Skip to main content
Sumo Logic

Install the Linux App and view the Dashboards

The Sumo Logic App for Linux includes Dashboards that give you instant access to your system overview, including event sources, login status, and security status.

Sumo Logic App

Now that you have set up collection for Linux, install the Sumo Logic App for Linux to use the preconfigured searches and dashboards to analyze your data. 

To install the app:

  1. Select App Catalog, search for and select the app, and click Add to Library. (In the classic UI, click Library, click Apps, select the app, and click Install. If you don't find the app under Apps, it might be a preview app. Try clicking Preview to find the app.)
  2. Click Preview Dashboards if you'd like to see a preview of the dashboards included with the app before installing.
  3. In the Install Application dialog box, select the installation path (the default is the Personal folder in the library), or click New Folder to add a new folder.
  4. Select either of these options for the log data source.
  • Choose Select from Existing Source Categories, and select the source catalog from the Source Category list.
  • Choose Enter a Custom Data Filter and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).
  1. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each Panel slowly fills with data matching the time range query and received since the Panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

Overview

linux_app_overview_700x341.png

Total Event Distribution. Displays the total number of events by destination host name over the last 24 hours in a pie chart.

Logins by Outcome. Shows login successes and failures in a pie chart for the last 24 hours.

User Assignments. Displays the number of user assignments as a single value chart for the last 24 hours.

Reporting Hosts. Shows the number of reporting hosts as a single value chart for the last 24 hours.

Sudo Attempts. Shows an aggregation table that provides information on Sudo attempts for the last 24 hours. Information includes the destination hostname, source user, destination user, command, and the number of attempts.

Event Sources

linux_app_event_sources_new_700x353.png

Total Event Distribution. Displays the total number of events by destination host name over the last 24 hours in a pie chart.

Event Count by Host and Service. Shows the total number of events by host name and service name for the last 24 hours, displayed as a stacked column chart.

Event Count per Host by Hour. Provides the number of events per host name by hour for the last 24 hours, displayed as an time line area chart.

Reporting Hosts by Hour. Displays the number of hosts reporting by hour for the last 24 hours in a time line chart.

Login Status

linux_app_login_new_700x355.png

Logins by Hour. Displays the number of user logins by hour over the last 24 hours in a stacked column chart. Successes and failures are displayed in contrasting colors.

Failed Logins per Host by Hour. Shows the failed user logins per host by hour for the last 24 hours in a time line chart, which allows you to easily identify any login problems immediately.

Top 30 Successful User Logins. Provides an aggregation table that displays the top 30 successful user logins for the last 24 hours. Information includes the user, the hostname, and the login count.

Top 30 Successful Remote Logins. Shows an aggregation table of the top 30 successful remote logins for the last 24 hours. Information includes the user, the hostname, and the login count.

Top 30 Failed Logins. Displays an aggregation table that details the top 30 failed logins over the last 24 hours. Information includes the source hostname, user, destination hostname, and number of attempts.

Top 30 Failed Remote Logins. Provides an aggregation table of the top 30 failed remote login attempts over the last 24 hours. Information includes the source hostname, user, destination hostname, and number of attempts.

Security Status

linux_app_security_new_700x353.png

Failed SU Attempts. Displays an aggregation table that details failed SU (superuser) attempts for the last 24 hours. Information includes the destination hostname, source user, destination user, and the number of attempts.

Sudo Attempts. Shows an aggregation table that provides information on Sudo attempts for the last 24 hours. Information includes the destination hostname, source user, destination user, command, and the number of attempts.

New User Assignments. Provides information on the number of new user assignments by host by hour for the last 24 hours, displayed in a stacked column chart.

Existing User Assignments. Displays the number of existing user assignments by host by hour for the last 24 hours, displayed in a stacked column chart.

Package Operations. Shows the number of package operations, both installed and uninstalled, performed on a source host for the last 24 hours in a stacked column chart.

System Starts. Provides an aggregation table with information on system starts for the last two hours. Information includes the destination hostname, the process name, and the start time.