Sending data to Devo
A typical deployment environment may have hundreds of distributed event sources including business applications, IT network infrastructure resources, and individual PCs and workstations. Along with the customized nature of internal networks, security policies, and the use of proxies, it's not difficult to appreciate the potential for complexity.
Let's start with the two golden rules for sending data correctly to Devo:
- Events must always be sent to the Devo Cloud over a secure channel.
- Events must arrive at the Devo Cloud with an associated tag recognized by Devo.
If an event source is not capable of tagging its events or if it cannot establish a secure outbound channel, then you will likely have to send its events to the Devo Cloud via the Devo Relay.
However, in cases where the source is capable of tagging events and sending them securely, you can send them directly to the Devo Cloud.
Devo Relay is a software piece that sits within your secure network environment—this is why it's often referred to as the "in-house" relay. It can receive events from numerous and varied sources, then forward the events over a secure channel to the Devo Cloud. Rules that you define on the Relay are designed to recognize inbound events; filter out unwanted events; apply the correct Devo tag; then forward the events securely to your Devo Cloud.
Since some data sources are capable of both tagging events and sending them over a secure channel, the relay is not always necessary. However, it offers additional useful features like the ability to filter out events that you don't need to send to Devo.
Event Load Balancers (ELB)
In order to send data to Devo, you need to send the information to an Event Load Balancer (ELB). The ELB will balance the load among the different data nodes in your Devo deployment. Data sources able to properly tag their events can use this method to send their events directly to Devo.
There are two different types of ELBs:
You can use this ELB to send your events directly to Devo using the syslog protocol. To do it, you have to use TLS client auth using your domain certificate.
You can check the ELB endpoint associated with your Devo deployment in Administration → Relays. Click the name of the endpoint (central) to access the required configuration instructions.
Click the ... icon that appears when you hover over it and select Download the certificate to get the required certificates. You will be taken to the Administration → X.509 certificates screen, where you must download the certificate, private key, and chain.
Learn more about X.509 certificates in this article.
You can send your events to Devo using an HTTP endpoint.
To authorize the process, you must generate a token in Devo, and then send the HTTP request to the required endpoint according to your region. Check the available HTTP endpoints and instructions to generate the required token and send the events in this article.
The Devo Endpoint Agent is a multi-platform and multi-purpose endpoint monitoring solution that allows Devo customers to recollect a variety of datasets sitting in their infrastructure, process them in an efficient way, and create a comprehensive view that spans multiple applications and use cases in areas such as security monitoring, IT health and performance monitoring or capacity planning.
Devo collectors are pieces of software that extract information from a specific system and send their events into Devo. Collectors can be both installed and managed in your machine, or hosted by Devo.
Check the list of most common collectors we have defined and how to work with them in this list.
Every data source is unique and so are the procedures for setting them up to send events to the Devo endpoint, whether that's the Devo Relay or the Devo Cloud. For the purposes of providing configuration instructions, we can divide the event sources into several groups:
- Operating systems including Unix-like systems, Windows, and Mac
- Cloud services like Amazon Web Services
- Commercial products
- Custom apps
Other data collection methods
Because every deployment environment is unique with its own policies and preferred data management tools, we do not restrict you to any single way of sending data. As long as the data is sent securely and with the correct Devo tag, you can choose how you prefer to send the data.