Secure sending using rsyslog
This article describes how to manually configure rsyslog to send events to Devo using an encrypted and authenticated channel. This is the recommended procedure when you want to forward events over the internet, directly to the Devo Cloud. The configuration files are just the same as the ones described in Simple sending using rsyslog, but with the addition of some security-related settings.
In order to use SSL/TLS with rsyslog, you need to install the rsyslog-gnutls package.
If you are running Ubuntu 8.2 stable or later, you can skip this step because you will already have this package. Run
rsyslogd -version to check what version of Ubuntu you are running.
|In DEB environments:||In RPM environments:|
Download and save the certificates
Go to Administration → Relays → X.509 Certificates in the Devo web application. Download the Certificate, Private key, and Chain CA. Save them all to
Restrict the access permissions to these files to the syslog user:
The 49-devo.conf file
49-devo.conf file in your
/etc/rsyslog.d/ and add the following lines immediately before the final destination rule in the file.
Again, the added/modified parameters are:
They must be
It must have the same value as
This is the host address for the Devo Cloud for the region you are using. It should be one of:
After creating and saving the new files, restart rsyslog to activate the new configuration:
With the configuration activated, rsyslog should begin to forward events to your Devo Cloud.
Test the connection
You can make sure that the events are being forwarded to the Relay by using the logger command to write testing messages to the system log.
In the Devo web application, go to Data Search. Open the
box.unix data table to confirm that these logger events were forwarded and received correctly.