We've been using Sumo Logic at TrackIf successfully for the last several months and are finding new applications for it all the time.
One of our systems has recorded logs that have gotten a little bit out of hand. Basically, we have had a log file that we have set up for the Sumo Collector to investigate (pretty unconventional, too, since this one is dumped to /tmp rather than /var/log or wherever else). This file tends to get so large on some of our EC2 instances that it completely fills up the space for that machine.
What we did was we used logrotate to swap this file on a 6-hour interval via cron. However, since we deployed this change, we noticed that our collector was not reporting all of the incoming data anymore.
Do you know what the proper way would be for us to configure Sumo to always report on the collected data? Can the Collector itself rotate log files once it's finished uploading to Sumo Logic?
We're still early in our investigation with the issue, but if there were any similar problems that you've seen, maybe their solutions could be applied here as well.
Thanks for your time,
Please sign in to leave a comment.