Skip to main content
Sumo Logic

Collect Logs for the Salesforce App

To collect logs for the Salesforce App requires the following steps:

  1. Set Salesforce User Permission
  2. Deploy the SumoJanus package
  3. Configure the SFDC bundle
  4. Authenticate with Salesforce
  5. Install a Sumo Logic Collector on your production system
  6. Deploy the configuration to your production system
  7. In Sumo Logic, configure a Script Source


1. Set Salesforce User Permissions

To authenticate the Sumo Logic App for Salesforce, your user account must be an SFDC user with the following permissions:

  • API Enabled
  • View Event Log Files or View All Data

To add a user with this permission set:

  1. In Salesforce, go to Setup > Administer > Manage Users > Permission Sets.  
  2. On the Permission Set Overview > System Permissions page, select API Enabled and View Event Log Files.
  3. Then click the Manage Assignments button in the permission set you just created, and click Add Assignments.
  4. Find your user and assign that user to the permission set you just created.
  5. Save your changes.

2. Deploy the SumoJanus Package

Depending on whether or not you have set up the SumoJanus package previously, the steps are different. 

If you have never set up the SumoJanus package

  1. Download the following files:
  2. Copy both files into the same folder, and unzip them there. For example, on Linux, run the following commands:

tar xzvf sumojanus-2.0.tar.gz

tar xzvf sumojanus-2.0-salesforce.tar.gz

  1. This will create a folder called sumojanus-2.0 with all the files from both packages.

If you have set up the SumoJanus package before

  1. Backup the file conf/
  2. Copy the sumojanus-2.0-salesforce.tar.gz file into the parent folder where SumoJanus is currently installed. (So this folder should contain the folder sumojanus-2.0.)
  3. Unzip the file sumojanus-2.0-salesforce.tar.gz. This will copy the files from the SFDC bundle package to the folder sumojanus-2.0.

3. Configure the SFDC Bundle

  1. Go to the unzipped sumojanus-2.0 folder.
  2. Open the file conf/ and edit it to add the following section to the end of the file:
url = <Salesforce Instance URL>
token_file_path = ${path}/data/salesforce.token
record_file_path = ${path}/data/sf_readfiles.dat
# if you are using a SFDC sandbox environment, set the following to true
sandbox = false
  1. See the following table for all supported properties. Make sure to set the following parameters:
    • Set the url parameter to point to your Salesforce URL. For example, url =
    • If you are is using a sandbox environment, set the sandbox property to true. It is set to false by default.
    • If you don’t provide a start time, logs will be collected from two days in the past.

In the file conf/, the following properties are supported.


Required or Default




Instance URL (for example,



Path to access token file to authenticate with SFDC API.


Not required, default to: true

Set to true if output should be in JSON. This is because raw event logs from SF are in CSV format.


Not required, default to: ${path}/sf_readfiles.dat

Path to store list of log event files read successfully.


Not required, default to: false

Set to true if the URL points to a sandbox instance.


Not required, default to: 2 days ago

Milliseconds since the epoch to begin collecting (for example, 1450137600000).


Not required, default to now

Milliseconds since the epoch to stop collecting.


Not required, default to: 29.0

API version, minimum is 29.0


4. Authenticate with Salesforce

  1. Log out of Salesforce.
  2. Run the following command under the unzipped sumojanus-2.0 folder:  
    bin/SumoJanus_SF.bash -s
  3. A browser will open:
    • If your browser has already authenticated with Salesforce, a message will display saying that access has been granted.
    • Otherwise, you will see the Salesforce login. Supply your credentials (with the required permissions) to grant access.
  4. You will then see the following message, which says that the token file has been created:


Test your Configuration

  1. To make sure that the settings are correct, run bin/SumoJanus_SF.bash again (without the -s flag).
  2. You should see something like this (which may go on for a while):
  3. Remove the sf_readfiles.dat file that was just created. This file should be located under the data folder.

5. Install a Sumo Logic Collector on your Production System

In Sumo Logic, install a Collector (version i19.115 or later) on the system where you want to collect Salesforce Event Monitoring Logs

For instructions, see Installed Collectors.

6. Deploy the Configuration to your Production System

If you do not have SumoJanus 2.0 on the production system

Copy the whole sumojanus-2.0 folder to the production system where a Sumo Local Collector is configured and running. We recommend putting this folder under the Collector folder.

If you already have SumoJanus 2.0 on the production system

If you are currently using SumoJanus 2.0 on the production system (for example, as part of script collection for another Sumo Logic App, such as Box), this means you already have the sumojanus-2.0 folder.  

In this case, do the following:

  1. Backup your current version of the conf/ file.
  2. From the conf/ file you configured for Salesforce, copy the new configuration section to the production system.
  3. Unzip only the SFDC bundle, (the sumojanus-2.0-salesforce.tar.gz file) to the sumojanus-2.0 folder on your production system.
  4. Copy the token file you generated in Step 4 (salesforce.token) into the folder sumojanus-2.0/data.

7. Configure a Script Source

In Sumo Logic, configure a Script Source using the instructions in Script Source.

For the Sumo Logic App for Salesforce, use the following configuration settings:

  • Frequency: Every 6 Hours
  • Specify a timeout for your command: 3 Hours
  • Command: /bin/bash
  • Type a path to the script to execute: /opt/SumoCollector/sumojanus-2.0/bin/SumoJanus_SF.bash
  • Working Directory: /opt/SumoCollector/sumojanus-2.0
  • Advanced > Timestamp Format: yyyy-MM-dd’T’HH:mm:ss.SSS