diff --git a/blog-service/2025-08-01-collection.md b/blog-service/2025-08-01-collection.md new file mode 100644 index 0000000000..ef670d0c34 --- /dev/null +++ b/blog-service/2025-08-01-collection.md @@ -0,0 +1,23 @@ +--- +title: Cloud Syslog Source Certificate Transition to ACM (Collection) +image: https://help.sumologic.com/img/reuse/rss-image.jpg +keywords: + - certificates + - Cloud Syslog Source +hide_table_of_contents: true +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +We're excited to announce that we are transitioning to AWS Certificate Manager (ACM) certificates for Transport Layer Security (TLS) communication between your cloud syslog sources and Sumo Logic. + +Currently, Sumo Logic uses a DigiCert ALB certificate to secure communication with your cloud syslog sources. This certificate is set to expire on October 13, 2025, at which point Sumo Logic will transition to the ACM root certificates. This change provides the following benefits: +* **Automated certificate renewal and deployment**. ACM eliminates the need for future manual renewals, reducing administrative overhead. +* **Simplified infrastructure management for AWS customers**. ACM is deeply integrated into the AWS ecosystem, streamlining your overall infrastructure management. Because Sumo Logic is also on AWS, using ACM provides a seamless experience. + +If you use cloud syslog sources to send data to Sumo Logic, please prepare for this transition by downloading and configuring the ACM certificate on your system. For more information and setup instructions, see: +* [Cloud Syslog Source](/docs/send-data/hosted-collectors/cloud-syslog-source/) +* [rsyslog](/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog) +* [syslog-ng](/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng/) +* [Collect Logs for SentinelOne](/docs/send-data/collect-from-other-data-sources/collect-logs-sentinelone/) +* [Acquia](/docs/integrations/saas-cloud/acquia/#step-2-configure-a-source) diff --git a/docs/integrations/saas-cloud/acquia.md b/docs/integrations/saas-cloud/acquia.md index e3cdec8e23..95338542a2 100644 --- a/docs/integrations/saas-cloud/acquia.md +++ b/docs/integrations/saas-cloud/acquia.md @@ -190,10 +190,20 @@ Be sure to copy and paste your **token** in a secure location. You'll need this **Sumo Logic SSL certificate** -In the procedure below, you'll configure a Cloud Syslog Source. This will generate a Sumo Logic token and the endpoint hostname. Then you'll set up TLS by downloading a cert to your server. Download the DigiCert certificate from one of the following locations: -* [https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt](https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt) -* [https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt.pem](https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt.pem) - +In the procedure below, you'll configure a Cloud Syslog Source. This will generate a Sumo Logic token and the endpoint hostname. Then you'll set up TLS by downloading a cert to your server. + +1. Download the DigiCert and AWS Certificate Manager (ACM) certificates from the following locations: + * https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt + * https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt.pem + * https://www.amazontrust.com/repository/AmazonRootCA1.cer +1. Run the following commands: + * `wget -O digicert_ca.der https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.` + * `openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt` + * `wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer` + * `openssl x509 -inform der -in acm_ca.der -out acm_ca.crt` + * `cat acm_ca.crt digicert_ca.crt > digicert_acm_cas.crt` + * `perl -p -i -e "s/\r//g" digicert_acm_cas.crt` +1. You'll upload the merged cert to the Acquia app when you configure Acquia log forwarding. See [Step 3: Configure logging for Acquia](#step-3-configure-logging-for-acquia). ### Configuring a cloud syslog source diff --git a/docs/send-data/collect-from-other-data-sources/collect-logs-sentinelone.md b/docs/send-data/collect-from-other-data-sources/collect-logs-sentinelone.md index 0888c11e6b..d87d4d3af6 100644 --- a/docs/send-data/collect-from-other-data-sources/collect-logs-sentinelone.md +++ b/docs/send-data/collect-from-other-data-sources/collect-logs-sentinelone.md @@ -28,13 +28,17 @@ To get a token and certificate from Sumo Logic, do the following: 1. Configure a Cloud Syslog [Hosted Collector](/docs/send-data/collector-faq/#configure-limits-for-collector-caching) and [Cloud Syslog Source](/docs/send-data/hosted-collectors/cloud-syslog-source), and generate a Cloud Syslog source token.  -1. Download the crt server certificate file from [here](https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt). +1. Download the server certificate files from https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt and https://www.amazontrust.com/repository/AmazonRootCA1.cer. -1. Go to the location where the cert file is located and open a terminal window. +1. Go to the location where the cert files are located and open a terminal window. -1. Run the following two commands: - * `wget -O digicert_ca.der https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.` - * `openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt` +1. Run the following commands: + * `wget -O digicert_ca.der https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.` + * `openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt` + * `wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer` + * `openssl x509 -inform der -in acm_ca.der -out acm_ca.crt` + * `cat acm_ca.crt digicert_ca.crt > digicert_acm_cas.crt` + * `perl -p -i -e "s/\r//g" digicert_acm_cas.crt` ## Step 2. Configure syslog messages @@ -54,7 +58,7 @@ To configure syslog messages, do the following: 1. Click **SYSLOG**. The SYSLOG dialog appears. 1. Click the toggle to **Enable SYSLOG**. 1. Enter the **Syslog Host URL** and **port** number. -1. Click **Use SSL secure connection**, then click **Server certificate > Upload** and browse to the location of the downloaded crt certificate file. +1. Click **Use SSL secure connection**, then click **Server certificate > Upload** and browse to the location of the merged crt certificate file. 1. Specify the following **Formatting** options: * **Information format**: Select **CEF2** diff --git a/docs/send-data/hosted-collectors/cloud-syslog-source/index.md b/docs/send-data/hosted-collectors/cloud-syslog-source/index.md index 887a21df96..cf038acd60 100644 --- a/docs/send-data/hosted-collectors/cloud-syslog-source/index.md +++ b/docs/send-data/hosted-collectors/cloud-syslog-source/index.md @@ -13,7 +13,7 @@ You can configure a cloud syslog source to allow a syslog client to send [RFC 5 Syslog messages must be compliant with [RFC 5424](https://tools.ietf.org/html/rfc5424) or they are dropped. Messages over 64 KB are truncated. -Sumo manages an elastic scaling set of syslog servers, which scales up and down behind a set of AWS Elastic Load Balancers. The AWS ELB set can also scale up and down. For this reason, instead of IP address-based endpoints, Sumo uses endpoint hostnames in this format: +Sumo Logic manages an elastic scaling set of syslog servers, which scales up and down behind a set of AWS Elastic Load Balancers. The AWS ELB set can also scale up and down. For this reason, instead of IP address-based endpoints, Sumo Logic uses endpoint hostnames in this format: ``` syslog.collection.YOUR_DEPLOYMENT.sumologic.com @@ -25,17 +25,19 @@ where `YOUR_DEPLOYMENT` is `au`, `ca`, `de`, `eu`, `fed`, `jp`, `kr`, `us1`, FIPS 140-2 compliance is not available for Cloud Syslog in the FedRAMP deployment. It is with great emphasis that you must recognize and understand that the responsibility to mitigate information spillage is solely yours. We have no insight into your data or how it is classified. ::: -In the procedure below, you configure a Cloud Syslog Source, this will generate a Sumo Logic token and the endpoint hostname. Then you set up TLS by downloading a cert to your server. Download the **DigiCert** certificate -from one of the following locations: -* [https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt](https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt) -* [https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.pem](https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.pem) +In the procedure below, you configure a Cloud Syslog Source. This will generate a Sumo Logic token and the endpoint hostname. + +Then you set up TLS by downloading a cert to your server (see procedures for [rsyslog](/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog/#setup-tls) and [syslog-ng](/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng/#setup-tls)). Download the DigiCert and AWS Certificate Manager (ACM) certificates from the following locations: +* https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt +* https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.pem +* https://www.amazontrust.com/repository/AmazonRootCA1.cer Sumo Logic supports syslog clients, including syslog-ng and rsyslog. Follow the instructions in the appropriate section below to configure your server to send syslog data. If syslog data does not appear in Sumo Logic, refer to [Troubleshooting](#troubleshooting) below. ## Configure a Cloud Syslog Source -Cloud syslog configuration requires a token that is automatically generated when you configure a cloud syslog source. The token allows Sumo to distinguish your log messages from those of other customers. The token is tied to the source, but not to any specific user.  +Cloud syslog configuration requires a token that is automatically generated when you configure a cloud syslog source. The token allows Sumo Logic to distinguish your log messages from those of other customers. The token is tied to the source, but not to any specific user.  Include the token as the [Structured ID](https://tools.ietf.org/html/rfc5424#section-7) in every syslog message that is sent to Sumo Logic. The token is removed by Sumo Logic during ingestion and is not included with your syslog message in search results. @@ -46,7 +48,7 @@ To configure a cloud syslog source, do the following: 1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**.
[**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic top menu select **Configuration**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**. 1. On the **Collection** page, click **Add Source** next to a Hosted Collector. See [Set up a Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector) for information on adding Hosted Collectors. 1. Select **Cloud Syslog**. -1. Enter a **Name** to display for this source in Sumo. Description is optional. +1. Enter a **Name** to display for this source in Sumo Logic. Description is optional. 1. (Optional) For **Source Host** and **Source Category**, enter any string to tag the output collected from this source. (Category metadata is stored in a searchable field called `_sourceCategory`.) 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. @@ -57,7 +59,7 @@ To configure a cloud syslog source, do the following: * **Enable Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns the UTC time zone; if the rest of your logs are from another time zone your search results will be affected. - * **Timestamp Format**. By default, Sumo will automatically detect the timestamp format of your logs. However, you can manually specify a timestamp format for a source. See [Timestamps, Time Zones, and Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference). + * **Timestamp Format**. By default, Sumo Logic will automatically detect the timestamp format of your logs. However, you can manually specify a timestamp format for a source. See [Timestamps, Time Zones, and Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference). 1. Create any Processing Rules you'd like for the new source. 1. Click **Save**. The token information is displayed in a read-only dialog box, shown below. @@ -69,7 +71,7 @@ To configure a cloud syslog source, do the following: Token: 9HFxoa6+lXBmvSM9koPjGzvTaxXDQvJ4POE/WCURPAo+w4H7PmZm8H3mSEKxPl0Q@41123, Host: syslog.collection.YOUR_DEPLOYMENT.sumologic.com, TCP TLS Port: 6514 ``` - The number `41123` in the token is the Sumo Private Enterprise Number (PEN). There are two options for including the token. You can include it in the structured data field or in the message body.  In the following example, the token is in the structured data field.  + The number `41123` in the token is the Sumo Logic Private Enterprise Number (PEN). There are two options for including the token. You can include it in the structured data field or in the message body.  In the following example, the token is in the structured data field.  ``` <165>1 2015-01-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [YOUR_TOKEN] msg @@ -120,11 +122,11 @@ If syslog messages fail to authenticate to the syslog cloud source—for example ### Troubleshooting -If you encounter problems, follow the instructions below to first verify the Sumo service connection, and then check the client configuration is correct. +If you encounter problems, follow the instructions below to first verify the Sumo Logic service connection, and then check the client configuration is correct. -#### Verify connection with Sumo service +#### Verify connection with Sumo Logic service -To verify that the Sumo service can receive syslog messages, use a networking utility that supports TLS, such as nMap.org's ncat, to check that the syslog port accepts messages.  +To verify that the Sumo Logic service can receive syslog messages, use a networking utility that supports TLS, such as nMap.org's ncat, to check that the syslog port accepts messages.  ``` $ ncat --ssl syslog.collection.YOUR_DEPLOYMENT.sumologic.com PORT @@ -142,7 +144,7 @@ Then, enter a test message, for example: <165>1 2017-10-24T06:00:15.003Z mymachine.example.com evntslog - ID47 - YOUR_TOKEN This is a message ``` -where `YOUR_TOKEN` is the token that Sumo generated when you created the Cloud Syslog Source above. +where `YOUR_TOKEN` is the token that Sumo Logic generated when you created the Cloud Syslog Source above. #### Verify client configuration diff --git a/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog.md b/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog.md index a6e1268ac3..59a9ed43c9 100644 --- a/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog.md +++ b/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog.md @@ -12,25 +12,30 @@ Sumo Logic supports syslog clients such as rsyslog. This document has instructi Set up Transport Layer Security (TLS). -Download the **DigiCert** certificate from https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt. +Download DigiCert and AWS Certificate Manager (ACM) certificates from https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt and +https://www.amazontrust.com/repository/AmazonRootCA1.cer. ### rsyslog -To set up your **DigiCert** certificate follow these steps: +For rsyslog, concatenate the ACM root CA with the DigiCert certificate. + +To set up your DigiCert and AWS Certificate Manager (ACM) certificate, follow these steps: ```bash $ cd /etc/rsyslog.d/keys/ca.d $ wget -O digicert_ca.der https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt $ openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt +$ wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer +$ openssl x509 -inform der -in acm_ca.der -out acm_ca.crt +$ cat acm_ca.crt digicert_ca.crt > digicert_acm_cas.crt +$ perl -p -i -e "s/\r//g" digicert_acm_cas.crt ``` ### Send data to a Cloud Syslog Source with rsyslog This section shows how to configure a syslog client using rsyslog that will send the syslog message to be received by the Sumo Logic Cloud syslog service. If you are new to rsyslog, follow the [rsyslog documentation](http://www.rsyslog.com/doc/v8-stable/installation/index.html) to install. -After rsyslog is installed, edit the configuration file to start sending -logs to Sumo. The configuration file is located at`/etc/rsyslog.conf` by -default.  +After rsyslog is installed, edit the configuration file to start sending logs to Sumo Logic. The configuration file is located at `/etc/rsyslog.conf` by default. **For rsyslog v7 and earlier** @@ -44,7 +49,7 @@ $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is down # RsyslogGnuTLS -$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/digicert_ca.crt +$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/digicert_acm_cas.crt $ActionSendStreamDriver gtls $ActionSendStreamDriverMode 1 $ActionSendStreamDriverAuthMode x509/name @@ -55,7 +60,9 @@ template(name="SumoFormat" type="string" string="<%pri%>%protocol-version% %time *.* action(type="omfwd" protocol="tcp" target="syslog.collection.YOUR_DEPLOYMENT.sumologic.com" port="6514" template="SumoFormat") ``` -In the template statement, be sure to replace `YOUR_TOKEN` with your actual token, and `YOUR_DEPLOYMENT` with your deployment. Properties in the string begin and end with '%'. All other texts and white space are treated literally. For more information about rsyslog configuration, see the [rsyslog template documentation](http://www.rsyslog.com/doc/v7-stable/configuration/templates.html) or the [rsyslog omfwd documentation](http://www.rsyslog.com/doc/v7-stable/configuration/modules/omfwd.html). +In the template statement, be sure to replace `YOUR_TOKEN` with your actual token, and `YOUR_DEPLOYMENT` with your deployment. Properties in the string begin and end with `%`. All other texts and white space are treated literally. For more information about rsyslog configuration, see the [rsyslog template documentation](https://www.rsyslog.com/doc/configuration/templates.html) or the [rsyslog omfwd documentation](https://www.rsyslog.com/doc/configuration/modules/omfwd.html). + +In the template statement, be sure to replace YOUR_TOKEN with your actual token, and YOUR_DEPLOYMENT with your deployment. Properties in the string begin and end with `%`. All other texts and white space are treated literally. For more information about rsyslog configuration, see the rsyslog template documentation or the rsyslog omfwd documentation. **For rsyslog v8 and later** @@ -69,19 +76,19 @@ $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is down # RsyslogGnuTLS -$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/digicert_ca.crt +$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/digicert_acm_cas.crt template(name="SumoFormat" type="string" string="<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [YOUR_TOKEN] %msg%\n") action(type="omfwd" - protocol="tcp" - target="syslog.collection.YOUR_DEPLOYMENT.sumologic.com" - port="6514" - template="SumoFormat" - StreamDriver="gtls" - StreamDriverMode="1" - StreamDriverAuthMode="x509/name" - StreamDriverPermittedPeers="syslog.collection.*.sumologic.com") + protocol="tcp" + target="syslog.collection.YOUR_DEPLOYMENT.sumologic.com" + port="6514" + template="SumoFormat" + StreamDriver="gtls" + StreamDriverMode="1" + StreamDriverAuthMode="x509/name" + StreamDriverPermittedPeers="syslog.collection.*.sumologic.com") ``` -In the template statement, be sure to replace `YOUR_TOKEN` with your actual token, and `YOUR_DEPLOYMENT` with your deployment. Properties in the string begin and end with '%'. All other texts and white space are treated literally. For more information about rsyslog configuration, see the [rsyslog template documentation](http://www.rsyslog.com/doc/master/configuration/templates.html) or the [rsyslog omfwd documentation](http://www.rsyslog.com/doc/master/configuration/modules/omfwd.html). +In the template statement, be sure to replace `YOUR_TOKEN` with your actual token, and `YOUR_DEPLOYMENT` with your deployment. Properties in the string begin and end with `%`. All other texts and white space are treated literally. For more information about rsyslog configuration, see the [rsyslog template documentation](https://www.rsyslog.com/doc/configuration/templates.html) or the [rsyslog omfwd documentation](https://www.rsyslog.com/doc/configuration/modules/omfwd.html). diff --git a/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng.md b/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng.md index 18f85224b9..54da93818d 100644 --- a/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng.md +++ b/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng.md @@ -10,36 +10,39 @@ Sumo Logic supports syslog clients such as syslog-ng. This document has instruc ## Set up TLS -Set up Transport Layer Security (TLS). +Set up Transport Layer Security (TLS). -Download the **DigiCert** certificate from https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt. +Download the DigiCert and AWS Certificate Manager (ACM) certificates from https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt and +https://www.amazontrust.com/repository/AmazonRootCA1.cer. ### syslog-ng -For **syslog-ng** place the certificate in the configuration directory and the syslog-ng client will pick up the certificate working from that directory. To set up your **DigiCert** certificate follow these steps: - -Check if you have the directory `/etc/syslog-ng/ca.d` - -If you don’t, create it with this command: - -```bash -$ sudo mkdir -pv /etc/syslog-ng/ca.d -``` - -Then run: - -```bash -$ cd /etc/syslog-ng/ca.d -$ sudo wget -O digicert_ca.der https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt -$ sudo openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt -$ sudo ln -s digicert_ca.crt `openssl x509 -noout -hash -in digicert_ca.crt`.0 -``` +For syslog-ng, place both certificates in the configuration directory, allowing the syslog-ng client to automatically select the appropriate certificate. + +To set up your DigiCert and AWS Certificate Manager (AWS) certificates, follow these steps: + +1. Check if you have the directory `/etc/syslog-ng/ca.d`. +1. If you don’t, create it with this command: + ```bash + $ sudo mkdir -pv /etc/syslog-ng/ca.d + ``` +1. Then run: + ```bash + $ cd /etc/syslog-ng/ca.d + $ sudo wget -O digicert_ca.der https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt + $ sudo openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt + $ sudo ln -s digicert_ca.crt `openssl x509 -noout -hash -in digicert_ca.crt`.0 + $ wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer + $ openssl x509 -inform der -in acm_ca.der -out acm_ca.crt + $ ln -s acm_ca.crt `openssl x509 -noout -hash -in acm_ca.crt`.0 + $ sudo /etc/init.d/syslog-ng restart + ``` ### Send data to a Cloud Syslog Source with syslog-ng If you are new to syslog-ng, follow this [link to install syslog-ng](/docs/send-data/hosted-collectors/cloud-syslog-source/install-syslog-ng).  -This section shows how to configure a syslog client using syslog-ng that will send the syslog message to be received by the Sumo cloud syslog service. You must specify a template, a destination, and a source. +This section shows how to configure a syslog client using syslog-ng that will send the syslog message to be received by the Sumo Logic cloud syslog service. You must specify a template, a destination, and a source. Edit the syslog-ng config file: @@ -47,7 +50,7 @@ Edit the syslog-ng config file: $ sudo vim /etc/syslog-ng/syslog-ng.conf ``` -Define a template with the correct format for Sumo. Messages must be in this format to be accepted, and the ordering of the $ fields must be as shown. +Define a template with the correct format for Sumo Logic. Messages must be in this format to be accepted, and the ordering of the $ fields must be as shown. ```bash template t_sumo_syslog { @@ -57,7 +60,7 @@ template t_sumo_syslog { Replace the sample token, `E5kTyaEcth45/DU81M236oU4vM8j1ZaqTpWgjXB6lod7cFTeq09zzMn5ErmM0O/3@41123,` with your token. -Define a destination to use the Sumo endpoint. The following TCP destination option example specifies the endpoint (`syslog.collection.YOUR_DEPLOYMENT.sumologic.com`) and TCP TLS port 651. It also includes the ca-dir for your CA certificate. Finally, it specifies that only trusted certificates will be accepted for connectivity to the remote endpoint. +Define a destination to use the Sumo Logic endpoint. The following TCP destination option example specifies the endpoint (`syslog.collection.YOUR_DEPLOYMENT.sumologic.com`) and TCP TLS port 651. It also includes the ca-dir for your CA certificate. Finally, it specifies that only trusted certificates will be accepted for connectivity to the remote endpoint. ```bash destination d_sumo_tls { @@ -90,7 +93,7 @@ destination d_sumo_tls { }; ``` -Specify which logs will be sent to the Sumo destination. This example specifies an existing syslog-ng source (`s_sys`), applies a syslog-ng filter (`f_default`), and specifies the use of the Sumo Logic endpoint (`d_sumo_tls`). +Specify which logs will be sent to the Sumo Logic destination. This example specifies an existing syslog-ng source (`s_sys`), applies a syslog-ng filter (`f_default`), and specifies the use of the Sumo Logic endpoint (`d_sumo_tls`). ```bash log {