Skip to main content
Sumo Logic

Install the Linux App and view the Dashboards

  1. Last updated
  2. Save as PDF
The Sumo Logic App for Linux includes Dashboards that give you instant access to your system overview, including event sources, login status, and security status.

Sumo Logic App

Now that you have set up collection for Linux, install the Sumo Logic App for Linux to use the preconfigured searches and dashboards to analyze your data. 

To install the app:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. Select the version of the service you're using and click Add to Library.
  1. To install the app, complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Data Source. Select either of these options for the data source.

      • Choose Source Category, and select a source category from the list.

      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).

    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
  2. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. 

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

Overview

Dashboard description: See an overview of Linux activity, including the distribution of system events across hosts, group assignment changes, a breakdown of successful and failed logins, sudo attempts, and the count of reporting hosts. 

linux_app_overview_700x341.png

Filtering the Overview dashboard

Click the funnel icon in the upper left of the dashboard to display filtering options. You can filter the dashboard by any combination of command, dest_group, dest_hostname, and dest_user.

OverviewFilter.png

Event Sources

Dashboard description: See information about system events, including their distribution across hosts, event counts per host by hour, and even counts by host and service.

linux_app_event_sources_new_700x353.png

Filtering the Event Sources dashboard

Click the funnel icon in the upper left of the dashboard to display filtering options. You can filter the dashboard by any combination of dest_hostname, host, and process_name.

EventSources.png

Login Status

Dashboard description: See information about logins to Linux hosts; including logins by hour; failed logins per host; the top 30 successful and failed  logins; and the top 30 successful and failed remote logins.  

linux_app_login_new_700x355.png

Filtering the Login Status dashboard

Click the funnel icon in the upper left of the dashboard to display filtering options. You can filter the dashboard by any combination of action, dest_hostname, dest_user, and outcome.

Security Status

Dashboard description: See information about security on Linux hosts, including su, sudo attempts, new and existing user assignments, package operations, and system start events.

linux_app_security_new_700x353.png

Filtering the Security Status dashboard

Click the funnel icon in the upper left of the dashboard to display filtering options. You can filter the dashboard by any combination of action, dest_hostname, dest_user, and outcome.