Log Sensor Troubleshooting
The Cloud SIEM Log Sensor has reached end of life and is no longer supported. Please migrate to a Sumo Logic Hosted Collector or Installed Collector. For more information, see the end of life notice.
The Cloud SIEM Log Sensor collects log data and sends it to the legacy Cloud SIEM server. (The Log Sensor does not send log data to the Sumo Logic platform. Sumo Logic collectors serve that purpose.)
If your organization uses the Log Sensor, This section provides instructions for gathering troubleshooting information Cloud SIEM support may request if you have problems with the sensor.
Restart sensor
The following command restarts the sensor. You need to restart the sensor after making changes to the sensor configuration file, /opt/trident/log-sensor/conf/trident-sensor.cfg
.
$ systemctl restart trident_log_sensor
Get sensor status
This command returns the status of the Log Sensor.
$ systemctl status trident_log_sensor
Show sensor listen ports
The following command lists the sensor's listen ports, and state information for each.
$ ss -an | grep LIST | grep :::85..
View sensor configuration file
This command lists the sensor’s configuration file.
$ cat /opt/trident/log-sensor/conf/trident-sensor.cfg
Edit sensor configuration file
This command opens the sensor’s configuration file in the vi editor.
$ vi /opt/trident/log-sensor/conf/trident-sensor.cfg
View sensor log file
This command tails the sensor’s log file, assuming that it is located in its default location.
$ tail -f /opt/trident/log-sensor/logs/trident-sensor.log
View logs sent by the sensor to Cloud SIEM
This command tails the sensor’s output.log
file which contains logs that the sensor has sent to the Cloud SIEM server.
$ tail -f /opt/trident/log-sensor/output/log/output.log
View count of logs sent by the sensor to Cloud SIEM
This command returns a count of the logs sent by the sensor to the Cloud SIEM server.
$ ls -lh /opt/trident/log-sensor/output/log/