In-house Relay installation using a virtual machine

The following table provides links to the correct In-house Relay virtual appliance, depending upon the Devo region your account connects to:


The following video describes how to install and configure the In-house Relay using a virtual machine.

  1. Unzip the downloaded file
  2. Create a new virtual machine using an existing virtual disk. Select the file Relay Inhouse Logtrust.vmdk.
  3. Choose the Operating System Linux and Version Ubuntu.

Check here the hardware requirements for relay installation.


  1. Using SSH or console, log into the appliance with the following credentials: 

    • User is logtrust.

    • Password is changeme.

  2. Once you are logged in, change the password.

  3. Check the current keyboard configuration, and change it if necessary, by executing the following command:

    sudo dpkg-reconfigure keyboard-configuration

  4. Once you have configured the keyboard, run the following command to launch the configuration process:

    sudo logtrust-relay-configure

  5. Change the relay endpoint host as needed:

    • If you are an EU user, use
    • If you are an USA user, use
    • If you are a VDC user, use

  6. In Devo, go to Administration → Credentials → Access keys to copy the API Access key. Paste it in the relay configuration process window.

  7. It is not necessary to enter the API secret. You can simply type some random letters and click OK.

  8. Go to Administration → Relays in Devo and activate the relay.

You can now start sending information from your data sources to the new In-house Relay. However, you may want to first create the rules for event processing through the new relay. See the article about In-house Relay rules for more information.

Starting and stopping the relay

To start or stop the relay, run the relay starter script with the command start, stop, or restart:

sudo /etc/init.d/logtrust-relay start|stop|restart

Troubleshooting the relay

If the relay or its event forwarding process are not working properly, here are some steps you can take to help identify and fix the problem.

Check that the relay processes are running

# ps a|grep scoja
 2940 pts/1    S      0:00 sh /opt/logtrust/scoja/ -r 5s -G /etc/logtrust/scoja/current/all-me.conf -j /etc/logtrust/scoja/current/all-var.conf
 2942 pts/1    Sl     0:32 /opt/java/bin/java -server -XX:+UseConcMarkSweepGC -classpath :/opt/logtrust/scoja/scoja.jar:/opt/logtrust/scoja/scoja-cc.jar:/opt/logtrust/scoja/scoja-compression.jar:/opt/logtrust/scoja/scoja-rpc.jar:/opt/logtrust/scoja/scoja-beep.jar:/opt/logtrust/scoja/jython.jar -Djava.library.path=/opt/logtrust/scoja -Dscoja.home=/opt/logtrust/scoja -Xms500M -Xmx500M org.scoja.server.Scoja -r 5s -G /etc/logtrust/scoja/current/all-me.conf -j /etc/logtrust/scoja/current/all-var.conf
  • If the Java process is not running, restart it using the relay starter script:

    sudo /etc/init.d/logtrust-relay start
  • If the Java process is still not appearing after restarting the relay, consult the log /var/log/scoja.logIt will show you why it is not possible to start the relay. If the system is unable to find the Java interpreter, the log /var/log/scoja.log will show an error like this:

    /opt/logtrust/scoja/ 60: java: not found
  • On an Ubuntu system, Java is usually installed in /usr/lib/jvm/. You can use one of the following solutions:

    Symbolic link: ln -s /usr/lib/jvm/java-6-openjdk/bin/java /usr/bin/java
    Environment variable: Define export JAVA_HOME="/usr/lib/jvm/java-6-openjdk" in /etc/profile.d/ 
  • Replace the version of Java installed with java-6-penjdk. 

Ensure that the default rules are active 

 # netstat -atun --program|grep `pgrep -f org.scoja.server.Scoja`
tcp6       0      0 :::13000                :::*                    LISTEN      2942/java      
tcp6       0      0 :::13001                :::*                    LISTEN      2942/java      
tcp6       0      0 :::13002                :::*                    LISTEN      2942/java      
udp6       0      0 :::12999                :::*                                2942/java      
udp6       0      0 :::13000                :::*                                2942/java      
udp6       0      0 :::13001                :::*                                2942/java      
udp6       0      0 :::13002                :::*                                2942/java
  • If the ports above are not listening, you should check if the relay process is running in the system (above) or if the system configuration has not been properly deployed (next section).

Ensure that the relay has downloaded the configuration from Devo's server 

  • Check the log file /var/log/lt-relay.log. If the configuration has been downloaded and deployed correctly the log will look like this: 

    2013-01-11 18:39:19.428100 [SUCCESS] Relay is active, deploying new configuration set
    2013-01-11 18:40:01.909000 [SUCCESS] No changes in the Relay Configuration
  • If there was a problem with the download and deployment process, there will be an error message in the log such as:

    2013-01-11 16:49:01.574114 [ERROR] Property 'api.key' not found in conf file
    2013-01-11 16:49:32.698116 [ERROR] calling relayServices
  • In the case of an error, check the following:
    • Make sure the API key and API secret are correct. Do this by re-running the configuration script or directly editing the file /etc/logtrust/relay/logtrust.conf
    • Make sure that the system has an internet connection. 
    • Make sure that the relay has downloaded the user certificate that allows for the secure forwarding of events to Devo (see below).

Make sure the relay has a user certificate

  • The relay requires a user certificate to forward events securely to Devo's server. Make sure that the following file exists: 

    ls -al /etc/logtrust/scoja/current/keys/client.jks
  • If the file does not exist, there was an error in the deployment of the initial configuration and you will need to deploy it again. To do so, open Devo and: 
    1. Go to Administration → Relays, find the problematic relay, and select the tool icon found in the Actions column.
    2. Select the Force Generate New Certificate check box.
    3. Click Apply Configuration. 
  • After applying the configuration, the new policy application should appear in /var/log/lt-relay.log

    2013-01-11 19:06:02.403493 [SUCCESS] No changes in the Relay Configuration
    2013-01-11 19:07:02.215951 [SUCCESS] Relay is active, deploying new configuration set
  • The certificate should now exist in /etc/logtrust/scoja/current/keys/. 

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.