Skip to main content
Sumo Logic

Collect Logs from AWS Fargate

Learn how to collect logs from AWS Fargate.

This page describes how to collect logs from AWS Fargate.

Collection process

The diagram below illustrates the process for sending container logs from AWS Fargate to Sumo Logic. 

AWS Fargate uses the AWSLogs driver to send container logs to AWS Cloudwatch.

fargate.png

Step 1: Configure containers for CloudWatch logging

Follow the instructions in Create a Task Definition in Amazon help. When creating your Task Definition, be sure to configure the logging to use the awsLogs driver, by setting the logConfiguration parameter to "awslogs", currently the only logging driver supported by AWS Fargate.

Step 2: Add a hosted collector and HTTP source

  1. In Sumo Logic, configure a Hosted Collector.
  2. In Sumo Logic, configure an HTTP Source.

Step 3: Create Lambda function 

Sumo provides a Lambda function for use with Amazon Web Services (AWS). It collects AWS Lambda logs using CloudWatch Logs and it extracts and adds a RequestId field to each log line to make correlation easier. 

To add an Amazon Lambda function:

  1. Sign into the AWS Management Console.
  2. Click Lambda in the Compute section.
  3. On the AWS Lambda page, click Create a Function
  4. On the Blueprints page, enter sumologic in the search field, and click the search icon.
  5. Select sumologic-process-logs.
    The Create Function page appears.
  6. In the Basic information section:

    lambda4.png
    1. Name—Enter a name for the function.
    2. Role—Choose one of the following options:
      • Choose an existing role. If you have any appropriate roles, you can select one.
      • Create new role from template(s). If you select this option, you can continue without choosing any policy templates—it will create a role with basic Lambda execution privileges by default.
    3. Role Name—Enter a name for the role.
    4. Policy templates—If you selected Create new role from template(s) above, you can leave this blank. 
  7. In the cloudwatch-logs section, you can create a trigger now, or click Remove if you prefer to create it later. To create the trigger:
    trigger.png
    1. Log Group—Select the log group that serves as the event source. Events sent to the log source will trigger your Lambda function. 
    2. Filter Name—Enter a filter name.
    3. Filter Pattern—May be left blank. For information about AWS filter patterns, see Filter and Pattern Syntax in AWS help.
    4. Enable trigger—Check the box to enable the trigger immediately. 
    5. Click Create Function.
  8. On the Environment Variables page, create a environment variable named SUMO_ENDPOINT. Set the value of the variable to the URL of the HTTP source to which your logs will be sent.

    In addition, you can set any of the following optional variables:lambda6.png
     
    • ENCODING (Optional)—Encoding to use when decoding CloudWatch log events. Default is utf-8.
    • SOURCE_CATEGORY_OVERRIDE (Optional)—Override _sourceCategory value configured for the HTTP source.
    • SOURCE_HOST_OVERRIDE (Optional)—Override _sourceHost value configured for the HTTP source.
    • SOURCE_NAME_OVERRIDE (Optional)—Override _sourceName value configured for the HTTP source.

Step 4: Create a CloudWatch Log Group

You will need at least one CloudWatch Log Group to assign to your Lambda function. For details on how to create a CloudWatch Log Group, see create a CloudWatch Log Group.

Assign CloudWatch Log Groups to Your Lambda Function

  1. Go to the Triggers tab of your Lambda function.
  2. Select Add Trigger.
  3. In the Add Trigger prompt, click the box as instructed and select CloudWatch Logs from the drop-down menu.
  4. Select a CloudWatch Log Group to add to your function. You need at least one CloudWatch Log Group to see this option. For details on creating a log group, see create a CloudWatch Log Group.
  5. Add a Filter Name to your trigger.
  6. (Optional) you can add a Filter Pattern to your trigger. For information about AWS filter patterns, see Filter and Pattern Syntax in AWS documentation 
  7. Click Enable Trigger.
  8. Click Submit to add the trigger to your Lambda function.

Step 5: Assign CloudWatch Log Groups to your lambda function

  1. Go to the Triggers tab of your Lambda function.
  2. Select Add Trigger.
  3. In the Add Trigger prompt, click the box as instructed and select CloudWatch Logs from the drop-down menu.
  4. Select a CloudWatch Log Group to add to your function. You need at least one CloudWatch Log Group to see this option. For details on creating a log group, see create a CloudWatch Log Group.
  5. Add a Filter Name to your trigger.
  6. (Optional) you can add a Filter Pattern to your trigger. For information about AWS filter patterns, see Filter and Pattern Syntax in AWS documentation 
  7. Click Enable Trigger.
  8. Click Submit to add the trigger to your Lambda function.