The 4 predefined relay rules
- Juan Tomás Alonso Nieto (Deactivated)
There are four ports reserved for four fixed and predefined relay rules. These ports can only be used to handle the event traffic for which they were designed. They are built-into the relay and are not configurable using the Devo web application.Â
You should not try to set up any custom rules on any of these ports.
Port | Processing rule |
|---|---|
12999 | Receives Netflow records, applies the Use this port exclusively for Netflow records. This only works for Netflow versions up to, but not including, version 9. |
13000 | Receives any events that are already tagged and forwards them to Devo. Use this port to forward events from sources that can tag their events but either don't have internet access or cannot establish a secure channel directly to Devo. You can also use it to send events in CEF syslog format without any tag. Learn more about the technologies supported in this format here. |
13001 | Receives simple syslog events from Unix-like machines, applies the We recommend that you use an unstructured format for syslog events sent to this relay port—i.e., RFC-3164. The Devo configuration packages for *nix are designed to facilitate the sending of events to this port. |
13002 | Receives untagged syslog events from legacy Windows machines (usually via Snare), applies the For more information, check this article. |