Syslog server requirements? Best practices? General Guidance


1 comment

  • Avatar
    Graham Watts

    Hi Adrian,

    We have a few different technical teams that may be able to help you - shoot me an email at and I can connect you.

    Luckily our collector has a syslog source, so simply adding an installed collector to an EC2, then adding a syslog source, will allow you to avoid managing a dedicated syslog server.

    Here is some guidance:

    1. Cisco Meraki networking logs (5-7 office locations)
      > see our how-to guide here

    2. AWS CloudTrail, VPC Flow logs, other AWS sources
      > See AWS CloudTrail integration here, the VPC Flow integration here, and the other AWS integration here

    3. Antivirus logs
      > I recommend looking into how your antivirus tool exposes logs, and checking whether we have a native integration to collect the data, or you may be able to use our installed syslog source or cloud syslog source

    4. Physical access system logs
      > same approach as above, first see if/how it exposes logs, then determine if we have an integration, if if you can use an intermediate destination like S3 or a server with our collector to send them to Sumo

    Hope this help!

    Comment actions Permalink

Please sign in to leave a comment.