SumoLogic · jpipkin1 · Aug 1, 2025 · Jul 28, 2025 · Jul 28, 2025 · Jul 28, 2025
@@ -0,0 +1,23 @@
+---
+title: Cloud Syslog Source Certificate Transition to ACM (Collection)
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - certificates
+  - Cloud Syslog Source
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to announce that we are transitioning to AWS Certificate Manager (ACM) certificates for Transport Layer Security (TLS) communication between your cloud syslog sources and Sumo Logic.
+
+Currently, Sumo Logic uses a DigiCert ALB certificate to secure communication with your cloud syslog sources. This certificate is set to expire on October 13, 2025, at which point Sumo Logic will transition to the ACM root certificates. This change provides the following benefits:
+* **Automated certificate renewal and deployment**. ACM eliminates the need for future manual renewals, reducing administrative overhead.
+* **Simplified infrastructure management for AWS customers**. ACM is deeply integrated into the AWS ecosystem, streamlining your overall infrastructure management. Because Sumo Logic is also on AWS, using ACM provides a seamless experience.
+
+If you use cloud syslog sources to send data to Sumo Logic, please prepare for this transition by downloading and configuring the ACM certificate on your system. For more information and setup instructions, see:
+* [Cloud Syslog Source](/docs/send-data/hosted-collectors/cloud-syslog-source/)
+* [rsyslog](/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog)
+* [syslog-ng](/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng/)
+* [Collect Logs for SentinelOne](/docs/send-data/collect-from-other-data-sources/collect-logs-sentinelone/)
+* [Acquia](/docs/integrations/saas-cloud/acquia/#step-2-configure-a-source)
@@ -190,10 +190,20 @@ Be sure to copy and paste your **token** in a secure location. You'll need this
 
 **Sumo Logic SSL certificate**
 
-In the procedure below, you'll configure a Cloud Syslog Source. This will generate a Sumo Logic token and the endpoint hostname. Then you'll set up TLS by downloading a cert to your server. Download the DigiCert certificate from one of the following locations:
-* [https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt](https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt)
-* [https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt.pem](https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt.pem)
-
+In the procedure below, you'll configure a Cloud Syslog Source. This will generate a Sumo Logic token and the endpoint hostname. Then you'll set up TLS by downloading a cert to your server. 
+
+1. Download the DigiCert and AWS Certificate Manager (ACM) certificates from the following locations:
+   * https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt
+   * https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt.pem
+   * https://www.amazontrust.com/repository/AmazonRootCA1.cer
+1. Run the following commands:
+   * `wget -O digicert_ca.der https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.`
+   * `openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt`
+   * `wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer`
+   * `openssl x509 -inform der -in acm_ca.der -out acm_ca.crt`
+   * `cat acm_ca.crt digicert_ca.crt > digicert_acm_cas.crt`
+   * `perl -p -i -e "s/\r//g" digicert_acm_cas.crt`
+1. You'll upload the merged cert to the Acquia app when you configure Acquia log forwarding. See [Step 3: Configure logging for Acquia](#step-3-configure-logging-for-acquia).
 
 ### Configuring a cloud syslog source
 

@@ -28,13 +28,17 @@ To get a token and certificate from Sumo Logic, do the following:
 
 1. Configure a Cloud Syslog [Hosted Collector](/docs/send-data/collector-faq/#configure-limits-for-collector-caching) and [Cloud Syslog Source](/docs/send-data/hosted-collectors/cloud-syslog-source), and generate a Cloud Syslog source token. 
 
-1. Download the crt server certificate file from [here](https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt).
+1. Download the server certificate files from https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt and https://www.amazontrust.com/repository/AmazonRootCA1.cer.
 
-1. Go to the location where the cert file is located and open a terminal window.
+1. Go to the location where the cert files are located and open a terminal window.
 
-1. Run the following two commands:
-  * `wget -O digicert_ca.der https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.`
-  * `openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt`
+1. Run the following commands:
+   * `wget -O digicert_ca.der https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.`
+   * `openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt`
+   * `wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer`
+   * `openssl x509 -inform der -in acm_ca.der -out acm_ca.crt`
+   * `cat acm_ca.crt digicert_ca.crt > digicert_acm_cas.crt`
+   * `perl -p -i -e "s/\r//g" digicert_acm_cas.crt`
 
 ## Step 2. Configure syslog messages
 
@@ -54,7 +58,7 @@ To configure syslog messages, do the following:
 1. Click **SYSLOG**. The SYSLOG dialog appears.
 1. Click the toggle to **Enable SYSLOG**.
 1. Enter the **Syslog Host URL** and **port** number.
-1. Click **Use SSL secure connection**, then click **Server certificate > Upload** and browse to the location of the downloaded crt certificate file.
+1. Click **Use SSL secure connection**, then click **Server certificate > Upload** and browse to the location of the merged crt certificate file.
 1. Specify the following **Formatting** options:
 
    * **Information format**: Select **CEF2**

@@ -13,7 +13,7 @@ You can configure a cloud syslog source to allow a syslog client to send [RFC 5
 
 Syslog messages must be compliant with [RFC 5424](https://tools.ietf.org/html/rfc5424) or they are dropped. Messages over 64 KB are truncated.
 
-Sumo manages an elastic scaling set of syslog servers, which scales up and down behind a set of AWS Elastic Load Balancers. The AWS ELB set can also scale up and down. For this reason, instead of IP address-based endpoints, Sumo uses endpoint hostnames in this format:
+Sumo Logic manages an elastic scaling set of syslog servers, which scales up and down behind a set of AWS Elastic Load Balancers. The AWS ELB set can also scale up and down. For this reason, instead of IP address-based endpoints, Sumo Logic uses endpoint hostnames in this format:
 
 ```
 syslog.collection.YOUR_DEPLOYMENT.sumologic.com
@@ -25,17 +25,19 @@ where `YOUR_DEPLOYMENT` is `au`, `ca`, `de`, `eu`, `fed`, `jp`, `kr`, `us1`,
 FIPS 140-2 compliance is not available for Cloud Syslog in the FedRAMP deployment. It is with great emphasis that you must recognize and understand that the responsibility to mitigate information spillage is solely yours. We have no insight into your data or how it is classified.
 :::
 
-In the procedure below, you configure a Cloud Syslog Source, this will generate a Sumo Logic token and the endpoint hostname. Then you set up TLS by downloading a cert to your server. Download the **DigiCert** certificate
-from one of the following locations:
-* [https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt](https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt)
-* [https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.pem](https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.pem)
+In the procedure below, you configure a Cloud Syslog Source. This will generate a Sumo Logic token and the endpoint hostname. 
+
+Then you set up TLS by downloading a cert to your server (see procedures for [rsyslog](/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog/#setup-tls) and [syslog-ng](/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng/#setup-tls)). Download the DigiCert and AWS Certificate Manager (ACM) certificates from the following locations:
+* https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt
+* https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.pem
+* https://www.amazontrust.com/repository/AmazonRootCA1.cer
 
 Sumo Logic supports syslog clients, including syslog-ng and rsyslog. Follow the instructions in the appropriate section below to configure your server to send syslog data. If syslog data does not appear in Sumo Logic, refer to
 [Troubleshooting](#troubleshooting) below.
 
 ## Configure a Cloud Syslog Source
 
-Cloud syslog configuration requires a token that is automatically generated when you configure a cloud syslog source. The token allows Sumo to distinguish your log messages from those of other customers. The token is tied to the source, but not to any specific user. 
+Cloud syslog configuration requires a token that is automatically generated when you configure a cloud syslog source. The token allows Sumo Logic to distinguish your log messages from those of other customers. The token is tied to the source, but not to any specific user. 
 
 Include the token as the [Structured ID](https://tools.ietf.org/html/rfc5424#section-7) in every syslog message that is sent to Sumo Logic. The token is removed by Sumo Logic during ingestion and is not included with your syslog message in search results.
 
@@ -46,7 +48,7 @@ To configure a cloud syslog source, do the following:
 1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic top menu select **Configuration**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**.
 1. On the **Collection** page, click **Add Source** next to a Hosted Collector. See [Set up a Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector) for information on adding Hosted Collectors.
 1. Select **Cloud Syslog**.
-1. Enter a **Name** to display for this source in Sumo. Description is optional.
+1. Enter a **Name** to display for this source in Sumo Logic. Description is optional.
 1. (Optional) For **Source Host** and **Source Category**, enter any string to tag the output collected from this source. (Category metadata is stored in a searchable field called `_sourceCategory`.)
 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
 
@@ -57,7 +59,7 @@ To configure a cloud syslog source, do the following:
 
    * **Enable Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed.
    * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns the UTC time zone; if the rest of your logs are from another time zone your search results will be affected.
-   * **Timestamp Format**. By default, Sumo will automatically detect the timestamp format of your logs. However, you can manually specify a timestamp format for a source. See [Timestamps, Time Zones, and Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference).
+   * **Timestamp Format**. By default, Sumo Logic will automatically detect the timestamp format of your logs. However, you can manually specify a timestamp format for a source. See [Timestamps, Time Zones, and Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference).
 
 1. Create any Processing Rules you'd like for the new source.
 1. Click **Save**. The token information is displayed in a read-only dialog box, shown below.
@@ -69,7 +71,7 @@ To configure a cloud syslog source, do the following:
     Token: 9HFxoa6+lXBmvSM9koPjGzvTaxXDQvJ4POE/WCURPAo+w4H7PmZm8H3mSEKxPl0Q@41123, Host: syslog.collection.YOUR_DEPLOYMENT.sumologic.com, TCP TLS Port: 6514
     ```
 
-    The number `41123` in the token is the Sumo Private Enterprise Number (PEN). There are two options for including the token. You can include it in the structured data field or in the message body.  In the following example, the token is in the structured data field. 
+    The number `41123` in the token is the Sumo Logic Private Enterprise Number (PEN). There are two options for including the token. You can include it in the structured data field or in the message body.  In the following example, the token is in the structured data field. 
 
     ```
     <165>1 2015-01-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [YOUR_TOKEN] msg
@@ -120,11 +122,11 @@ If syslog messages fail to authenticate to the syslog cloud source—for example
 
 ### Troubleshooting
 
-If you encounter problems, follow the instructions below to first verify the Sumo service connection, and then check the client configuration is correct.
+If you encounter problems, follow the instructions below to first verify the Sumo Logic service connection, and then check the client configuration is correct.
 
-#### Verify connection with Sumo service
+#### Verify connection with Sumo Logic service
 
-To verify that the Sumo service can receive syslog messages, use a networking utility that supports TLS, such as nMap.org's ncat, to check that the syslog port accepts messages. 
+To verify that the Sumo Logic service can receive syslog messages, use a networking utility that supports TLS, such as nMap.org's ncat, to check that the syslog port accepts messages. 
 
 ```
 $ ncat --ssl syslog.collection.YOUR_DEPLOYMENT.sumologic.com PORT
@@ -142,7 +144,7 @@ Then, enter a test message, for example:
 <165>1 2017-10-24T06:00:15.003Z mymachine.example.com evntslog - ID47 - YOUR_TOKEN This is a message
 ```
 
-where `YOUR_TOKEN` is the token that Sumo generated when you created the Cloud Syslog Source above.
+where `YOUR_TOKEN` is the token that Sumo Logic generated when you created the Cloud Syslog Source above.
 
 #### Verify client configuration