Our General Terms and Conditions document update has been released.
The new GTC is in effect from 15th Feb, 2016.
The changes since the previous release are listed below.
The new GTC is available at: https://my.balabit.com/documents/support
Changes of BalaBit Support General Terms and Conditions between the version on 23/04/14 and the current one:
Date: Thu Jan 7 20:59:15 2016 +0100
Legal review results merged into GTC:
- minor rephrasings of definitions
- general phrasing update
- removed section 'Miscellaneous provisions'
Date: Tue Nov 24 17:54:11 2015 +0100
added holidays in 2016
Date: Wed Sep 16 10:24:42 2015 +0200
added Blindspotter support package.
Date: Mon Feb 16 15:58:58 2015 +0100
Hungarian holidays in 2014 table has been removed.
Date: Mon Feb 16 14:13:18 2015 +0100
- Every appearence of 'Support Agreement' has been changed to
'Support Service Agreement'
- The definition of customer have been referred to electronic licence key
rather then balabit licence key.
- The definition of EULA has been moved to its alphabetical place.
- The definition of Maximum engineer hours has been refactored
- The definition of Partner has been extended with distributor and reseller.
- The patch expression has been changed in the definition of Workaround
- The by-pass expression has been changed in the definition of Workaround
- Every Engineering Release and Workaround have been capitalized,
because these are definitions
- In the other service limitations table Maximum Engineer Hours
has been changed to Maximum Engineer Hours of non-charged engineer hours.
- A typo has been fixed in Escalation process
- In hardware replacement session the 'non defective' clause was missing,
this has been fixed. In the same sentence some semantical modifications
has been made.
- In the section of limitation of liability the second session which
referred to the '314. of Act IV of 1959 on the civil code of hungary'
has been removed.
- The notices section has been expanded with email
- In the governing law section the reference for Act IV of 1959
has been changed to Act V of 2013
- In modifications of GTC section the withdrawal part has been removed.
- In modifications of GTC section from the clause 'immediately upon 30 days'
the immediately has been deleted.
- In version policy appendix the word: customer has been changed to partner.
Date: Wed Nov 19 10:51:22 2014 +0100
rephrasing of the chapter 7. 'Request handling process'
Date: Thu Nov 13 11:26:18 2014 +0100
- firm changed to Balabit Europe Ltd. further reffered to as BalaBit
- business hours changed to 8:00 - 17:00
- new item: Extended Business Hours
- L1, L2, L3 Support removed
- severity levels: Minor Impact changed to Normal Impact
2. Technical Support definitions and prerequisites
- minor changes in paragraph 5.
- Hardware replacement paragraph 8 only refers to Section 9.
4. Service Level Objectives
- removed Work Effort column
- Communication frequancy changed to Status Update Frequency with footer
- Changed SLO for ExtSU S1 and S3
- Maximum number of contact people from partner removed
7. Incident handling process
- clarified "work in progress"
8. Escalation procedure
- minor changes in escalation handling (paragraph 3)
- deleted para 6.
9. Hardware replacement
- added Hungarian work days and vacations for year 2015.
Date: Wed Oct 1 09:59:46 2014 +0200
fixed hardware replacement structure
Date: Wed Oct 1 09:10:04 2014 +0200
Added advanced replacement
Date: Wed Apr 23 16:18:55 2014 +0200
changed the company name in accordance with the ongoing legal changes
Read more »
A new version of syslog-ng Store Box 4 LTS (4 LTS (4.0.4)) has been
released. For latest fixes in the 4 LTS (4.0.x) branch you are
recommended to upgrade to this version.
4 LTS (4.0.4)
Thu, 31 Aug 2015 15:34:00 +0100
#33318 SSB now properly handles when bad stripes appear on the
hard disk stripes in HW raid, and sends out alerts.
#33520 When configuring SNMP agent settings, SSB sometimes
unnecessarily enclosed the set value between double-quote
characters ("). This has been corrected.
#33493 Debug messages were not properly logged when syslog-ng was
disabled, causing the following error message to appear in the
system logs: "PHP Fatal error: Call to undefined method
Log::log_debug() in /opt/ssb/lib/LogSpaces.php"
This has been corrected, now debug messages are logged properly
even if syslog-ng is disabled.
#33492 On newer, hardware RAID-based appliances, SSB sends false-
positive alert events while the weekly scheduled consistency
check is running, even if the array and all disks are in optimal
This has been fixed, now SSB does not send alerts under
#32522 MSSQL did not create a new table for every month because
syslog-ng used the same transaction to create the table and
Now these are done in two separate steps: if the new table does
not exist, it is created first, and the values are inserted in a
separate transaction. If any transaction fails, syslog-ng sends
a rollback sql command and starts a new transaction.
#33270 After generating a debug bundle on T4 or T10 machines, and then
updating the SSB firmware, synchronizing the boot firmware to
the slave not failed if SSB was not rebooted between generating
the debug bundle and updating the firmware. This has been
corrected, synchronization now works as expected.
#33265 Because of changes in nfs-utils, SSB could connect to NFSv4
servers only. From now on, SSB can connect to NFS server with
protocol version lower than 4.
#33394 Accessing the Policies > Shares page unnecessarily invokes the
"net ads testjoin" function, even if no share is configured.
This has been corrected.
#32127 The configuration file of syslog-ng was world-readable. The file
permissions have been adjusted, now only the necessary processes
can access this file.
Upgraded to Ubuntu security upstream: apt, bash, batik, bind9, binutils, coreutils, cpio, cups, curl, dbus, e2fsprogs, elfutils, freetype, fuse, gnupg, gnutls26, icu, jinja2, libav, libdrm, libgcrypt11, libtasn1-3, libx11, libxalan2-java, libxext, libxfont, libxi, libxrender, libyaml, mime-support, munin, net-snmp, nspr, nss, ntp, openjdk-7, openssh, pcre3, pixman, python2.7, python3.2, pyyaml, qt4-x11, rsyslog, sqlite3, tcpdump, tiff, tzdata, unzip packages has been updated
READ CAREFULLY IF YOU UPGRADE FROM A VERSION PRECEEDING SSB 4.0.1
If you upgrade from a version preceeding SSB 4.0.1, you must manually download and execute a script.
Compared to SSB 3.x, SSB 4 LTS includes a newer version of the OpenSSH application. The /etc/ssh/ssh_known_hosts file on SSB contains a line that the newer version of OpenSSH considers invalid, and ignores the known_hosts file. As a result, if you have two SSB nodes in high-availability mode, SSB cannot access the other node using SSH to upgrade its firmware. Although the problem does not cause any issues on a standalone SSB, you are recommended to execute the script even if you do not use SSB in high-availability mode.
How to solve the problem
To solve the problem, complete the following steps.
1. Login to the SSB web interface and navigate to the 'Basic Settings > Management > SSH settings' page.
2. Verify that the 'Enable remote SSH access' option is enabled.
If you cannot access SSB using SSH, you will need to access SSB from a local console.
3. Download the script from https://www.balabit.com/downloads/files/ssb/4.0.1/source/ssb-4.0.x-upgrade-ssh_known_hosts.sh to your computer.
4. Issue the ssb-4.0.x-upgrade-ssh_known_hosts.sh <SSB-hostname-or-ipaddress> command to execute the script (replace <SSB-hostname-or-ipaddress> with the IP address or hostname of your SSB).
* If remote SSH access to SSB is enabled, you can execute the script from your local computer, or any other computer that can access SSB and can execute Shell scripts. If you are running Microsoft Windows, you can download the WinSCP utility from http://winscp.net/, copy the script to SSB, login to SSB using an SSH client (or the IPMI console), and execute the script locally.
* If you cannot remotely access SSB, you can execute the script locally on SSB. In this case, use 127.0.0.1 as <SSB-hostname-or-ipaddress>.
6. If needed, enter the password. (The script will require the password at least once.)
7. The script automatically corrects the ssh_known_hosts file on the SSB found at <SSB-hostname-or-ipaddress>, and also on the other node if it is running in high-availability mode.
What happens if you do not execute the script
If you upgrade an SSB HA without correcting the known_hosts file, SSB will not be able to synchronize data between the two nodes, requiring the secondary node to be reinstalled, and all data re-synchronized.
For details on the issues corrected in this release, see our issue
tracking page at https://my.balabit.com/fixed-bugs/revision/ssb
Firmwares and other files for syslog-ng Store Box are available at:
The documentation of the syslog-ng Store Box is available in
The syslog-ng Store Box Administrator Guide at
BalaBit IT Security
Read more »