Metrics & Logs support for IoT – Bringing Secure Monitoring and Logging to the Edge

Simple uptime monitoring for Internet-of-Things (IoT) is well-known and requires knowing if the devices are up and running. Having additional long-term performance data, secure (tamper-proof) logging at your Edge devices is only a tiny step when using Metrics & Logs. With our support for device, infrastructure, and application metrics as well as Syslog data, you can monitor and secure the full stack of your IoT devices.

Think about the following features:

  • Integration for Windows, Linux or other distributions
  • very small footprint
  • collect OS metrics
  • collect application metrics (Webservice, MQTT Message Queuing Telemetry Transport and more)
  • send log data via Syslog to a tamperproof log service
  • flexible data retention
  • powerful dashboards to monitor, troubleshoot or do capacity planning and forecasting

The following blog post explains a setup using Raspberry Pi devices and Metrics & Logs in the main or a satellite datacenter

Install telegraf agent

You can download the telegraf agent in the Metrics & Logs Admin Page under Infrastructure -> Linux -> Package

and then install the package using sudo dpkg -i telegraf*.deb when using Raspian.

Integrate the Metrics & Logs configuration

The telegraf.conf that comes with the package is not optimal for IoT devices, therefore also download the configuration file that can be found next to the Package on the Admin Page. The telegraf.conf also includes the target configuration, where to send the data to.

Copy the file to /etc/telegraf/telegraf.conf and add some more entries at the end of the file:

Get temperature data

[[inputs.file]]
  files = ["/sys/class/thermal/thermal_zone0/temp"]
  name_override = "cpu_temperature"
  data_format = "value"
  data_type = "integer"

[[inputs.exec]]
  commands = ["/opt/vc/bin/vcgencmd measure_temp"]
  name_override = "gpu_temperature"
  data_format = "grok"
  grok_patterns = ["%{NUMBER:value:float}"]

Make sure to either restart the system or the telegraf service after you made changes to the configuration:

sudo service telegraf restart

Monitoring the data

Moments after restarting the telegraf agent with the correct configuration you see data flowing into Metrics & Logs and you can find 3 different dashboards that can be used to monitor the IoT device performance.

Linux General Dashboard – a dashboard not specifically made for IoT devices, but can be used for capturing most Linux system metrics.

IoT device centric dashboard – optimized for Raspberry Pi and others:

Last but not least the overview dashboard where you can easily track many IoT devices in one place:

Capture Log files tamperproof

Metrics & Logs supports many different log forwarders, but the most commonly used one is rsyslog. Therefore this blog post is focused on configuration rsyslog forwarding.

Edit the rsyslog configuration file /etc/rsyslog.conf and add the following line at the top of the config:

# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html
*.* @@168.119.133.52:30514

then restart and check the service:

sudo service rsyslog restart
sudo service rsyslog status

In case you want to test if logs are being forwarded, simply use the logger command:

logger -p daemon.emerg "Testing Metrics & Logs rsyslog forwarding!"

Now you should at least see the test message in your Log analytics dashboard:

Summary

That post covered all steps required to start sending performance and log data from your IoT devices to the Metrics & Logs service, which can be deployed in any virtual infrastructure. The configuration and the dashboards can be customized and easily enhanced to display much more data including applications like web services, file services, or database services.

You can get started for free with a 30-day trial:

CNIL Metrics & Logs

Self-Hosted performance monitoring and compliant log analysis for VMware vSphere, container and much more.

immudb

Built on the fastest immutable ledger technology. Open Source and easy to use and integrate into existing application.

Codenotary Cloud

Trusted CI/CD, SBOM and artifact
protection with cryptographic proof.
One CLI to manage all.

Subscribe to Our Newsletter

Get the latest product updates, company news, and special offers delivered right to your inbox.

Subscribe to our newsletter

Use Case - Tamper-resistant Clinical Trials

Goal:

Blockchain PoCs were unsuccessful due to complexity and lack of developers.

Still the goal of data immutability as well as client verification is a crucial. Furthermore, the system needs to be easy to use and operate (allowing backup, maintenance windows aso.).

Implementation:

immudb is running in different datacenters across the globe. All clinical trial information is stored in immudb either as transactions or the pdf documents as a whole.

Having that single source of truth with versioned, timestamped, and cryptographically verifiable records, enables a whole new way of transparency and trust.

Use Case - Finance

Goal:

Store the source data, the decision and the rule base for financial support from governments timestamped, verifiable.

A very important functionality is the ability to compare the historic decision (based on the past rulebase) with the rulebase at a different date. Fully cryptographic verifiable Time Travel queries are required to be able to achieve that comparison.

Implementation:

While the source data, rulebase and the documented decision are stored in verifiable Blobs in immudb, the transaction is stored using the relational layer of immudb.

That allows the use of immudb’s time travel capabilities to retrieve verified historic data and recalculate with the most recent rulebase.

Use Case - eCommerce and NFT marketplace

Goal:

No matter if it’s an eCommerce platform or NFT marketplace, the goals are similar:

  • High amount of transactions (potentially millions a second)
  • Ability to read and write multiple records within one transaction
  • prevent overwrite or updates on transactions
  • comply with regulations (PCI, GDPR, …)


Implementation:

immudb is typically scaled out using Hyperscaler (i. e. AWS, Google Cloud, Microsoft Azure) distributed across the Globe. Auditors are also distributed to track the verification proof over time. Additionally, the shop or marketplace applications store immudb cryptographic state information. That high level of integrity and tamper-evidence while maintaining a very high transaction speed is key for companies to chose immudb.

Use Case - IoT Sensor Data

Goal:

IoT sensor data received by devices collecting environment data needs to be stored locally in a cryptographically verifiable manner until the data is transferred to a central datacenter. The data integrity needs to be verifiable at any given point in time and while in transit.

Implementation:

immudb runs embedded on the IoT device itself and is consistently audited by external probes. The data transfer to audit is minimal and works even with minimum bandwidth and unreliable connections.

Whenever the IoT devices are connected to a high bandwidth, the data transfer happens to a data center (large immudb deployment) and the source and destination date integrity is fully verified.

Use Case - DevOps Evidence

Goal:

CI/CD and application build logs need to be stored auditable and tamper-evident.
A very high Performance is required as the system should not slow down any build process.
Scalability is key as billions of artifacts are expected within the next years.
Next to a possibility of integrity validation, data needs to be retrievable by pipeline job id or digital asset checksum.

Implementation:

As part of the CI/CD audit functionality, data is stored within immudb using the Key/Value functionality. Key is either the CI/CD job id (i. e. Jenkins or GitLab) or the checksum of the resulting build or container image.

White Paper — Registration

We will also send you the research paper
via email.

CodeNotary — Webinar

White Paper — Registration

Please let us know where we can send the whitepaper on CodeNotary Trusted Software Supply Chain. 

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.