Sumo logic auth logs

Comments

1 comment

  • Avatar
    Kevin Keech

    You will want to look at enabling the audit index within your account. You can enable this by:

    1.) From the left-hand navigation go to Administration > Security

    2.) Select the Policies tab

    3.) Enable the Sumo Logic Auditing checkbox.

    Once the index is enabled the following query should show you login information. Note, this will only show information for new events moving forward. 

    _index=sumologic_audit AND _sourceCategory=user_activity AND _sourceName=SESSION

    Additional information on this index and what is included can be found in the following help documentation. 

    https://help.sumologic.com/Manage/Security/Enable-and-Manage-the-Audit-Index

    I hope this helps. 

Please sign in to leave a comment.