Sumo-ECS integration
Do you have any support for ECS? I am tryingt to use sumo File Source Type but I want to better categorize the messages with Image Id and Container Id. I am not sure how to do it. Docker Labels dont work either I am using default JsonLogDriver
Any help is appreciated.
-
Hi Vidhya,
Yes you can ingest ECS events into Sumo Logic using the steps mentioned in below KB article.
Also I have highlighted the same just for your reference.
Collect Metrics for Amazon ECS
- Configure a Hosted Collector.
- Configure an Amazon CloudWatch Source for Metrics.
- Name. Enter a name to display for the new Source.
- Description. Enter an optional description.
- Regions. Select your Amazon Regions for ECS.
- Namespaces. Select AWS/ECS.
- Source Category. Enter ecs_metrics.
- Access Key ID and Secret Access Key. Enter your Amazon Access Key ID and Secret Access Key.
- Scan Interval. Use the default of 5 minutes, or enter the frequency Sumo Logic will scan your CloudWatch Sources for new data.
- Click Save.
Collect ECS Events using CloudTrail
- To your Hosted Collector, add an AWS CloudTrail Source.
- Name. Enter a name to display for the new Source.
- Description. Enter an optional description.
- S3 Region. Select the Amazon Region for your ECS S3 bucket.
- Bucket Name. Enter the exact name of your ECS S3 bucket.
- Path Expression. Enter the string that matches the S3 objects you'd like to collect. You can use a wildcard (*) in this string. (DO NOT use a leading forward slash. See Amazon Path Expressions.) The S3 bucket name is not part of the path. Don’t include the bucket name when you are setting the Path Expression.
- Source Category. Enter ecs_event.
- Access Key ID and Secret Access Key. Enter your Amazon Access Key ID and Secret Access Key.
- Scan Interval. Use the default of 5 The steps to perform the same has been put forth very well in below doc link. Also I have highlighted the same just for your reference.
- https://help.sumologic.com/Send-Data/Data-Types-and-Applications/Amazon-EC2-Container-Service-(ECS)/01-Collect-ECS-Logs-and-Metrics#Collect_ECS_Events_using_CloudTrail
- Collect Metrics for Amazon ECS
- Configure a Hosted Collector.
- Configure an Amazon CloudWatch Source for Metrics.
- Name. Enter a name to display for the new Source.
- Description. Enter an optional description.
- Regions. Select your Amazon Regions for ECS.
- Namespaces. Select AWS/ECS.
- Source Category. Enter ecs_metrics.
- Access Key ID and Secret Access Key. Enter your Amazon Access Key ID and Secret Access Key.
- Scan Interval. Use the default of 5 minutes, or enter the frequency Sumo Logic will scan your CloudWatch Sources for new data.
- Click Save.
- Collect ECS Events using CloudTrail
- To your Hosted Collector, add an AWS CloudTrail Source.
- Name. Enter a name to display for the new Source.
- Description. Enter an optional description.
- S3 Region. Select the Amazon Region for your ECS S3 bucket.
- Bucket Name. Enter the exact name of your ECS S3 bucket.
- Path Expression. Enter the string that matches the S3 objects you'd like to collect. You can use a wildcard (*) in this string. (DO NOT use a leading forward slash. See Amazon Path Expressions.) The S3 bucket name is not part of the path. Don’t include the bucket name when you are setting the Path Expression.
- Source Category. Enter ecs_event.
- Access Key ID and Secret Access Key. Enter your Amazon Access Key ID and Secret Access Key.
- Scan Interval. Use the default of 5 minutes. Alternately, enter the frequency Sumo Logic will scan your S3 bucket for new data.
- Enable Timestamp Parsing. Select the check box.
- Time Zone. Select Ignore time zone from log file and instead use, and select UTC.
- Timestamp Format. Select Automatically detect the format.
- Enable Multiline Processing. Select the check box, and select Infer Boundaries.
- Click Save.
- minutes. Alternately, enter the frequency Sumo Logic will scan your S3 bucket for new data.
- Enable Timestamp Parsing. Select the check box.
- Time Zone. Select Ignore time zone from log file and instead use, and select UTC.
- Timestamp Format. Select Automatically detect the format.
- Enable Multiline Processing. Select the check box, and select Infer Boundaries.
- Click Save.
Hope above provided information helps. Let me know for any further question and I can help you out with that.
Best,
-Rahul
-
Hi Rahul:
Thanks for your response.
#1. As I researched furthur, I found another new docker logging option - https://github.com/SumoLogic/sumologic-docker-logging-driver
Since this seems like a relatively new driver, is there any document in the sumo website about it? I also found that ECS agent supports this as of Sep29th. Can you tell me more about this?
#2. The above option requires a hosted collector. Is there any extra pricing associated with the hosted collector?
Thanks
VidhyaAno
-
Hi Vidhya,
Please find the answers to your follow-up questions as below:
#1. As I researched furthur, I found another new docker logging option - https://github.com/SumoLogic/sumologic-docker-logging-driver
Since this seems like a relatively new driver, is there any document in the sumo website about it? I also found that ECS agent supports this as of Sep29th. Can you tell me more about this?
Answer: Please find the below documentation link that point towards the same GitHub community link for collector docker sources logs and stats.
https://help.sumologic.com/Send-Data/Applications-and-Other-Data-Sources/Docker
#2. The above option requires a hosted collector. Is there any extra pricing associated with the hosted collector?
Answer: This is no extra pricing associated with hosted collector.
-Rahul
Please sign in to leave a comment.
Comments
4 comments