Syslog server requirements? Best practices? General Guidance
Hi all,
We're getting started with Sumo Logic and have not stood up a syslog server. This is my first rodeo with setting up a syslog server so I'm looking for some documentation on what needs to be done. I tried searching the docs section but don't see any general guidance documentation (hardware requirements, etc). Does anyone have any information on what I need to get started? I've found a few links out on the internet that I'm researching now.
We're all in AWS so we'd be looking to fire up an EC2 instance in AWS but I'm not sure what size would be good to start with. We have about 5-7 log sources we would be looking to send to this syslog server.
A sample of the log sources we'd like to send:
- Cisco Meraki networking logs (5-7 office locations)
- AWS CloudTrail, VPC Flow logs, other AWS sources
- Antivirus logs
- Physical access system logs
-
Hi Adrian,
We have a few different technical teams that may be able to help you - shoot me an email at Graham@sumologic.com and I can connect you.
Luckily our collector has a syslog source, so simply adding an installed collector to an EC2, then adding a syslog source, will allow you to avoid managing a dedicated syslog server.
Here is some guidance:-
Cisco Meraki networking logs (5-7 office locations)
> see our how-to guide here
-
AWS CloudTrail, VPC Flow logs, other AWS sources
> See AWS CloudTrail integration here, the VPC Flow integration here, and the other AWS integration here
-
Antivirus logs
> I recommend looking into how your antivirus tool exposes logs, and checking whether we have a native integration to collect the data, or you may be able to use our installed syslog source or cloud syslog source
-
Physical access system logs
> same approach as above, first see if/how it exposes logs, then determine if we have an integration, if if you can use an intermediate destination like S3 or a server with our collector to send them to Sumo
Hope this help! -
Cisco Meraki networking logs (5-7 office locations)
Please sign in to leave a comment.
Comments
1 comment