| Table of Contents | ||||||
|---|---|---|---|---|---|---|
|
This article describes how to manually configure rsyslog to send events to Devo using an encrypted and authenticated channel. This is the recommended procedure when you want to forward events over the internet, directly to the Devo Cloud. The configuration files are just the same as the ones described in Simple sending using rsyslog, but with the addition of some security-related settings.
...
Go to Administration → Credentials → X.509 Certificates in the Devo web application. Download the Certificate, Private key, and Chain CA. Save them all to
/etc/rsyslog.d/.Restrict the access permissions to these files to the syslog user:
Code Block cd /etc/rsyslog.d/ chmod 640 ca.crt user.crt user.key chown :syslog ca.crt user.crt user.key -rw-r----- 1 root syslog 2090 Oct 24 13:02 ca.crt -rw-r----- 1 root syslog 1529 Oct 24 13:18 user.crt -rw-r----- 1 root syslog 1675 Oct 24 13:18 user.key
Create the Devo configuration files
You need to create two files in the /etc/rsyslog.d/ directory. The 00-devo.conf file contains general connection settings. The 49-devo.conf file is responsible for forwarding the events to the Devo Relay.
The 00-devo.conf file
This file contains general connection settings. Create it with the following contents.
...