reasons
   Compared to SSB 3.x, SSB 4 LTS includes a newer version of the OpenSSH application. The /etc/ssh/ssh_known_hosts file on SSB contains a line that the newer version of OpenSSH considers invalid, and ignores the known_hosts file. As a result, if you have two SSB nodes in high-availability mode, SSB cannot access the other node using SSH to upgrade its firmware. Although the problem does not cause any issues on a standalone SSB, you are recommended to execute the script even if you do not use SSB in high-availability mode.

   How to solve the problem
   To solve the problem, complete the following steps.
   1. Login to the SSB web interface and navigate to the 'Basic Settings > Management > SSH settings' page.
   2. Verify that the 'Enable remote SSH access' option is enabled.
      If you cannot access SSB using SSH, you will need to access SSB from a local console.
   3. Download the script from to your computer.
   4. Issue the <SSB-hostname-or-ipaddress> command to execute the script (replace <SSB-hostname-or-ipaddress> with the IP address or hostname of your SSB).
      * If remote SSH access to SSB is enabled, you can execute the script from your local computer, or any other computer that can access SSB and can execute Shell scripts. If you are running Microsoft Windows, you can download the WinSCP utility from, copy the script to SSB, login to SSB using an SSH client (or the IPMI console), and execute the script locally.
      * If you cannot remotely access SSB, you can execute the script locally on SSB. In this case, use as <SSB-hostname-or-ipaddress>.
   6. If needed, enter the password. (The script will require the password at least once.)
   7. The script automatically corrects the ssh_known_hosts file on the SSB found at <SSB-hostname-or-ipaddress>, and also on the other node if it is running in high-availability mode.

   What happens if you do not execute the script
   If you upgrade an SSB HA without correcting the known_hosts file, SSB will not be able to synchronize data between the two nodes, requiring the secondary node to be reinstalled, and all data re-synchronized.

 For details on the issues corrected in this release, see our issue
 tracking page at


 Firmwares and other files for syslog-ng Store Box are available at:

 The documentation of the syslog-ng Store Box is available in
 The syslog-ng Store Box Administrator Guide at

Kind Regards,

 BalaBit IT Security

Read more »

Windows 10 support in SCB
Posted by Gergely Csordás on 2015 August 04 09:49

Dear Customers!


Our preliminary Windows 10 support will be available beginning from the upcoming 4.0.6 release of our Shell Control Box product.

The Shell Control Box 4.0.6 will be available within two weeks.


If you use SCB 4F1 and need to support Windows 10, then please contact Balabit Support about the Windows 10 support using this portal.


Kind regards,

Balabit Support Team

Read more »

syslog-ng Premium Edition 5 F4 (5.4.1) has been released
Posted by Gergely Csordás on 2015 August 03 11:10

 A new version of syslog-ng Premium Edition 5 F4 (5.4.1) has been

5 F4 (5.4.1)
Thu, 23 July 2015 14:08:00

Send messages directly to Elasticsearch:
syslog-ng can directly send log messages to Elasticsearch allowing you to search and analyze your data in real time, and visualize it with Kibana.

Publish messages to Apache Kafka:
The syslog-ng allows you to publish your log data to an Apache Kafka messaging system, where subscribers can access them, making it easy to integrate your log data into an enterprise wide data integration solution.

New syslog-ng-ctl command to reset statistical counters:
The syslog-ng-ctl utility has a new stats --reset option that resets all statistics counters to zero.

Newly supported platforms:
Oracle Linux 7 (x86_64)

Deprecated platforms:
Ubuntu 10.04 (Lucid Lynx)
FreeBSD 8

Multithreading in syslog-ng is now enabled by default.

Support for Security Enhanced Linux is extended to RHEL 7.1 and it also works with Oracle Linux 7.

A new utility called syslog-debun is available in syslog-ng PE 5 F4. This tool can be used to collect information about your syslog-ng PE environment into a debug bundle to simplify troubleshooting and increase the speed of solving support tickets.

Please note that the newly added big data destinations towards HDFS, Elasticsearch and Kafka are available only in server mode of syslog-ng and therefore they require a valid license file.

When upgrading syslog-ng PE 5F3 to 5F4, if you are using the HDFS destination and disk-based buffering, the persist file of syslog-ng PE must be manually updated using the persist-tool utility. In this case please, contact the BalaBit Support Team.

In accordance with our version policy, support for syslog-ng PE 5F3 ends by 30th of September 2015 therefore it is recommended to upgrade to syslog-ng PE 5F4as soon as possible.


 Download the latest binaries from:
 Note that to download the binaries, you have to login into your MyBalaBit

 The documentation of the syslog-ng application is available in
 The syslog-ng Premium Edition 5 F4 (5.4.1) Administrator Guide at:

 For details on upgrading and possible upgrade paths, read
 the Upgrading syslog-ng PE section in the The syslog-ng Premium Edition 5.4 Administrator Guide

 For details on the support terms of the feature releases see our version policy at:

 Kind Regards,


Read more »

Shell Control Box 3 LTS End of Support
Posted by Gergely Csordás on 2015 July 27 17:56

The support for BalaBit Shell Control Box 3 LTS (3.0) ends on 31st July, 2015.

Updates, security fixes, and technical support of Shell Control Box 3 LTSwill be discontinued from this date.

You are recommended to upgrade to Shell Control Box 4 LTS before the support of the above versions ends.


In order to upgrade to Shell Control Box 4 LTS (4.0), follow the instructions of the "How to upgrade to Shell Control Box 4 LTS guide:

Best Regards,


Read more »