The sumologic-http() and sumologic-syslog() destinations send log messages to Sumo Logic, a cloud-based log management and security analytics service.
Using the sumologic-syslog() destination, you can send data (both in JSON and in non-JSON format) to the Sumo Logic service.
For more information about the sumologic-http() destination, see sumologic-http() .
Sending data using the sumologic-syslog() destination
Example: Sending data using the sumologic-syslog() destination
The following example illustrates how you can use the sumologic-syslog() destination to send data to your Sumo Logic account.
log {
source { system(); };
destination{
sumologic-syslog(token("USER-TOKEN-AS-PROVIDED-BY-sumologic")
deployment("ENDPOINT")
tls(peer-verify(required-trusted) ca-dir('/etc/syslog-ng/ca.d'))
);
};
};
Sending JSON data using the sumologic-syslog destination
Example: Sending data using the sumologic-syslog() destination
The following example illustrates how you can use the sumologic-syslog() destination to send JSON data to your Sumo Logic account.
log {
source{ system(); };
destination{
sumologic-syslog(token("USER-TOKEN-AS-PROVIDED-BY-sumologic")
deployment("ENDPOINT")
tls(peer-verify(required-trusted) ca-dir('/etc/syslog-ng/ca.d'))
template("$(format-json --scope all-nv-pairs)")
);
};
};
The sumologic-http() and sumologic-syslog() destinations have the following options.
Topics:
The sumologic-http() destination supports all HTTP destination options.
In addition, the sumologic-http() destination also has the following options.
ca-dir()
Accepted values: |
Directory name |
Default: |
none |
Description: The name of a directory that contains a set of trusted CA certificates in PEM format. The CA certificate files have to be named after the 32-bit hash of the subject's name. This naming can be created using the c_rehash utility in openssl. For an example, see Configuring TLS on the syslog-ng clients. The syslog-ng OSE application uses the CA certificates in this directory to validate the certificate of the peer.
This option can be used together with the optional ca-file() option.
ca-file()
Accepted values: |
File name |
Default: |
empty |
Description: Optional. The name of a file that contains a set of trusted CA certificates in PEM format. The syslog-ng OSE application uses the CA certificates in this file to validate the certificate of the peer.
Example format in configuration:
ca-file("/etc/pki/tls/certs/ca-bundle.crt")
NOTE: The ca-file() option can be used together with the ca-dir() option, and it is relevant when peer-verify() is set to other than no or optional-untrusted.
headers()
Type: |
string list |
Default: |
empty |
Description: Custom HTTP headers to include in the request, for example, headers("HEADER1: header1", "HEADER2: header2"). If not set, only the default headers are included, but no custom headers.
The following headers are included by default:
-
X-Syslog-Host: <host>
-
X-Syslog-Program: <program>
-
X-Syslog-Facility: <facility>
-
X-Syslog-Level: <loglevel/priority>
NOTE: The headers() option is a required option for the sumologic-http() destination.
time-reopen()
Accepted values: |
number [seconds] |
Default: |
60 |
Description: The time to wait in seconds before a dead connection is reestablished.
tls()
Type: |
tls options |
Default: |
n/a |
Description: Required option. This option sets various options related to TLS encryption, for example, key/certificate files and trusted CA locations. TLS can be used only with tcp-based transport protocols. For details, see TLS options.
The sumologic-syslog() destination supports all network() destination options.
In addition, the sumologic-syslog() destination also has the following options.
ca-dir()
Accepted values: |
Directory name |
Default: |
none |
Description: The name of a directory that contains a set of trusted CA certificates in PEM format. The CA certificate files have to be named after the 32-bit hash of the subject's name. This naming can be created using the c_rehash utility in openssl. For an example, see Configuring TLS on the syslog-ng clients. The syslog-ng OSE application uses the CA certificates in this directory to validate the certificate of the peer.
This option can be used together with the optional ca-file() option.
ca-file()
Accepted values: |
File name |
Default: |
empty |
Description: Optional. The name of a file that contains a set of trusted CA certificates in PEM format. The syslog-ng OSE application uses the CA certificates in this file to validate the certificate of the peer.
Example format in configuration:
ca-file("/etc/pki/tls/certs/ca-bundle.crt")
NOTE: The ca-file() option can be used together with the ca-dir() option, and it is relevant when peer-verify() is set to other than no or optional-untrusted.
port()
Type: |
number |
Default: |
6514 |
Description: Optional. This option sets the port number of the Sumo Logic server to connect to.
tag()
Type: |
string list |
Default: |
"tag" |
Description: Optional. This option specifies the list of tags to add as the tags fields of Sumo Logic messages. If not specified, syslog-ng OSE automatically adds the tags already assigned to the message. If you set the tag() option, only the tags you specify will be added to the messages.
tls()
Type: |
tls options |
Default: |
n/a |
Description: Required option. This option sets various options related to TLS encryption, for example, key/certificate files and trusted CA locations. TLS can be used only with tcp-based transport protocols. For details, see TLS options.