The Sumo Logic App for Linux allows you to view the events, logins, and security status of your Linux system. The app consists of predefined searches and three Dashboards, which provide visibility into your environment for real-time or historical analysis.
Sumo Logic apps gather data from the log messages collected from Sources by Collectors. The Sumo Logic app for Linux requires the following log types, which are set up during the Collector and Source configuration process:
- /var/log/messages* - These logs contain system messages. They are required for most system events, such as user creation, deletion, system start, shutdown, etc.
- /var/log/audit* or /var/log/secure* - The log type used will depend on the version of UNIX and configuration. These logs contain security logs. They are required for most security events and user logins.
- /var/log/ [ yum.log | dpkg.log | zypper.log ] - Optional: These logs are required for package operation searches.
It is recommended to categorize all of these logs uniformly with a single source category, for example: OS/Linux.