Skip to main content
Sumo Logic

Collect Streaming Data from Syslog

A Syslog Source operates like a syslog server listening on the designated port to receive messages. Set your syslog-enabled devices to send data to the same port you specify in the Syslog Source configuration. 

The Setup Wizard guides you through different steps, depending on your operating system.

Linux

  1. Click Syslog.
  2. Select Existing Collector to use a Collector that has already been installed, or select New Collector to install a new Collector.
    • Existing Collector. Select the Collector from the list.
    • New Collector. Select Linux from the menu. To download and install a Linux Collector, open a terminal, then click Copy to copy and paste the provided code into the terminal. As the Collector installs, follow the prompts. This may take a few minutes. Once the Collector has been installed and registered, the Continue button becomes active.
  3. Click Continue.
  4. Source Category, which will help you search your logs later, is filled automatically. You can edit the name if you like.
  5. The Setup Wizard searches for and displays any default paths that are available. Choose any of the standard locations from which you would like to collect; you can also enter alternative or additional path expressions by clicking Add Path Expression one or more times.
  6. Select a time zone for your log file:
    • Use time zone from log file. If none present use: Select the time zone you want to use.
    • Ignore time zone from log file and instead use: Select the time zone you want to use.
  1. Click Continue.

Windows

  1. Click Syslog.
  2. Select Existing Collector to use a Collector that has already been installed, or select New Collector to install a new Collector.
    • Existing Collector. Select the Collector from the list.
    • New Collector. Select Windows from the menu. To download and install a Windows Collector, click the download link. When the installer package downloads, open it and follow the installation wizard prompts. Click Copy to copy and paste the provided Token into the command prompt when required. This may take a few minutes. Once the Collector has been installed and registered, the Continue button becomes active.

The Setup Wizard Token is a one-time use token, available for one hour after it is generated, then it expires. This token authenticates the user. It is designed to be used for only one Collector. The token cannot be used with the API, and it cannot be disabled.

  1. Click Continue.
  2. Source Category, which will help you search your logs later, is filled automatically. You can edit the name if you like.
  3. The Setup Wizard searches for and displays any default paths that are available. Choose any of the standard locations from which you would like to collect; you can also enter alternative or additional path expressions by clicking Add Path Expression one or more times.
  4. Select a time zone for your log file:
    • Use time zone from log file. If none present use: Select the time zone you want to use.
    • Ignore time zone from log file and instead use: Select the time zone you want to use.
  1. Click Continue.

Mac OS

  1. Click Syslog.
  2. Select Existing Collector to use a Collector that has already been installed, or select New Collector to install a new Collector.
    • Existing Collector. Select the Collector from the list.
    • New Collector. Select Mac OS from the menu. To download and install a Mac OS Collector, open a terminal, then click Copy to copy and paste the provided code into the terminal. As the Collector installs, follow the prompts. This may take a few minutes. Once the Collector has been installed and registered, the Continue button becomes active.
  3. Click Continue.
  4. Source Category, which will help you search your logs later, is filled automatically. You can edit the name if you like.
  5. The Setup Wizard searches for and displays any default paths that are available. Choose any of the standard locations from which you would like to collect; you can also enter alternative or additional path expressions by clicking Add Path Expression one or more times.
  6. Select a time zone for your log file:
    • Use time zone from log file. If none present use: Select the time zone you want to use.
    • Ignore time zone from log file and instead use: Select the time zone you want to use.
  1. Click Continue.

While the data type is being configured, the Setup Wizard provides a progress bar, and at this point, you can either add more data or go to Sumo Logic. If you leave the wizard and go to Sumo Logic, a progress bar is displayed in the main navigation bar to let you know when the configuration is finished.

Finish

When the Finish page displays, you can:

  • Add More Data. Click to return to the Setup Wizard to configure more sources.
  • Start Searching My Logs. When your data is ready, to go to the Search page and view the results of the search configured for your file. In a separate search tab, you can view the High Priority Keyword search, which displays results if your data contains "error", "fail", or "exception" keywords.
  • Dashboards. After your search is launched, you will be notified when your Sumo Logic App Dashboards are ready to use. All Dashboards are launched in Live Mode for Setup Wizard users. 
  • You can also watch videos and tutorials to learn how to use Sumo Logic.

Click Go Back to return to the main Setup Wizard screen.

Click Exit Setup Wizard to exit.