Document toolboxDocument toolbox

Managing the relay on the command line

Owned by Juan Tomás Alonso Nieto (Unlicensed)
Last updated: Mar 25, 2021
2 min read

Here's a reference for commands useful for managing the Devo Relay.

Starting and stopping the relay

/etc/init.d/devo-scoja-relay stop 
/etc/init.d/devo-scoja-relay start 
/etc/init.d/devo-scoja-relay restart

Tuning the relay

[ Scoja heap size ] [ How to avoid UDP data loss ]

Scoja heap size

The Devo relay is based on a Java syslog engine called Scoja.

By default, Scoja is set to start with 70% of the total RAM available in the machine. If you need to change this, the relay administrator can connect to the machine, modify these parameters in the file /etc/init.d/devo-scoja-relay and update the following line:

SCOJA_SERVER_OPTS="-XX:+UseConcMarkSweepGC -XX:MaxRAMPercentage=70.0 -XX:InitialRAMPercentage=70.0" \

In the example above, Scoja will take 70% of the machine memory. These parameters can be modified to specify the maximum and minimum percentages.

Another way of setting the RAM is by using a fixed amount of memory instead of a percentage. For instance, if you want to set 2GB RAM for Scoja, you should update the previous line as follows:

SCOJA_SERVER_OPTS="-XX:+UseConcMarkSweepGC -Xms2G -Xmx2G" \

Take into account that the Process memory size value in the Relay config settings has to be lower than the process heap size defined here. Check Customizing In-House Relay settings to learn how to modify these settings.

How to avoid UDP data loss

UDP loss cannot be completely avoided as it is a non-reliable protocol. Due to this, TCP should be always the preferred way to send data to the relay. If there is no other choice, there are certain parameters that you can change in the OS to improve the situation.

Increase the maximum receive buffer to 500MB

  1. Edit the file /etc/sysctl.conf and add the following files:

    # UDP maximum receive buffer size (500MB)
net.core.rmem_max=500000000

  2. Then, apply the changes using this command:

    # sysctl -p /etc/sysctl.conf

  3. Finally, check that the changes have been applied using the following command:

    # sysctl -n net.core.rmem_max
500000000

Increase the UDP receive buffer sizes to at least 16MB

Edit the relay rules where UDP traffic is going to be sent and increase the UDP receive buffer sizes to at least 16MB. You may need to set bigger buffer sizes in order to not lose events, depending on the number of EPS sent to the relay and the average size of the events.

In a high traffic environment, a buffer size up to 256MB may be necessary.

You can monitor UDP packet loss using the following command:

# netstat -su | grep "receive errors"

Uninstalling the relay

apt-get purge devo-scoja-relay

Useful commands for testing high-availability

Here are a few Linux commands that can be useful when working with the relay or troubleshooting problems with a high-availability configuration.

ActionCommand
View the list of IP addresses assigned to the relay
ip a
Monitor the system logs for Keepalived activity
sudo tail -f /var/log/syslog
View the 100 most recent system events for Keepalived activity
sudo tail -n 100 /var/log/syslog
Restart the Keepalived service
sudo /etc/init.d/keepalived restart
Reboot one relay system to test failover to the other relay
sudo init 6