VMware AirWatch Integration for Sumo Logic
VMware AirWatch is an enterprise mobility management (EMM) software and standalone management systems for content, applications and email. Sumo Logic integrates with VMware AirWatch to provide visibility for monitoring enterprise mobility management in your deployment. The unified digital workspace platform simplifies and secures app access and IT management throughout your environment.
VMware Airwatch is an integral part of Workspace ONE, an any app, any device experience that provides 1-click workflows with a virtual assistant for an intuitive and engaging experience.
Collecting AirWatch Events
AirWatch supports sending events to syslog. For Sumo Logic to receive AirWatch events, you must create a cloud syslog in Sumo Logic. This section shows you how to do the following:
- Configure cloud syslog in Sumo Logic.
- Integrate AirWatch and configure syslog.
Step 1. Configure cloud syslog in Sumo Logic
To configure cloud syslog in Sumo Logic, follow the instructions on this page.
After a cloud syslog is configured, the following values are available:
- Token
- Host
- TCP TLS Port
These three values–shown on the Cloud Syslog Source dialog–are used to configure syslog integration in AirWatch.
During syslog configuration in AirWatch, you can choose to send Console events, Device events, or both. Any events generated by the AirWatch Console are sent to Sumo Logic.
Step 2. Integrate AirWatch and configure syslog
This section shows you how to integrate AirWatch with Sumo Logic and configure syslog. During the syslog configuration process you can specify the events to be sent to Sumo Logic. You can choose to send Console events, Device events, or both.
To enable integration and configure syslog, do the following:
-
Log in to your AirWatch account.
-
Navigate to Monitor > Reports and Analytics > Events > Syslog.
-
Select Enabled on the Syslog dialog.
-
Specify the following options in the Syslog dialog:
Setting Description Sumo Logic Specific Value Syslog Integration Enable/Disable Enable Host Name Host Name of Cloud Syslog Host Name of the Sumo Logic Cloud Syslog: syslog.collection.us1.sumologic.com
Protocol UDP, TCP, Secure TCP A secure TCP is required for Sumo Logic Port Port number 6514 Syslog Facility Roughly suggests from what part of a system a message originated, and can help distinguish different classes of messages. Optional, or as required Message Tag Enter a descriptive tag to identify events from the AirWatch Console in the Message Tag field. Optional, or as required Message Content Enter the data to include in the transmission in the Message Content field.
Note: Paste the Sumo Logic Token in the message field as highlighted in next column.AirWatch Syslog Details are as follows:
Event Type:{EventType}
Event:{Event}
User:{User}
Event Source:{EventSource}
Event Module:{EventModule}
Event Category:{EventCategory}
Event Data:{EventData} 7SarExampleSumoLogicToken+57f7ZDzI4aDN29uOy0vPj6x9z6tkwH6KBtS@41123
-
Click the Advanced tab, and configure the following settings.
Setting Description Console Events Select whether to enable or disable the reporting of Console events. Select Console Events to Send to Syslog For each subheading, select the specific events that you want to trigger a message to syslog. Device Events Select whether to enable or disable the reporting of Device events. Select Device Events to Send to Syslog For each subheading, select the specific events that you want to trigger a message to syslog. -
Click Save, and then click Test Connection to ensure you have successful communication between the AirWatch Console and Sumo Logic. For more information, see the following AirWatch documentation.
After a successful integration, the events start flowing into Sumo Logic.