Relay input configuration
Go to Administration → Rules to see the list of all the relays set in your domain. To access the configuration options of one of your relays, click its name on the list.
You'll be taken to the Relay Input (Rules) tab. Here you can check the rules assigned to your relay, as well as define new ones. Also, you can set some additional options
A relay rule evaluates an inbound event by the port it was received on and any other source criteria defined in the rule. When the criteria are met, the rule dictates how the event should be processed.
To handle a few standard inbound event types, all relays have four predefined rules that are assigned to fixed ports - these ports cannot be used for any custom rules.
For all event processing not covered by the default rules, you will create custom rules. Custom relay rules are primarily designed to perform two types of processing: applying Devo tags or filtering out data that you don't want to save in Devo. Read more about custom rules in Defining a relay rule and 5 common relay rule scenarios.
Since a single relay can have multiple rules, it's important to consider the order in which they should be applied, especially the rules that are defined on the same source port. The run order is determined by the order the rules appear in this list, starting from the top. To reorder a rule, just select and drag the rule to its new position.
Golden rules for relay rules
- Respect the default ports. Ports 12999, 13000, 13001, and 13002 are reserved for very specific types of events and processing. They cannot be used for custom rules. More information.
- One event source per port. Otherwise, things have the potential to get very messy.
- Filtering rules first. When you have multiple rules for events arriving on the same port, be sure that the filtering rules - those designed to identify and drop specific events - come first.
- Stop processing after every filter. If you don't, the event will move on to the next rule and might end up being forwarded to the Devo repository.
- Check the Local syslog logs forwarding option to send local syslog configuration logs to Devo in order to monitor your OS logs. The events collected will be available in the
box.unixtable of your Devo domain. You can also activate or deactivate this option in the Devo Relay CLI.
- Check the Force generate new certificate option to download a new relay certificate. The option will be unchecked again after you apply the changes.
Remember to click the Apply configuration button to save any modification applied.
- Using regex in relay rules
- Defining a relay rule
- The 4 predefined relay rules
- 5 common relay rule scenarios