Document toolboxDocument toolbox

Installing Devo packages for *nix

Introduction

Devo provides two packages to help you monitor and send system log events via rsyslog to a Devo endpoint:

  • devo-system - Sets up rsyslog configuration files that monitor the OS logs and establish a connection with a Devo endpoint. The events collected by this package will be available in the box.unix table of your Devo domain.

  • devo-monitor - Installs scripts that monitor machine status (CPU, memory, IO traffic) so their values can be sent by devo-system to the Devo endpoint. The events collected by this package will be available in the box.stat.unix.* tables of your Devo domain.

Below we take you step-by-step through the use of both packages.

Getting started

Before installing the utilities, you must add the Devo repository to the system repository list and update it following these steps:

  1. Create a file called devo.list in the /etc/apt/sources.list.d/ directory using the following commands:

    wget -qO - http://packages.devo.com/PublicKey | sudo apt-key add - echo "deb http://packages.devo.com/ bionic devo" | sudo tee /etc/apt/sources.list.d/devo.list
  2. Then, update the APT local database using this command:

    sudo apt-get update

 

  1. Create the devo.repo file in /etc/yum.repos.d/ with the following contents:

    [devo] baseurl = http://packages.devo.com/rpms gpgcheck = 1 gpgkey = http://packages.devo.com/PublicKey name = Devo Inc. packages
  2. Then, update the repository list:

Note that you must disable SELinux before installing the packages; otherwise, they won't work. Learn more about SELinux here.

Install devo-system

This guides you through the installation of the configuration utility devo-system, which sets up a connection between a Unix-like event source and a Devo endpoint.

  • When setting up a connection directly to the Devo cloud, the communication uses a secure connection (TLS/SSL and client authentication).

  • When setting up a connection to a Devo relay, you don't need to create a secure connection, the Devo relay must be running in the local host or an intranet. The Devo relay uses a secure connection to send the data.

  1. Install the package using the following command:

    Ubuntu18 / Ubuntu20

    Red Hat 7 / CentOS 7

    Red Hat 8 / CentOS 8

     

  2. If the configuration utility is not launched automatically, run it using this command:

     

  3. In the window that appears, select the required Devo endpoint. Depending on the option selected, you will go through different configuration steps:

Method

Option selected

Description

Method

Option selected

Description

Sending directly to the default Devo cloud for your region

Devo Europe / Devo United States

Use this option if you have a Devo domain in a multitenant Devo cloud (currently, Devo AWS US or Devo AWS EU).

Sending to a Devo relay in the localhost

Devo Relay (localhost)

Use this option if you are installing the package in a Devo relay machine.

Sending to a Devo relay in another machine

other

This is the recommended option. Use this method for all your regular *nix boxes. They will send data to a Devo relay and the Devo relay will forward the data to Devo.

Sending directly to another secure endpoint

other

Use this option if you are sending data to a private cloud or in an on-prem deployment.

Sending directly to the default Devo cloud for your region

This establishes a secure connection between the event source and the selected Devo cloud using TLS/SSL and client authentication.

First, select the required Devo cloud (Devo Europe or Devo United States) and select OK.

Then, enter the API key for the Devo domain to which you will be forwarding events. Go to Administration → Credentials in the Devo web application to copy your API key. Select OK to move to the next step.

Enter the API secret for the Devo domain to which you will be forwarding events. You can also get it going to Administration → Credentials in the Devo web application. Then, select OK.

Click OK to confirm the certificate files required for client authentication.

The tool restarts rsyslog and the process finishes.



Sending to a Devo relay in the localhost

This establishes a simple connection between the event source and a Devo relay installed in the same machine. Most of the configuration is indicated when the relay is installed, so it is a straightforward process.

Select Devo Relay (localhost) in the first window and click OK.

The tool restarts rsyslog and the process finishes.



Sending to a Devo relay in another machine

This is the recommended connection option, which establishes a TCP connection to a relay in a different machine. Use this connection for all your regular *nix boxes.

Select other in the first window and click OK.

In the next window, enter the required relay endpoint and specify the port 13000 as in the example capture. Select OK to move to the next step.

Select No to indicate that you're using a Devo relay in a different machine (in this case, SSL is not needed; the connection method used is TCP).

The tool restarts rsyslog and the process finishes.



Sending directly to another secure endpoint

This establishes a secure connection between the event source and another endpoint not on the menu.

Select other in the first window and click OK.

In the next window, enter the required sending endpoint or the address of the intranet machine running the relay. Do not enter http or https



Select Yes to indicate that you are using a secure endpoint.

Enter the API key for the Devo domain to which you will be forwarding events. Go to Administration → Credentials in the Devo web application to copy your API key. Select OK to move to the next step.

Enter the API secret for the Devo domain to which you will be forwarding events. You can also get it going to Administration → Credentials in the Devo web application. Then, select OK.

Click OK to confirm the certificate files required for client authentication.

The tool restarts rsyslog and the process finishes.



Install devo-monitor

  1. Install the package using the following command:

    Ubuntu

    CentOS / Red Hat

     

  2. Then, launch the configuration utility using this command:

     

  3. In the window that appears, click Yes if you want to add tags to your machine. These tags will be used to categorize your machine in the System Monitoring app. Otherwise, click No.

After this step, the devo-monitor utility will be installed.

Reconfigure the utilities

If you need to relaunch any of these configuration utilities at any time after installation, use the corresponding command:

Uninstall the utilities

Use the following commands to remove the utilities from your machine:

Ubuntu

CentOS 7 / Red Hat 7

CentOS 8 / Red Hat 8