Skip to main content
Sumo Logic

Collect AWS Lambda Logs using an Extension

AWS Lambda Extensions enable us to more easily integrate into the AWS Lambda execution environment to control and participate in the AWS Lambda lifecycle and the AWS Lambda Logs API enables us to collect AWS Lambda logs. Sumo Logic, therefore, has developed a new open-source AWS Lambda extension that is a lightweight process that runs within the same execution environment as your Lambda functions and uses the Lambda logs API to send platform, function, and extension logs to Sumo Logic.

LambdaExtension.png

For more details on AWS Lambda Extension, please see the AWS Lambda Extensions blog and documentation about building AWS Lambda Extensions.

For more details on AWS Lambda Extension, please see the AWS Lambda Extensions blog and the blog on using Lambda extensions to send logs to custom destinations like Sumo Logic.

To review and submit enhancements for this extension, please visit the Sumo Logic Github repository.

AWS Lambda Supported Runtimes

This integration supports the following AWS Lambda runtimes:

  • Python 3.7 (python3.7)
  • Python 3.8 (python3.8)
  • Ruby 2.5 (ruby2.5)
  • Ruby 2.7 (ruby2.7)
  • Node.js 10.x (nodejs10.x)
  • Node.js 12.x (nodejs12.x)
  • Java 8 (Corretto) (java8.al2)
  • Java 11 (Corretto) (java11)
  • .NET Core 3.1 (C#/PowerShell) (dotnetcore3.1)
  • Custom runtime (provided)
  • Custom runtime on Amazon Linux 2 (provided.al2)

Follow the steps below, to use the new extension to collect your Lambda logs:

Step 1: Add a Hosted Collector and HTTP Source

Identify an existing Sumo Logic Hosted Collector you want to use, or create a new Hosted Collector as described in the following task.

To add a hosted collector and HTTP source, do the following:

  1. Create a new Sumo Logic Hosted Collector by performing the steps in Configure a Hosted Collector.
  2. Create a new HTTP Log Source in the hosted collector created above by following these instructions.

Step 2: Adding the Sumo Logic Lambda Extension to your AWS Lambda function

The Sumo Logic Lambda Extension can be added to your AWS Lambda function that is created through all supported methods.

For AWS Lambda functions created using Zip files, blueprint or serverless applications:

To add the Sumo Logic Lambda Extension to your AWS Lambda function, please follow the steps below:

  1. In the AWS Management Console, navigate to the definition of your Lambda function, Select Layers and click Add a Layer.
    Add_Layer.png

  2. Select Specify an ARN
    Specify_ARN.png

  3. Enter the following ARN: arn:aws:lambda:<AWS_REGION>:956882708938:layer:sumologic-extension:<VERSION>
    AWS_REGION. Replace with the AWS Region of your Lambda function
    VERSION. The latest version of the Sumo Logic Extension.

For AWS Lambda Functions Created Using Container Images:

To package the Sumo Logic Lambda Extension with the AWS Lambda function created using container images, please follow the steps below:

  1. Download the latest binary tar file from Github Release page.

wget
https://github.com/SumoLogic/sumologic-lambda-extensions/releases/latest/download/sumologic-extension-binary.tar.gz
  1. In your AWS Lambda container image Dockerfile, add the command below.

ADD {Location-where-you-downloaded-the-tar-file}/sumologic-extension-binary.tar.gz /opt/
  1. Validate if the extension is added to the directory and execute the below command.

docker run -it --entrypoint sh <ImageName>:<ImageTag>
  1. Execute the command ‘ls -R /opt/’ to see the directory structure. It should look as per the screenshot below.

Container_Images.png

  1. Deploy your AWS Lambda function using the container images.

  1. Add the following  environment variables to your Lambda function:

    Variable Name Description Type
    SUMO_HTTP_ENDPOINT This is the URL of the Sumo Logic HTTP source created in Step 1. Required
    SUMO_LOG_TYPES Please provide a comma-separated list of values that are one or more "platform", "function" or "extension" to indicate which AWS Lambda logs you want to send to Sumo Logic
     By default, all of these three values are assumed.
     
    Optional
    SUMO_ENABLE_FAILOVER Set to True to failover in case you would like the extension to send logs to an AWS S3 bucket. In the case of throttling or, exceptions the default value assumed is False. Optional
    SUMO_S3_BUCKET_NAME The name of an AWS S3 bucket. Optional
    SUMO_S3_BUCKET_REGION  The Region where the above AWS S3 bucket is located. Optional
    SUMO_MAX_RETRY A Number of retries to send logs to Sumo Logic. The default is 0. Optional
    SUMO_LOG_LEVEL Log level, which can be one of info, error, or debug. The default value is info. Optional
  2. Once, you have set your parameters, execute your AWS Lambda function, and validate that the logs are coming into Sumo Logic. 

  3. If you have enabled failover, do the following:

    • Add the following inline policy to the IAM role associated with your lambda function.

      Inline_Policy.png

      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Sid": "VisualEditor0",
                  "Effect": "Allow",
                  "Action": "s3:PutObject",
                  "Resource": "arn:aws:s3:::<AWS S3 Bucket Name>/*"
              }
          ]
      }
      
    • Configure a Sumo Logic AWS S3 source with the same source category as that of the HTTP Source created in Step 1 to read from this bucket.

      Sumo_AWS_source.png

Step 4 (Optional): Disable logging to CloudWatch logs

Since AWS Lambda continues to send logs to CloudWatch Logs even if extensions subscribe to the logs stream, you can disable logging to CloudWatch Logs for your function as described in the documentation.