Sending data to Devo
What data can I send to Devo?
The Devo platform can ingest any kind of data. Some common examples are endpoint data, network data, IT monitoring data, application logs, and so on.
How do I send data to Devo?
Let's start with the two golden rules for sending data correctly to Devo:
Events must always be sent to the Devo Cloud over a secure channel.Â
Events must arrive at the Devo Cloud with an associated tag recognized by Devo.
If an event source is not capable of tagging its events or if it cannot establish a secure outbound channel, then you will likely have to send its events to the Devo Cloud via the Devo Relay.Â
However, in cases where the source is capable of tagging events and sending them securely, you can send them directly to the Devo Cloud.
Direct send to Devo using our Event Load Balancers (ELB)
In order to send data to Devo, you need to send the information to an Event load balancers (ELBs). The ELB will balance the load among the different data nodes in your Devo deployment. Data sources able to properly tag their events can use this method to send their events directly to Devo.
There are two different types of ELBs:
syslog ELB | You can use this ELB to send your events directly to Devo using the syslog protocol. To do it, you have to use TLS client auth using your domain certificate. You can check the ELB endpoint associated with your Devo deployment in Administration → Relays and ELBs → Event load balancers (ELBs). Click the ... icon that appears when you hover over it and select Download the certificate to get the required certificates. You will be taken to the Administration → Credentials → X.509 certificates screen, where you must download the certificate, private key, and chain. Learn more about X.509 certificates in this article. |
---|---|
HTTP ELB | You can send your events to Devo using an HTTP endpoint. To authorize the process, you must generate a token in Devo, and then send the HTTP request to the required endpoint according to your region. Check the available HTTP endpoints and instructions to generate the required token and send the events in this article. |
Forward data to Devo using Devo Relay
Devo Relay is a syslog forwarder that sits within your secure network environment. It can receive events from numerous and varied sources, then forward the events over a secure channel to the Devo Cloud.
The rules that you define on the Relay are designed to recognize inbound events; filter out unwanted events; apply the correct Devo tag; then forward the events securely to your Devo Cloud.
Since some data sources are capable of both tagging events and sending them over a secure channel, the relay is not always necessary. However, it offers additional useful features like the ability to filter out events that you don't need to send to Devo.Â
Learn more about the Devo Relay.
Devo Endpoint Agent 2.0 by Snare
The Snare agents are a set of lightweight collectors that enable you to get data from your endpoints in a very similar way to the current Devo Endpoint Agent. They can be deployed in the endpoints, WEC servers, or even SQL databases.
Collect data from Cloud Sources
Collectors
Devo collectors are pieces of software that extract information from a specific system and send their events into Devo. Collectors can be both installed and managed in your machine, or hosted by Devo.Â
Check the list of most common collectors we have defined and how to work with them in this list.
Cloud Collector
The Cloud Collector application allows customers to see and manage all the collectors installed in their domains in one place.
Learn more about the Cloud Collector
Other data collection methods
Because every deployment is unique with its own policies and preferred data management tools, we do not restrict you to any single way of sending data. As long as the data is sent securely and with the correct Devo tag, you can choose how you prefer to send the data.
We provide some general guidelines for using some popular open-source and 3rd-party log collection tools, like NXlog, Fluentd, and Logstash.
Data sources
Every data source is unique and so are the procedures for setting them up to send events to the Devo endpoint, whether that's the Devo Relay or the Devo Cloud. For the purposes of providing configuration instructions, we can divide the event sources into several groups:
Operating systems including Unix-like systems, Windows, and Mac
Cloud services like Amazon Web Services