Log file collector to send all log files from all hosts to Sumo Logic

Comments

1 comment

  • Avatar
    Ben Newton

    Sure, David. I think there are two possible ways to do it.

    1) Any local collector can support one or more syslog sources. In other words, you can have one or more ports opened by the collector that are listening for syslog events. Those events are then compressed, encrypted and sent up to the Sumo Logic service.

    https://service.sumologic.com/ui/help/Default.htm#Configuring_a_Syslog_Source.htm

    2) You can also set up your syslog server to forward the events to a syslog source on a Sumo Logic collector. The problem here is that many syslog server extra data to the event before sending it on. Also, you will lose the built-in _sourceHost field, since Sumo Logic doesn't know where the event came from. However, both of these are easily overcome with parsing.

     

    Does that help?

    0
    Comment actions Permalink

Please sign in to leave a comment.