Document toolboxDocument toolbox

Sample code

Owned by Juan Tomás Alonso Nieto (Deactivated)
May 23, 2022
5 min read

There are several tools that can be used to send log files to Devo:

ToolDescriptionAllows tagging?
Devo Python SDK
Get it here.Yes
ncNetcatNo
loggerTool to send events (Unix-like)Yes
Syslog echoTool to send events (Windows)Yes
Windows syslogSeveral Windows tools availableYes
Windows loggerWindows-based loggerYes

Here are some examples:

  • Devo Python SDK

    devo-sender data -a collector-eu.devo.io -p 443 -t <tag> --key <.key file> --cert <.cert file> --chain <chain file> --file <text file to send>

  • nc

    cat accessbcn1.txt | nc 192.168.1.111 13004 (needs a relay rule)

  • logger

    cat fw.log | logger-p 13000 -t firewall.checkpoint.fw

We also provide boilerplate code for sending data to Devo. Here are a few examples:

C Language

C
#include 
#include 
#include "lt_main.h"
#define DEBUG 1

int main(void) {
    lt_ctx *lt_id;
    char relay[] = "collector-eu.devo.io";
    int timeout = 2;
    lt_id = lt_openlog(relay, "443", "ssl",
                        "test.keep.free", "local3", timeout, DEBUG,
                        "certs/client.crt", "certs/client.key",
                        "certs/ca.crt");
    if (lt_id == NULL) {
        fprintf(stderr, "lt_openlog error\n");
        exit(-1);
    }
    lt_syslog(lt_id, "err", "This is a test from C");
    lt_syslog(lt_id, "info", "This is a test from C");
    lt_closelog(lt_id);

    return 0;
}

C# language

This sample code references some namespaces found in LT.Common.dll

csharp
using System;
using System.Security.Cryptography.X509Certificates;
using LT.Common.Formatter;
using LT.Common.Net;
using LT.Common.Utils;

namespace SendEventsSample
{
    class Program
    {
        static void Main(string[] args)
        {
            string ipAddress = "collector-eu.devo.io"; 
            int port = 443;
            string tag = "test.keep.free";
            int facility = 10;
            string message = "Hello World!\r\n";

            try
            {
                MyTcpServer client = new MyTcpServer(ipAddress, port);

                if (client != null)
                {                        
                    client.Certificate = CertificateHelper.GetCertificateFromStore(
                    		"CN=testing, O=LogTrust, L=Madrid, S=Madrid, C=SP", 
                        	StoreName.My, 
                        	StoreLocation.LocalMachine);
                        
                    client.Connect(true);

                    if (!String.IsNullOrEmpty(message))
                    {
                        byte[] formatedStringBuffer = formatedStringBuffer =
                        		LogTrustLogMessageFormater.PrepareSyslogMessage(facility, message, DateTime.Now, tag);
                        
                        client.SendMessage(formatedStringBuffer);
                    }
                    client.Close();
                }
            }
            catch (Exception ex)
            {
                // ....
            }
        }
    }
}

F# language

This sample code references some namespaces found in LT.Common.dll.

fsharp
open System
open LT.Common.Net 
open LT.Common.Utils  
open System.Security.Cryptography.X509Certificates;
open LT.Common.Formatter;

[]
let main argv = 

    let ipAddress = "collector-eu.devo.io"            
    let port = 443
    let tag = "test.keep.free"
    let facility = 10
    let message = "Hello World!\r\n"    

    let client = new MyTcpServer(ipAddress, port)

    client.Certificate

Java

Java
/* Using Scoja syslog client library. * Scoja is a third-party open source logging framework. * See http://sourceforge.net/projects/scoja/ */

import org.scoja.client.Syslogger;
import org.scoja.client.ReusingTCPSyslogger;
 
public class Test {
  static final String HOST = "relay";
  static final int PORT = 514;
 
  public static void main(String args[]) throws Exception {
    Syslogger logger = new ReusingTCPSyslogger(HOST, PORT);
    logger.log("Log Test");
    logger.close();
  }
}

Lua

Lua
require("lt_lua_syslog")

cert = "certs/client.crt"
key = "certs/client.key"
chain = "certs/ca_dev.crt"
relay = "collector-eu.devo.io"

relays = {
  {relay, "1234"},
  {relay, "1234", "udp", "test.keep.free.udp", "local1"},
  {relay, "1234", "tcp", "test.keep.free.tcp", "local2", 1, 1},
  {relay, "443",  "ssl", "test.keep.free.ssl", "local3", 1, 1, cert, key, chain}
}

for i,v in ipairs(relays) do
   local lt_ctx = lt_openlog(unpack(v))
    if lt_ctx == nil then print ("ERROR: Connection estabishment failed") end
    lt_syslog(lt_ctx, "info", "just a simple test message")
    lt_closelog(lt_ctx)
end

Python

Python
from devo.sender import *

SERVER = 'collector-eu.devo.io'
PORT = 443
KEY = 'route/to/keyfile.key'
CERT = 'route/to/certfile.crt'
CHAIN = 'route/to/chain.crt'
TAG = 'test.keep.free'

engine_config = SenderConfigSSL(address=SERVER,
                                port=PORT,
                                key=KEY,
                                cert=CERT,
                                chain=CHAIN)
con = Sender(engine_config)

for aux in range(100):
    con.send(tag=TAG, msg="example line to send")