This procedure explains how to collect logs from Google Apps and ingest them into Sumo Logic.
Sumo Logic App
To collect logs for CrowdStrike Falcon Host platform, you need to configure the following:
- A Sumo Logic Installed Collector and Syslog Source.
- CrowdStrike Falcon SIEM Connector.
This procedure details these steps.
The Sumo Logic Installed Collector and CrowdStrike Falcon SIEM Connector can be located on the same machine or different machines, but Sumo Logic recommends that you locate them both on the same machine for best performance.
Configure Sumo Logic Installed Collector and Syslog Source
To collect logs for CrowdStrike Falcon Host platform, in Sumo Logic, configure the following:
When you configure the Syslog Source, make sure that the Time Zone is set to to GMT (Etc/UTC).
Also, make sure to take note of the protocol (TCP or UDP) and Port number. You will need this information to configure the CloudStrike Falcon SIEM Connector.
Configure the CrowdStrike Falcon SIEM Connector
Refer to the CrowdStrike Falcon Host SIEM Connector Feature Guide documentation hosted in the Falcon UI to configure the SIEM Connector and then configure that connector to send data to the Sumo Logic Syslog Source you created in the previous section.
- From the conversation icon, select Docs:
- Under Feature Guides, select Falcon Host SIEM Connector Feature Guide.