The In-house Relay

About the In-house Relay

The In-house Relay collects the events generated by multiple data sources and forwards them to Devo repositories.

  • The data is sent from the data source device to the In-house Relay.
  • The relay, after processing the data, will send the events to Devo cloud infrastructure.
  • The events are always forwarded to Devo using an encrypted channel and authentication using a client certificate.

The In-house Relay also:

  • Compresses the event data and sends the node data securely over SSL/TLS.
  • Is capable of using tags to parse the data format and structure.
  • Filters or excludes events based on defined rules or patterns.
  • Temporarily stores the events when there is a problem connecting with the data repositories, and re-sends the data when the connection is restored.
  • Eliminates any need to enable the data sources with internet access.
  • Allows for the establishment of rules for classifying and labeling logs. Rules can use criteria such as the relay port where events arrive, the origin IP of the sender, the message’s syslog tag, the syslog’s facility/level, and more.

In-house Relay requirements

See below the requirements to consider when configuring an In-house Relay:

Hardware

Minimum requirements:

  • Memory → 2 GB
  • Hard disk → 20GB available for the relay application

Network

Connectivity requirements:

The In-house Relay must be able to reach the following servers:

For USA users:

  • us.elb.relay.logtrust.net: 443
  • usa.logtrust.com: 443

For EU users:

  • eu.elb.relay.logtrust.net: 443 
  • app.logtrust.com: 443

For VDC (Spain) users:

  • es.elb.relay.logtrust.net: 443
  • spain.logtrust.com: 443

These are the ports used by the In-house Relay:

  • Internal access ports → 12999 to 13002 for collection services
  • Optional internal access ports → 13003 to 13030 for custom collection services

Note that these ports should not be used by other services.

Relay name

When assigning a name to a relay, take into account the following rules:

  • The relay name cannot contain periods or special characters
  • The maximum length for the relay name is 50 characters
  • Example of incorrect relay name → relay-sf-ltrelay02.workforcehosting.net

The relay name is for internal use only and is not the hostname of the relay device.

When to use an In-house Relay

The In-house Relay is commonly used by systems that cannot report their logs directly to Devo due to:

  • Locations on isolated network segments or without internet connectivity due to security policies
  • Inability to tag their logs from the source
  • Complex or extensive network topologies

In-house Relays are also beneficial when:

  • Events cannot be tagged in the source
  • Events need to be filtered before sending to Devo
  • Events are sent from various machines to the same port (for example, 514 UDP)
  • Any specific task on events like anonymity
  • There is a need for security using SSL/TLS
  • There is a need to compress data
  • There is a need for special parsers before sending
  • There is a need to use Relay apps (SNMP Agent or Twitter)
  • There is a need for event buffering in case of internet access loss

To learn more about how relays work, check out Installing, configuring and uploading data with a Devo relay.

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.

CONTACT US