Skip to main content
Sumo Logic

Sumo Logic Endpoints and Firewall Security

Sumo Logic has several deployments that are assigned depending on the geographic location and the date an account is created.

Sumo Logic redirects your browser to the correct login URL and also redirects Collectors to the correct endpoint. However, if you're using an API you'll need to manually direct your API client to the correct Sumo Logic API URL.

Environment Service Endpoint (login URL) API Endpoint Collection Endpoint
AU
https://service.au.sumologic.com
https://api.au.sumologic.com/api/v1/
https://collectors.sumologic.com
https://collectors.au.sumologic.com 
DE
https://service.de.sumologic.com
https://api.de.sumologic.com/api/v1/
https://collectors.sumologic.com
https://collectors.de.sumologic.com 
EU
https://service.eu.sumologic.com
https://api.eu.sumologic.com/api/v1/
https://collectors.sumologic.com
https://collectors.eu.sumologic.com
https://endpoint1.collection.eu.sumologic.com
JP
https://service.jp.sumologic.com
https://api.jp.sumologic.com/api/v1/
https://collectors.sumologic.com
https://collectors.jp.sumologic.com
US1
https://service.sumologic.com
https://api.sumologic.com/api/v1/
https://collectors.sumologic.com
https://endpoint1.collection.sumologic.com
https://endpoint2.collection.sumologic.com
https://endpoint3.collection.sumologic.com
US2
https://service.us2.sumologic.com
https://api.us2.sumologic.com/api/v1/
https://collectors.sumologic.com
https://collectors.us2.sumologic.com
https://endpoint1.collection.us2.sumologic.com
https://endpoint2.collection.us2.sumologic.com
https://endpoint3.collection.us2.sumologic.com
https://endpoint4.collection.us2.sumologic.com

How can I determine which endpoint I should use?

The easiest way to see which pod your account uses is to look at the Sumo Logic URL. If you see "us2" that means you're running on the US2 pod. If you see "eu", "jp", "de" or "au" you're on one of those pods.

The specific collection endpoint will vary per account. The general format is:

endpoint[N].collection.[deploymentID].sumologic.com

To determine which URL your account is using, create an HTTP Source and look at the provided hostname.

Securing access to Sumo Logic infrastructure via DNS name or IP address

For collection to work, your firewall must allow outbound traffic to Sumo Logic. Refer to Test Connectivity for Sumo Logic Collectors for instructions on allowing outbound traffic over port 443.

  • If your firewall allows DNS entries, add the following to the whitelist in your firewall to allow outbound traffic to sumologic.com:
    *.sumologic.com
    By default, the Collector contacts collectors.sumologic.com before it is redirected to a deployment-specific endpoint such as 
    collectors.us2.sumologic.com
    and  
    endpoint[N].collection.[deploymentID].[sumologic.com]

  • If your firewall doesn’t allow DNS entries, you must whitelist all of the IP addresses for your deployment region. The addresses to whitelist depend on your Sumo Logic deployment. To determine the IP addresses that require whitelisting, download the JSON object provided by Amazon Web Services (AWS). Amazon advises that this file will change several times a week. For details on how the file is updated, its usage, its syntax, and downloading the JSON file see AWS IP Address Ranges.

The following table describes the AWS regions used by each Sumo Logic deployment. See the AWS page on regions and endpoints for more information.

Sumo Logic Deployment

AWS region name

AWS Region

AU

Asia Pacific (Sydney)

ap-southeast-2

DE

EU (Frankfurt)

eu-central-1

EU

EU (Ireland)

eu-west-1

JP

Asia Pacific (Tokyo)

ap-northeast-1

US1

US East (N. Virginia)

us-east-1

US2

US West (Oregon)

us-west-2

This link provides the complete current list of AWS IP ranges or subnets or prefixes. You can limit the number of entries in a firewall by using just the IP prefixes against the AWS region that your account's Sumo deployment uses, as shown in the table.

You can run the following query against the downloaded file in Sumo Logic to determine the IP addresses for each deployment.

| parse regex "\s+\"ip_prefix\":\s+\"(?<ip_prefix>.*?)\",\n\s+\"region\":\s+\"(?<region>.*?)\",\n\s+\"service\":\s+\"(?<service>.*?)\"" multi | where service="AMAZON" and (region="us-west-2" or region="us-east-1" or region="eu-west-1" or region="ap-southeast-2") | if (region="us-west-2", "US2", region) as region | if (region="us-east-1", "PROD", region) as region | if (region="eu-west-1", "EU", region) as region | if (region="ap-southeast-2", "AU", region) as region | count by ip_prefix, region, service | fields - _count | sort by region, ip_prefix

After configuring the firewall, Collector, and Sources, confirm that the Collector and Sources are working by verifying that you can receive a given type of message (such as syslog messages) at the specified location.

Versioning and Conflict Detection 

The Collector Management API uses optimistic locking to deal with versioning and conflict detection. Any response that returns a single entity will have an ETag header which identifies the version of that entity. Subsequent updates (PUT requests) to that entity must provide the value of the ETag header in an If-Match header; if the header is missing or no longer corresponds to the latest version of the entity, the request will fail (with 403 Forbidden or 412 Precondition Failed, respectively). Clients must be prepared to handle such failures if they anticipate concurrent updates to the entities. Additionally, the value of the ETag header may be provided in an If-None-Match header in future GET requests for caching purposes.