You can build a Sumo Logic Collector into a Linux machine image such as an Amazon AMI or VMware image.

  Collectors will normally register with Sumo Logic during the installation process, but users can pass the -VskipRegistration=true flag to skip registration.  This way, the Collector is installed as a service that will start and register automatically when the image is launched.

Initial Collector installation

Download the appropriate Collector either via the Sumo Logic Manage > Collection page, or from the list below.

1. Download your Collector. Choose from the 32bit or 64bit static URLs for latest Linux collector builds, and make sure to choose your correct Sumo Logic pod. Find the list of URLs in Download a Collector from a static URL in Help. 

2. Change the permissions to allow the file to be executed.  

chmod 744 SumoCollector_linux_amd64_19_XXX-X.sh

3. To configure custom Sources, create a Source JSON file that lists all the Sources you want the Collector to scan and submit to the Sumo Logic service. These Source configurations are only applied during the initial registration of the Collector, any updates to the sources.json file will NOT be applied during a simple restart of the Collector.

The following sample JSON file includes Local File Source and Syslog Source configuration samples. For a full list of available Source types and parameters, which can be used within the sources.json file, please review the JSON help documentation.

Sample sources.json:

{
    "api.version": "v1",
    "sources": [
        {
            "sourceType": "LocalFile",
            "name": "Example1",
            "pathExpression": "/var/logs/maillog",
            "category": "mail",
            "hostName": "sampleSource",
            "useAutolineMatching": false,
            "multilineProcessingEnabled": false,
            "timeZone": "UTC",
            "automaticDateParsing": true,
            "forceTimeZone": false,
            "defaultDateFormat": "dd/MMM/yyyy HH:mm:ss"
        },
        {
            "protocol": "UDP",
            "port": 514,
            "sourceType": "Syslog",
            "name": "SyslogSource",
            "description": "SampleSyslogSource",
            "category": "events",
            "timeZone": "UTC",
            "automaticDateParsing": true,
            "multilineProcessingEnabled": true,
            "useAutolineMatching": true,
            "manualPrefixRegexp": "",
            "forceTimeZone": false,
            "defaultDateFormat": "dd/MMM/yyyy HH:mm:ss"
        }
    ]
}

4. Set up auto-registration details for the Collector:

  • Create a New User account with Administrator permissions or a role with permissions to "Manage Collectors". 
  • Create an Access Key and Access Id for this user, which will be used to register the Collector.

5. As root, run the installer with the following arguments:

  • -q starts the Installer in quiet mode (no UI)
  • -VskipRegistration=true to skip Collector registration during installation
  • -Vephemeral=true to set the Collector as ephemeral (will be removed after 12 hours offline)
  • -Vsumo.accessid=<access_id> to specify Access Id generated above
  • -Vsumo.accesskey=<access_key> to specify Access Key generated above
  • -Vsources=<filepath> to specify the path to your Source JSON file created above
  • (Optional) -dir to install into a non-standard installation directory. By default, Linux will install in /opt/SumoCollector.

Example:


./SumoCollector_linux_amd64_19_XXX-X.sh -q -VskipRegistration=true -Vephemeral=true -Vsources=/path/to/sources.json -Vsumo.accessid=<access_id> -Vsumo.accesskey=<access_key>

or

./SumoCollector_linux_amd64_19_XXX-X.sh -q -VskipRegistration=true -Vephemeral=true -Vsources=/path/to/sources.json -Vsumo.accessid=<access_id> -Vsumo.accesskey=<access_key> -dir "/usr/local/SumoCollector"

6. (Optional) Remove "name" property from generated user.properties file.

By default, the Collector installation will use the hostname of the machine the Installer runs on, but when creating an image, this will cause all Collectors created using this image to have the same name prefix, followed by a unique Epoch timestamp.

To ensure Collectors created using this image will use the correct hostname, you can modify the user.properties file, located at /opt/SumoCollector/confg/user.properties or /usr/local/SumoCollector/user.properties. Remove the line that specifies "name = <hostname>" and save the file.

Build your image 

Now you are ready to take the machine at its current state and generate an image. Follow AWS’s procedure to create an image.  Instances launched from the image will automatically be registered with the DNS name of the instance.  The installed Collector service will start and register automatically when the instance is launched.