Scribd
Upload
209 views

Sumo Logic Training - Module 1 - Data Sent To SL PDF

This document provides an overview of data collection and sources in Sumo Logic. It discusses the different types of data that can be collected including machine data, logs, and custom applications. It also describes the various deployment options for collectors including on-premise, remote, and hosted. Finally, it outlines the key fields and configuration details required when defining different types of sources.

Uploaded by

Mallik Bheesetti
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
209 views

Sumo Logic Training - Module 1 - Data Sent To SL PDF

This document provides an overview of data collection and sources in Sumo Logic. It discusses the different types of data that can be collected including machine data, logs, and custom applications. It also describes the various deployment options for collectors including on-premise, remote, and hosted. Finally, it outlines the key fields and configuration details required when defining different types of sources.

Uploaded by

Mallik Bheesetti
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Module

 1:  Iden,fying  data  sent  to  Sumo  Logic  


 
 
 

Sumo  Logic  Confiden,al  


Data  Types  

Business  
Infrastructure   Systems   Applica,on  

•  Virtual   •  Opera,ng   •  Custom  Apps  


Environments   Systems  
•  Web  Server  
•  Networking/   •  Databases  
Security  Devices   •  Open  Source    

•  Middleware  
 
  Opera,onal  
 
011010101010101001010101010100101010101010010101010101010101010111111101010001010101010100101010101010101
Machine  Data  
010010101011111111101010101010010101010010101010100101010100101001010100101001010111111110101010100000011
111110101111111010011111101010111010101001001110001001010010100101001111100010  

2  
Logs  and  the  Enterprise  

Custom  App  Code  

Open  Source  SoOware  

Middleware  

Databases  

Server  /  OS  

Virtualiza,on  

Network  

3   Sumo  Logic  Confiden,al  


Data  Collec,on  Op,ons  

Deployment  Op,ons   Pla0orm  Support   Source  Types  


  •  Windows  32-­‐bit  /64-­‐bit   •  Local  File    
 
•  Linux  32-­‐bit/  64-­‐bit   •  Remote  File  
On-­‐Premise/  
Installed  Collector   •  Mac  OS  10.x   •  SysLog  
  •  Solaris  x86  32-­‐bit/  64-­‐bit   •  Windows  Event  Logs  
•  Generic  Unix  
•  Scripts  

  •  HTTP    
 
Service  Hosted   •  Amazon  S3  Bucket  
Collector  
 

4   Sumo  Logic  Confiden,al  


Data  Collec,on  Methods  –  Local  

Web  Server  

VM   VM  

Local  
Local  File   Script   Logs  
Windows  

Sumo  Logic  Confiden,al  


Data  Collec,on  Methods  –  Remote  

Windows  
Servers   Logs  

Remote  
Windows  

Web  Server  
Farm  
Remote   Collector  
File  

Network   DDevices  
Network  
Network  Devices  
evices   Syslog  Port  

Your  Server  
Sumo  Logic  Confiden,al  
Data  Collec,on  Methods  –  Hosted  

AWS  S3  

S3  Bucket  
Logs  

HTTP  

Heroku  
PaaS  

Sumo  Logic  Confiden,al  


Deployment  Benefits    

Collector  Type   Benefits  


  •  Direct  access  to  source  logs  
Local   •  Ease  of  troubleshoo,ng  

  •  Single/smaller  collector(s)  installa,on  and  


Remote   management    
•  Smaller  footprint  on  sources  

  •  Agentless  
Hosted   •  Build  it  into  your  infrastructure  (S3)  
•  Direct  HTTP  POST  

8   Sumo  Logic  Confiden,al  


Defining  a  Source  

Key  fields  to  define  when  configuring  any  Source  type:  


"  Name  
"  Descrip,on  
"  Historical  data  
"  Source  host  
"  Source  category  
"  File  path  
–  Excluding  syslog  
"  Timestamp  parsing  

9   Sumo  Logic  Confiden,al  


Source  Specific:  Remote  File  
Required  for  remote  collec,on:  
"  Listening  port  
"  Remote  login  creden,als  
–  Username  and  password  
–  Local  SSH  
"  Absolute  file  path  

10   Sumo  Logic  Confiden,al  


 Source  Specific:  Syslog  

Required  for  Syslog  collec,on:  


"  Protocol  
"  Listening  port  

11   Sumo  Logic  Confiden,al  


Source  Specific:  Windows  Event  Collec,on  
Required  for  Windows  Event  Collec,on:  
"  Remote  specific:  
–  Remote  host  name(s)  
–  Windows  Domain  
–  Username  /  password  

"  Windows  Event  Type  


 

12   Sumo  Logic  Confiden,al  


Source  Specific:  Script  
Required  for  script  based  collec,on:  
"  Execu,on  frequency  
"  Command  type  
"  Path  to  script      
"  Script  to  execute  
"  Working  directory  

13   Sumo  Logic  Confiden,al  


Source  Specific:  HTTP  
Required  for  HTTP  Source:  
"  URL  aOer  defining  Source  
"  Define  HTTP  header  
–  Content-­‐encoding:  deflate  
•  Compressed  
–  Content-­‐encoding:  gzip  

14   Sumo  Logic  Confiden,al  


Source  Specific:  Amazon  S3  
Required  for  Amazon  S3:  
"  IAM  
–  Key  ID  
–  Security  Key  
"  Bucket  name  
"  Path  expression  
"  Scan  interval  

15   Sumo  Logic  Confiden,al  


Collector  Status  Page  

16   Sumo  Logic  Confiden,al  


Deploying  to  ####  machines  

"  Silent  installa,on  


"  /etc/sumo.conf  
–  Provide  name,  creden,als  and  JSON  for  source  config  
–  Source  config  upon  ini,al  installa,on  only  
"  Collector  Management  API  
–  Same  JSON  format  
–  On-­‐going  collector/source  manipula,on  
"  AMI/Image-­‐based  
–  Easy  and  simple  but  beware  outdated  installer  

17   Sumo  Logic  Confiden,al  


Access  Keys  

"  Great  for  automated  collector  registra,on  


"  ID/Key  Pair  instead  of  user/pass  
–  Especially  important  when  storing  creden,als  on  disk  
"  Generated  from  a  user  and  has  same  access  
–  Access  for  key  changes  with  changes  to  user’s  privileges    
"  Mul,ple  keys  under  same  user  
–  Handy  way  to  reduce  risk  and  segment  people/machines  
"  Keys  are  not  recoverable  
"  Deac,vate/delete  a  key  at  any  ,me  

18   Sumo  Logic  Confiden,al  

You might also like