Syslog server requirements? Best practices? General Guidance

Follow
Avatar
Adrian Martin

Hi all,

We're getting started with Sumo Logic and have not stood up a syslog server. This is my first rodeo with setting up a syslog server so I'm looking for some documentation on what needs to be done. I tried searching the docs section but don't see any general guidance documentation (hardware requirements, etc). Does anyone have any information on what I need to get started? I've found a few links out on the internet that I'm researching now.

We're all in AWS so we'd be looking to fire up an EC2 instance in AWS but I'm not sure what size would be good to start with. We have about 5-7 log sources we would be looking to send to this syslog server.

A sample of the log sources we'd like to send:

  1. Cisco Meraki networking logs (5-7 office locations)
  2. AWS CloudTrail, VPC Flow logs, other AWS sources
  3. Antivirus logs
  4. Physical access system logs
0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Graham Watts

    Hi Adrian,

    We have a few different technical teams that may be able to help you - shoot me an email at Graham@sumologic.com and I can connect you.

    Luckily our collector has a syslog source, so simply adding an installed collector to an EC2, then adding a syslog source, will allow you to avoid managing a dedicated syslog server.

    Here is some guidance:

    1. Cisco Meraki networking logs (5-7 office locations)
      > see our how-to guide here

    2. AWS CloudTrail, VPC Flow logs, other AWS sources
      > See AWS CloudTrail integration here, the VPC Flow integration here, and the other AWS integration here

    3. Antivirus logs
      > I recommend looking into how your antivirus tool exposes logs, and checking whether we have a native integration to collect the data, or you may be able to use our installed syslog source or cloud syslog source

    4. Physical access system logs
      > same approach as above, first see if/how it exposes logs, then determine if we have an integration, if if you can use an intermediate destination like S3 or a server with our collector to send them to Sumo


    Hope this help!


    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post