Sending the data

Overview

There are several tools that can be used to send log files to Devo:

Tool Description Allows tagging?
devo-sdk Devo Python SDK Yes
nc Netcat No
logger Tool to send events Yes
Syslog echo Tool to send events (Windows) Yes
Windows syslog Several windows tools available Yes
Windows logger Windows based logger Yes
Windows MagicLog Agent Devo tool Yes

Here are some examples:

  • devo-sdk

    devo-sender data -a eu.elb.relay.logtrust.net -p 443 -t <tag> --key <.key file> --cert <.cert file> --chain <chain file> --file <text file to send>
  • nc

    cat accessbcn1.txt | nc 192.168.1.111 13004 (needs a relay rule)
  • logger

    cat fw.log | logger-p 13000 -t firewall.checkpoint.fw
Go  here to learn how to install the Devo SDK.

Devo also provides boilerplate code in C, C++, Java, .NET, Python, Rails, NodeJS, etc. to send data to Devo. Here are a few examples:

C Language

#include 
#include 
#include "lt_main.h"
#define DEBUG 1

int main(void) {
    lt_ctx *lt_id;
    char relay[] = "eu.public.relay.logtrust.net";
    int timeout = 2;
    lt_id = lt_openlog(relay, "443", "ssl",
                        "test.keep.free", "local3", timeout, DEBUG,
                        "certs/client.crt", "certs/client.key",
                        "certs/ca.crt");
    if (lt_id == NULL) {
        fprintf(stderr, "lt_openlog error\n");
        exit(-1);
    }
    lt_syslog(lt_id, "err", "This is a test from C");
    lt_syslog(lt_id, "info", "This is a test from C");
    lt_closelog(lt_id);

    return 0;
}

C# language

This sample code references some namespaces found in LT.Common.dll. To obtain this assembly and its dependencies, download and install the Devo Agent for Windows.  

using System;
using System.Security.Cryptography.X509Certificates;
using LT.Common.Formatter;
using LT.Common.Net;
using LT.Common.Utils;

namespace SendEventsSample
{
    class Program
    {
        static void Main(string[] args)
        {
            string ipAddress = "eu.public.relay.logtrust.net"; 
            int port = 443;
            string tag = "test.keep.free";
            int facility = 10;
            string message = "Hello World!\r\n";

            try
            {
                MyTcpServer client = new MyTcpServer(ipAddress, port);

                if (client != null)
                {                        
                    client.Certificate = CertificateHelper.GetCertificateFromStore(
                    		"CN=testing, O=LogTrust, L=Madrid, S=Madrid, C=SP", 
                        	StoreName.My, 
                        	StoreLocation.LocalMachine);
                        
                    client.Connect(true);

                    if (!String.IsNullOrEmpty(message))
                    {
                        byte[] formatedStringBuffer = formatedStringBuffer =
                        		LogTrustLogMessageFormater.PrepareSyslogMessage(facility, message, DateTime.Now, tag);
                        
                        client.SendMessage(formatedStringBuffer);
                    }
                    client.Close();
                }
            }
            catch (Exception ex)
            {
                // ....
            }
        }
    }
}

F# language

This sample code references some namespaces found in LT.Common.dll. To obtain this assembly and its dependencies, download and install the Devo Agent for Windows.  

open System
open LT.Common.Net 
open LT.Common.Utils  
open System.Security.Cryptography.X509Certificates;
open LT.Common.Formatter;

[]
let main argv = 

    let ipAddress = "eu.public.relay.logtrust.net"            
    let port = 443
    let tag = "test.keep.free"
    let facility = 10
    let message = "Hello World!\r\n"    

    let client = new MyTcpServer(ipAddress, port)

    client.Certificate

Java

/* Using Scoja syslog client library.
* Scoja is a third-party open source logging framework. 
* See http://sourceforge.net/projects/scoja/ */

import org.scoja.client.Syslogger;
import org.scoja.client.ReusingTCPSyslogger;
 
public class Test {
  static final String HOST = "relay";
  static final int PORT = 514;
 
  public static void main(String args[]) throws Exception {
    Syslogger logger = new ReusingTCPSyslogger(HOST, PORT);
    logger.log("Log Test");
    logger.close();
  }
}

Lua

require("lt_lua_syslog")

cert = "certs/client.crt"
key = "certs/client.key"
chain = "certs/ca_dev.crt"
relay = "eu.public.relay.logtrust.net"

relays = {
  {relay, "1234"},
  {relay, "1234", "udp", "test.keep.free.udp", "local1"},
  {relay, "1234", "tcp", "test.keep.free.tcp", "local2", 1, 1},
  {relay, "443",  "ssl", "test.keep.free.ssl", "local3", 1, 1, cert, key, chain}
}

for i,v in ipairs(relays) do
   local lt_ctx = lt_openlog(unpack(v))
    if lt_ctx == nil then print ("ERROR: Connection estabishment failed") end
    lt_syslog(lt_ctx, "info", "just a simple test message")
    lt_closelog(lt_ctx)
end

Python

from devo.sender import *

SERVER = 'eu.elb.relay.logtrust.net'
PORT = 443
KEY = 'route/to/keyfile.key'
CERT = 'route/to/certfile.crt'
CHAIN = 'route/to/chain.crt'
TAG = 'test.keep.free'

engine_config = SenderConfigSSL(address=SERVER,
                                port=PORT,
                                key=KEY,
                                cert=CERT,
                                chain=CHAIN)
con = Sender(engine_config)

for aux in range(100):
    con.send(tag=TAG, msg="example line to send")

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.

CONTACT US