Secure sending using rsyslog (Obsolete legacy format)
- Juan Tomás Alonso Nieto (Deactivated)
This article describes how to manually configure rsyslog to send events to Devo using an encrypted and authenticated channel. This is the recommended procedure when you want to forward events over the internet, directly to the Devo Cloud.
Install rsyslog-gnutls
In order to use SSL/TLS with rsyslog, you need to install the rsyslog-gnutls package.
If you are running Ubuntu 8.2 stable or later, you can skip this step because you will already have this package. Run rsyslogd -version to check what version of Ubuntu you are running.
In DEB environments | In RPM environments |
|---|---|
apt-get install rsyslog-gnutls | yum install rsyslog-gnutls |
Download and save the certificates
Go to Administration → Relays → X.509 Certificates in the Devo web application. Download the Certificate, Private key, and Chain CA. Save them all to /etc/rsyslog.d/.
Restrict the access permissions to these files to the syslog user:
cd /etc/rsyslog.d/; chmod 640 ca.crt user.crt user.key; chown :syslog ca.crt user.crt user.key -rw-r----- 1 root syslog 2090 Oct 24 13:02 ca.crt -rw-r----- 1 root syslog 1529 Oct 24 13:18 user.crt -rw-r----- 1 root syslog 1675 Oct 24 13:18 user.key
Create the 49-devo.conf file
Test the connection
You can make sure that the events are being forwarded to the Relay by using the logger command to write test messages to the system log.
In the Devo web application, go to Data search. Open the box.unix data table to confirm that these logger events were forwarded and received correctly.
File examples
Here are a couple of sample NN-devo.conf files to illustrate the sending of different log files.
System logs
The following configuration file is set to forward all internal system logs over a secure channel to the Devo Cloud.
/etc/rsyslog.d/49-logtrust.conf
Apache web server logs
This is a configuration file set up to forward events from four Apache logs to the Devo Cloud.