The In-house Relay
About the In-house Relay
The In-house Relay collects the events generated by multiple data sources and forwards them to Devo repositories.
- The data is sent from the data source device to the In-house Relay.
- The relay, after processing the data, will send the events to Devo cloud infrastructure.
- The events are always forwarded to Devo using an encrypted channel and authentication using a client certificate.
The In-house Relay also:
- Compresses the event data and sends the node data securely over SSL/TLS.
- Is capable of using tags to parse the data format and structure.
- Filters or excludes events based on defined rules or patterns.
- Temporarily stores the events when there is a problem connecting with the data repositories, and re-sends the data when the connection is restored.
- Eliminates any need to enable the data sources with internet access.
- Allows for the establishment of rules for classifying and labeling logs. Rules can use criteria such as the relay port where events arrive, the origin IP of the sender, the message’s syslog tag, the syslog’s facility/level, and more.
In-house Relay requirements
See below the requirements to consider when configuring an In-house Relay:
The In-house Relay must be able to reach the following servers:
For USA users:
For EU users:
For VDC (Spain) users:
These are the ports used by the In-house Relay:
Note that these ports should not be used by other services.
When assigning a name to a relay, take into account the following rules:
The relay name is for internal use only and is not the hostname of the relay device.
When to use an In-house Relay
The In-house Relay is commonly used by systems that cannot report their logs directly to Devo due to:
- Locations on isolated network segments or without internet connectivity due to security policies
- Inability to tag their logs from the source
- Complex or extensive network topologies
In-house Relays are also beneficial when:
- Events cannot be tagged in the source
- Events need to be filtered before sending to Devo
- Events are sent from various machines to the same port (for example, 514 UDP)
- Any specific task on events like anonymity
- There is a need for security using SSL/TLS
- There is a need to compress data
- There is a need for special parsers before sending
- There is a need to use Relay apps (SNMP Agent or Twitter)
- There is a need for event buffering in case of internet access loss
To learn more about how relays work, check out Installing, configuring and uploading data with a Devo relay.