Allow for two types of access keys. One that allows for only the adding of collectors. A second key that gets generated when a new collector is added and is usable only for that individual collector for modifying itself, thereby limiting the risk of keys that can modify collectors to just a single collector to key.
Chef the configuration management tool has a similar paradigm. A key to register a host, during which a secondary key is generated for that host alone. In Sumologic's case that second key would be used to allow modifications to that collector's configuration, but none of the other collectors.
Please sign in to leave a comment.