RSS Feed
Latest Updates
BalaBit Support General Terms and Conditions update
Posted by Kálmán Kővári on 2016 January 15 17:23

Dear Customers!


Our General Terms and Conditions document update has been released.

The new GTC is in effect from 15th Feb, 2016.


The changes since the previous release are listed below.

The new GTC is available at:


Kind regards,

BalaBit Support


Changes of BalaBit Support General Terms and Conditions between the version on 23/04/14 and the current one:


Date: Thu Jan 7 20:59:15 2016 +0100

Legal review results merged into GTC:

  • minor rephrasings of definitions
  • general phrasing update
  • removed section 'Miscellaneous provisions'

Date: Tue Nov 24 17:54:11 2015 +0100

added holidays in 2016

Date: Wed Sep 16 10:24:42 2015 +0200

added Blindspotter support package.

Date: Mon Feb 16 15:58:58 2015 +0100

Hungarian holidays in 2014 table has been removed.

Date: Mon Feb 16 14:13:18 2015 +0100

  • Every appearence of 'Support Agreement' has been changed to
    'Support Service Agreement'
  • The definition of customer have been referred to electronic licence key
    rather then balabit licence key.
  • The definition of EULA has been moved to its alphabetical place.
  • The definition of Maximum engineer hours has been refactored
  • The definition of Partner has been extended with distributor and reseller.
  • The patch expression has been changed in the definition of Workaround
  • The by-pass expression has been changed in the definition of Workaround
  • Every Engineering Release and Workaround have been capitalized,
    because these are definitions
  • In the other service limitations table Maximum Engineer Hours
    has been changed to Maximum Engineer Hours of non-charged engineer hours.
  • A typo has been fixed in Escalation process
  • In hardware replacement session the 'non defective' clause was missing,
    this has been fixed. In the same sentence some semantical modifications
    has been made.
  • In the section of limitation of liability the second session which
    referred to the '314. of Act IV of 1959 on the civil code of hungary'
    has been removed.
  • The notices section has been expanded with email
  • In the governing law section the reference for Act IV of 1959
    has been changed to Act V of 2013
  • In modifications of GTC section the withdrawal part has been removed.
  • In modifications of GTC section from the clause 'immediately upon 30 days'
    the immediately has been deleted.
  • In version policy appendix the word: customer has been changed to partner.

Date: Wed Nov 19 10:51:22 2014 +0100

rephrasing of the chapter 7. 'Request handling process'

Date: Thu Nov 13 11:26:18 2014 +0100

1. Definitions:

  • firm changed to Balabit Europe Ltd. further reffered to as BalaBit
  • business hours changed to 8:00 - 17:00
  • new item: Extended Business Hours
  • L1, L2, L3 Support removed
  • severity levels: Minor Impact changed to Normal Impact

2. Technical Support definitions and prerequisites

  • minor changes in paragraph 5.
  • Hardware replacement paragraph 8 only refers to Section 9.

4. Service Level Objectives

  • removed Work Effort column
  • Communication frequancy changed to Status Update Frequency with footer
  • Changed SLO for ExtSU S1 and S3
  • Maximum number of contact people from partner removed

7. Incident handling process

  • clarified "work in progress"

8. Escalation procedure

  • minor changes in escalation handling (paragraph 3)
  • deleted para 6.

9. Hardware replacement

  • minor changes in para 2.

Appendix A:

  • added Hungarian work days and vacations for year 2015.

Appendix C:

  • Headline changed.

Date: Wed Oct 1 09:59:46 2014 +0200

fixed hardware replacement structure

Date: Wed Oct 1 09:10:04 2014 +0200

Added advanced replacement

Date: Wed Apr 23 16:18:55 2014 +0200

changed the company name in accordance with the ongoing legal changes

Read more »

syslog-ng Store Box 3 LTS End of Support
Posted by Gergely Csordás on 2015 September 15 10:27

In accordance with our version policy, support for syslog-ng Store Box
3 LTS ends on 30th September, 2015

Updates, security fixes, and technical support of syslog-ng Store Box
3 LTS will be discontinued from this date.

You are recommended to upgrade to syslog-ng Store Box 4 LTS before the
support of the above versions ends.

In order to upgrade to syslog-ng Store Box 4 LTS, follow the
instructions of the "How to upgrade to syslog-ng Store Box 4 LTS" guide:

If you need help performing the upgrade, please contact BalaBit support.

Best Regards,


Read more »

syslog-ng Store Box 4 LTS (4.0.4) has been released
Posted by Gergely Csordás on 2015 September 08 16:51

A new version of syslog-ng Store Box 4 LTS (4 LTS (4.0.4)) has been
 released. For latest fixes in the 4 LTS (4.0.x) branch you are
 recommended to upgrade to this version.


4 LTS (4.0.4)
   Thu, 31 Aug 2015 15:34:00 +0100

   Fixed bug:
     #33318 SSB now properly handles when bad stripes appear on the
            hard disk stripes in HW raid, and sends out alerts.
     #33520 When configuring SNMP agent settings, SSB sometimes
            unnecessarily enclosed the set value between double-quote
            characters ("). This has been corrected.
     #33493 Debug messages were not properly logged when syslog-ng was
            disabled, causing the following error message to appear in the
            system logs: "PHP Fatal error:  Call to undefined method
            Log::log_debug() in /opt/ssb/lib/LogSpaces.php"
            This has been corrected, now debug messages are logged properly
            even if syslog-ng is disabled.
     #33492 On newer, hardware RAID-based appliances, SSB sends false-
            positive alert events while the weekly scheduled consistency
            check is running, even if the array and all disks are in optimal
            This has been fixed, now SSB does not send alerts under
            these circumstances.
     #32522 MSSQL did not create a new table for every month because
            syslog-ng used the same transaction to create the table and
            insert values.
            Now these are done in two separate steps: if the new table does
            not exist, it is created first, and the values are inserted in a
            separate transaction. If any transaction fails, syslog-ng sends
            a rollback sql command and starts a new transaction.
     #33270 After generating a debug bundle on T4 or T10 machines, and then
            updating the SSB firmware, synchronizing the boot firmware to
            the slave not failed if SSB was not rebooted between generating
            the debug bundle and updating the firmware. This has been
            corrected, synchronization now works as expected.
     #33265 Because of changes in nfs-utils, SSB could connect to NFSv4
            servers only. From now on, SSB can connect to NFS server with
            protocol version lower than 4.
     #33394 Accessing the Policies > Shares page unnecessarily invokes the
            "net ads testjoin" function, even if no share is configured.
            This has been corrected.
     #32127 The configuration file of syslog-ng was world-readable. The file
            permissions have been adjusted, now only the necessary processes
            can access this file.

   Security updates:
     Upgraded to Ubuntu security upstream: apt, bash, batik, bind9, binutils, coreutils, cpio, cups, curl, dbus, e2fsprogs, elfutils, freetype, fuse, gnupg, gnutls26, icu, jinja2, libav, libdrm, libgcrypt11, libtasn1-3, libx11, libxalan2-java, libxext, libxfont, libxi, libxrender, libyaml, mime-support, munin, net-snmp, nspr, nss, ntp, openjdk-7, openssh, pcre3, pixman, python2.7, python3.2, pyyaml, qt4-x11, rsyslog, sqlite3, tcpdump, tiff, tzdata, unzip packages has been updated

   If you upgrade from a version preceeding SSB 4.0.1, you must manually download and execute a script.

   The reasons
   Compared to SSB 3.x, SSB 4 LTS includes a newer version of the OpenSSH application. The /etc/ssh/ssh_known_hosts file on SSB contains a line that the newer version of OpenSSH considers invalid, and ignores the known_hosts file. As a result, if you have two SSB nodes in high-availability mode, SSB cannot access the other node using SSH to upgrade its firmware. Although the problem does not cause any issues on a standalone SSB, you are recommended to execute the script even if you do not use SSB in high-availability mode.

   How to solve the problem
   To solve the problem, complete the following steps.
   1. Login to the SSB web interface and navigate to the 'Basic Settings > Management > SSH settings' page.
   2. Verify that the 'Enable remote SSH access' option is enabled.
      If you cannot access SSB using SSH, you will need to access SSB from a local console.
   3. Download the script from to your computer.
   4. Issue the <SSB-hostname-or-ipaddress> command to execute the script (replace <SSB-hostname-or-ipaddress> with the IP address or hostname of your SSB).
      * If remote SSH access to SSB is enabled, you can execute the script from your local computer, or any other computer that can access SSB and can execute Shell scripts. If you are running Microsoft Windows, you can download the WinSCP utility from, copy the script to SSB, login to SSB using an SSH client (or the IPMI console), and execute the script locally.
      * If you cannot remotely access SSB, you can execute the script locally on SSB. In this case, use as <SSB-hostname-or-ipaddress>.
   6. If needed, enter the password. (The script will require the password at least once.)
   7. The script automatically corrects the ssh_known_hosts file on the SSB found at <SSB-hostname-or-ipaddress>, and also on the other node if it is running in high-availability mode.

   What happens if you do not execute the script
   If you upgrade an SSB HA without correcting the known_hosts file, SSB will not be able to synchronize data between the two nodes, requiring the secondary node to be reinstalled, and all data re-synchronized.

 For details on the issues corrected in this release, see our issue
 tracking page at


 Firmwares and other files for syslog-ng Store Box are available at:

 The documentation of the syslog-ng Store Box is available in
 The syslog-ng Store Box Administrator Guide at

Kind Regards,

 BalaBit IT Security

Read more »

Windows 10 support in SCB
Posted by Gergely Csordás on 2015 August 04 09:49

Dear Customers!


Our preliminary Windows 10 support will be available beginning from the upcoming 4.0.6 release of our Shell Control Box product.

The Shell Control Box 4.0.6 will be available within two weeks.


If you use SCB 4F1 and need to support Windows 10, then please contact Balabit Support about the Windows 10 support using this portal.


Kind regards,

Balabit Support Team

Read more »

syslog-ng Premium Edition 5 F4 (5.4.1) has been released
Posted by Gergely Csordás on 2015 August 03 11:10

 A new version of syslog-ng Premium Edition 5 F4 (5.4.1) has been

5 F4 (5.4.1)
Thu, 23 July 2015 14:08:00

Send messages directly to Elasticsearch:
syslog-ng can directly send log messages to Elasticsearch allowing you to search and analyze your data in real time, and visualize it with Kibana.

Publish messages to Apache Kafka:
The syslog-ng allows you to publish your log data to an Apache Kafka messaging system, where subscribers can access them, making it easy to integrate your log data into an enterprise wide data integration solution.

New syslog-ng-ctl command to reset statistical counters:
The syslog-ng-ctl utility has a new stats --reset option that resets all statistics counters to zero.

Newly supported platforms:
Oracle Linux 7 (x86_64)

Deprecated platforms:
Ubuntu 10.04 (Lucid Lynx)
FreeBSD 8

Multithreading in syslog-ng is now enabled by default.

Support for Security Enhanced Linux is extended to RHEL 7.1 and it also works with Oracle Linux 7.

A new utility called syslog-debun is available in syslog-ng PE 5 F4. This tool can be used to collect information about your syslog-ng PE environment into a debug bundle to simplify troubleshooting and increase the speed of solving support tickets.

Please note that the newly added big data destinations towards HDFS, Elasticsearch and Kafka are available only in server mode of syslog-ng and therefore they require a valid license file.

When upgrading syslog-ng PE 5F3 to 5F4, if you are using the HDFS destination and disk-based buffering, the persist file of syslog-ng PE must be manually updated using the persist-tool utility. In this case please, contact the BalaBit Support Team.

In accordance with our version policy, support for syslog-ng PE 5F3 ends by 30th of September 2015 therefore it is recommended to upgrade to syslog-ng PE 5F4as soon as possible.


 Download the latest binaries from:
 Note that to download the binaries, you have to login into your MyBalaBit

 The documentation of the syslog-ng application is available in
 The syslog-ng Premium Edition 5 F4 (5.4.1) Administrator Guide at:

 For details on upgrading and possible upgrade paths, read
 the Upgrading syslog-ng PE section in the The syslog-ng Premium Edition 5.4 Administrator Guide

 For details on the support terms of the feature releases see our version policy at:

 Kind Regards,


Read more »