In-house Relay installation using a virtual machine
The following table provides links to the correct In-house Relay virtual appliance, depending upon the Devo region your account connects to:
|Hyper-V (>=2012)||Hyper-V (>=2012)||Hyper-V (>=2012)|
The following video describes how to install and configure the In-house Relay using a virtual machine.
- Unzip the downloaded file VMLogtrustRelay.zip.
- Create a new virtual machine using an existing virtual disk. Select the file Relay Inhouse Logtrust.vmdk.
- Choose the Operating System Linux and Version Ubuntu.
Check here the hardware requirements for relay installation.
Using SSH or console, log into the appliance with the following credentials:
User is logtrust.
Password is changeme.
Once you are logged in, change the password.
Check the current keyboard configuration, and change it if necessary, by executing the following command:
sudo dpkg-reconfigure keyboard-configuration
Once you have configured the keyboard, run the following command to launch the configuration process:
Change the relay endpoint host as needed:
- If you are an EU user, use eu.elb.relay.logtrust.net
- If you are an USA user, use us.elb.relay.logtrust.net
- If you are a VDC user, use es.elb.relay.logtrust.net
- In Devo, go to Administration → Credentials → Access keys to copy the API Access key. Paste it in the relay configuration process window.
It is not necessary to enter the API secret. You can simply type some random letters and click OK.
- Go to Administration → Relays in Devo and activate the relay.
You can now start sending information from your data sources to the new In-house Relay. However, you may want to first create the rules for event processing through the new relay. See the article about In-house Relay rules for more information.
Starting and stopping the relay
To start or stop the relay, run the relay starter script with the command start, stop, or restart:
sudo /etc/init.d/logtrust-relay start|stop|restart
Troubleshooting the relay
If the relay or its event forwarding process are not working properly, here are some steps you can take to help identify and fix the problem.
Check that the relay processes are running
# ps a|grep scoja 2940 pts/1 S 0:00 sh /opt/logtrust/scoja/scoja.sh -r 5s -G /etc/logtrust/scoja/current/all-me.conf -j /etc/logtrust/scoja/current/all-var.conf 2942 pts/1 Sl 0:32 /opt/java/bin/java -server -XX:+UseConcMarkSweepGC -classpath :/opt/logtrust/scoja/scoja.jar:/opt/logtrust/scoja/scoja-cc.jar:/opt/logtrust/scoja/scoja-compression.jar:/opt/logtrust/scoja/scoja-rpc.jar:/opt/logtrust/scoja/scoja-beep.jar:/opt/logtrust/scoja/jython.jar -Djava.library.path=/opt/logtrust/scoja -Dscoja.home=/opt/logtrust/scoja -Xms500M -Xmx500M org.scoja.server.Scoja -r 5s -G /etc/logtrust/scoja/current/all-me.conf -j /etc/logtrust/scoja/current/all-var.conf
If the Java process is not running, restart it using the relay starter script:
sudo /etc/init.d/logtrust-relay start
If the Java process is still not appearing after restarting the relay, consult the log /var/log/scoja.log. It will show you why it is not possible to start the relay. If the system is unable to find the Java interpreter, the log /var/log/scoja.log will show an error like this:
/opt/logtrust/scoja/scoja.sh: 60: java: not found
On an Ubuntu system, Java is usually installed in /usr/lib/jvm/. You can use one of the following solutions:
Symbolic link: ln -s /usr/lib/jvm/java-6-openjdk/bin/java /usr/bin/java Environment variable: Define export JAVA_HOME="/usr/lib/jvm/java-6-openjdk" in /etc/profile.d/java.sh
Replace the version of Java installed with java-6-penjdk.
Ensure that the default rules are active
# netstat -atun --program|grep `pgrep -f org.scoja.server.Scoja` tcp6 0 0 :::13000 :::* LISTEN 2942/java tcp6 0 0 :::13001 :::* LISTEN 2942/java tcp6 0 0 :::13002 :::* LISTEN 2942/java udp6 0 0 :::12999 :::* 2942/java udp6 0 0 :::13000 :::* 2942/java udp6 0 0 :::13001 :::* 2942/java udp6 0 0 :::13002 :::* 2942/java
- If the ports above are not listening, you should check if the relay process is running in the system (above) or if the system configuration has not been properly deployed (next section).
Ensure that the relay has downloaded the configuration from Devo's server
Check the log file /var/log/lt-relay.log. If the configuration has been downloaded and deployed correctly the log will look like this:
2013-01-11 18:39:19.428100 [SUCCESS] Relay is active, deploying new configuration set 2013-01-11 18:40:01.909000 [SUCCESS] No changes in the Relay Configuration
If there was a problem with the download and deployment process, there will be an error message in the log such as:
2013-01-11 16:49:01.574114 [ERROR] Property 'api.key' not found in conf file 2013-01-11 16:49:32.698116 [ERROR] calling relayServices
- In the case of an error, check the following:
- Make sure the API key and API secret are correct. Do this by re-running the configuration script or directly editing the file /etc/logtrust/relay/logtrust.conf.
- Make sure that the system has an internet connection.
- Make sure that the relay has downloaded the user certificate that allows for the secure forwarding of events to Devo (see below).
Make sure the relay has a user certificate
The relay requires a user certificate to forward events securely to Devo's server. Make sure that the following file exists:
ls -al /etc/logtrust/scoja/current/keys/client.jks
- If the file does not exist, there was an error in the deployment of the initial configuration and you will need to deploy it again. To do so, open Devo and:
- Go to Administration → Relays, find the problematic relay, and select the tool icon found in the Actions column.
- Select the Force Generate New Certificate check box.
- Click Apply Configuration.
After applying the configuration, the new policy application should appear in /var/log/lt-relay.log
2013-01-11 19:06:02.403493 [SUCCESS] No changes in the Relay Configuration 2013-01-11 19:07:02.215951 [SUCCESS] Relay is active, deploying new configuration set
- The certificate should now exist in /etc/logtrust/scoja/current/keys/.