Configuration packages for *nix
Devo provides two packages, logtrust-system and logtrust-monitor, to help you monitor and send system log events via rsyslog to a Devo endpoint. As rsyslog supports tagging and is capable of establishing a secure channel to the Devo Cloud, the use of a Devo Relay as intermediary is optional.
- logtrust-system - Sets up rsyslog configuration files that monitor the OS logs and establish a connection with a Devo endpoint. The events collected by this package will be sent to Devo with the box.unix tag.
- logtrust-monitor - Installs scripts that monitor system logs so their events can be sent by rsyslog to the Devo endpoint. The events collected by this package will be sent to Devo with the box.stat tag.
In order to send events from other log files on the machine to Devo, you should follow the instructions for manually editing the syslog configuration files.
Below we take you step-by-step through the use of both of the packages:
logtrust_system configuration utility
This guides you through the use of the configuration utility that sets up a connection between an Unix-like event source and a Devo endpoint.
- When setting up a connection directly to the Devo Cloud, you must establish the connection using TLS/SSL and client authentication.
- When setting up a connection to a Devo Relay, you do not need to create a secure connection.
Both procedures are described below. To launch this utility, enter this command in the console:
Sending directly to the Devo Cloud
This establishes a secure connection between the event source and the Devo Cloud using TLS/SSL and client authentication.
1. The first step is to enter the sending endpoint which in this case is the Devo Cloud. Enter the endpoint for your region:
|2. Select Yes to establish a secure connection between your Relay and the Devo Cloud.|
3. Enter the API Key for the Devo domain to which you will be forwarding events.
Go to Administration → Credentials in the Devo web application to copy the API Key.
4. Click OK to confirm the certificate files required for client authentication.
Sending to a Devo In-House Relay
This establishes a simple connection between the event source and a Devo In-House Relay. In this case, the connection is not secured since it will exist entirely within the client network.
1. The first step is to enter the sending endpoint which in this case is a Devo Relay. Enter the relay IP address and port 13000 as indicated. For example:
2. Select No to skip the process for applying security to the connection.
The utility closes and forces a restart of rsyslog.
logtrust_monitor configuration utility
This utility simply allows you to enter keywords to support a policy of management by groups.
To launch this utility, enter this command in the console:
|1. Select Yes to enter labels for the event source machine.|
2. Enter labels separated by commas with no spaces between. Select OK when you are done.
The utility closes.