Skip to main content
Sumo Logic

VMware AirWatch Integration for Sumo Logic

This page shows you how to configure AirWatch cloud syslog events for use with Sumo Logic.

VMware AirWatch is an enterprise mobility management (EMM) software and standalone management systems for content, applications and email. Sumo Logic integrates with VMware AirWatch to provide visibility for monitoring enterprise mobility management in your deployment. The unified digital workspace platform simplifies and secures app access and IT management throughout your environment.

VMware Airwatch is an integral part of Workspace ONE, an any app, any device experience that provides 1-click workflows with a virtual assistant for an intuitive and engaging experience.

Collecting AirWatch Events

AirWatch supports sending events to syslog. For Sumo Logic to receive AirWatch events, you must create a cloud syslog in Sumo Logic. This section shows you how to do the following:

  1. Configure cloud syslog in Sumo Logic.
  2. Integrate AirWatch and configure syslog.

Step 1. Configure cloud syslog in Sumo Logic

To configure cloud syslog in Sumo Logic, follow the instructions on this page.

After a cloud syslog is configured, the following values are available:

  • Token 
  • Host 
  • TCP TLS Port

These three values–shown on the Cloud Syslog Source dialog–are used to configure syslog integration in AirWatch. 

Step 2. Integrate AirWatch and configure syslog

This section shows you how to integrate AirWatch with Sumo Logic and configure syslog. During the syslog configuration process you can specify the events to be sent to Sumo Logic. You can choose to send Console events, Device events, or both.

To enable integration and configure syslog, do the following:

  1. Log in to your AirWatch account.
  2. Navigate to Monitor > Reports and Analytics > Events > Syslog.

Syslog_dialog.png

  1. Select Enabled on the Syslog dialog.

Syslog_dialog_options.png

  1. Specify the following options in the Syslog dialog:
Setting Description Sumo Logic Specific Value
Syslog Integration Enable/Disable Enable
Host Name Host Name of Cloud Syslog

Host Name of the Sumo Logic Cloud Syslog:

syslog.collection.us1.sumologic.com

Protocol UDP, TCP, Secure TCP A secure TCP is required for Sumo Logic
Port Port number 6514
Syslog Facility Roughly suggests from what part of a system a message originated, and can help distinguish different classes of messages. Optional, or as required
Message Tag Enter a descriptive tag to identify events from the AirWatch Console in the Message Tag field. Optional, or as required
Message Content

Enter the data to include in the transmission in the Message Content field.

Note: Paste the Sumo Logic Token in the message field as highlighted in next column.

AirWatch Syslog Details are as follows:

Event Type: {EventType}

Event: {Event}

User: {User}

Event Source: {EventSource}

Event Module: {EventModule}

Event Category: {EventCategory}

Event Data: {EventData} 7SarExampleSumoLogicToken+57f7ZDzI4aDN29uOy0vPj6x9z6tkwH6KBtS@41123

  1. Click the Advanced tab, and configure the following settings.
Setting Description
Console Events Select whether to enable or disable the reporting of Console events.
Select Console Events to Send to Syslog For each subheading, select the specific events that you want to trigger a message to syslog.
Device Events Select whether to enable or disable the reporting of Device events.
Select Device Events to Send to Syslog For each subheading, select the specific events that you want to trigger a message to syslog.
  1.  Click Save, and then click Test Connection to ensure you have successful communication between the AirWatch Console and Sumo Logic. For more information, see the following AirWatch documentation.

After a successful integration, the events start flowing into Sumo Logic.