Add a Collector to a Linux Machine Image
You can build a Sumo Logic Collector into a Linux machine image such as an Amazon AMI or VMware image.
Collectors will normally register with Sumo Logic during the
installation process, but you can pass the ‑VskipRegistration=true
flag to skip registration. This way, the collector is installed as a
service that will start and register automatically when the image is
launched.
Initial Collector installation
Download the appropriate collector from the Sumo Logic Collection page, or from the list below.
-
Download your collector. Choose from the 32-bit or 64-bit static URLs for latest Linux collector builds, and make sure to choose your correct Sumo Logic pod. Find the list of URLs in Download a Collector from a static URL in Help.
-
Change the permissions to allow the file to be executed.
chmod 744 SumoCollector_linux_amd64_19_XXX-X.sh
-
To configure custom sources, create a source JSON file that lists all the sources you want the collector to scan and submit to the Sumo Logic service. These source configurations are only applied during the initial registration of the collector, any updates to the sources.json file will not be applied during a simple restart of the collector.
The following sample JSON file includes local file source and syslog source configuration samples. For a full list of available source types and parameters, which can be used within the sources.json file, please review the JSON help documentation.
infoJSON files need to be UTF-8 encoded.
Sample sources.json{
"api.version": "v1",
"sources": [
{
"sourceType": "LocalFile",
"name": "Example1",
"pathExpression": "/var/logs/maillog",
"category": "mail",
"hostName": "sampleSource",
"useAutolineMatching": false,
"multilineProcessingEnabled": false,
"timeZone": "UTC",
"automaticDateParsing": true,
"forceTimeZone": false,
"defaultDateFormat": "dd/MMM/yyyy HH:mm:ss"
},
{
"protocol": "UDP",
"port": 514,
"sourceType": "Syslog",
"name": "SyslogSource",
"description": "SampleSyslogSource",
"category": "events",
"timeZone": "UTC",
"automaticDateParsing": true,
"multilineProcessingEnabled": true,
"useAutolineMatching": true,
"manualPrefixRegexp": "",
"forceTimeZone": false,
"defaultDateFormat": "dd/MMM/yyyy HH:mm:ss"
}
]
} -
Set up auto-registration details for the Collector:
- Create a New User account with Administrator permissions or a role with permissions to "Manage Collectors".
- Create an installation token.
- Or, create an Access Key and Access Id for this user, which will be used to register the collector.
-
As root, run the installer with the following arguments:
q
starts the installer in quiet mode (no UI)-VskipRegistration=true
to skip collector registration during installation-Vephemeral=true
to set the Collector as ephemeral (will be removed after 12 hours offline)-Vsumo.token_and_url=<installationToken>
to use an installation token, or:-Vsumo.accessid=<access_id>
to specify access id generated above-Vsumo.accesskey=<access_key>
to specify access key generated above-Vsources=<filepath>
to specify the path to your source JSON file created above- (Optional)
-dir
to install into a non-standard installation directory. By default, Linux will install in/opt/SumoCollector
.
Example:
./SumoCollector_linux_amd64_19_XXX-X.sh -q -VskipRegistration=true -Vephemeral=true -Vsources=/path/to/sources.json -Vsumo.accessid=<access_id> -Vsumo.accesskey=<access_key>
or
./SumoCollector_linux_amd64_19_XXX-X.sh -q -VskipRegistration=true -Vephemeral=true -Vsources=/path/to/sources.json -Vsumo.accessid=<access_id> -Vsumo.accesskey=<access_key> -dir "/usr/local/SumoCollector"
-
(Optional) Remove the
"name"
property from the generated user.properties file. By default, the collector installation will use the hostname of the machine the installer runs on. However, when creating an image, this will cause all collectors created using this image to have the same name prefix, followed by a unique epoch timestamp.To ensure collectors created using this image will use the correct hostname, you can modify the user.properties file, located at
/opt/SumoCollector/config/user.properties
or/usr/local/SumoCollector/user.properties
. Remove the line that specifies"hostName = <hostname>"
and save the file.
Do not start the collector before building the image, if you're using -VskipRegistration=true
. Starting the collector prematurely will register the collector with Sumo Logic, causing ingestion issues when using baked AMI. If you did start the Collector and it registered you can remove the Collector's registration by navigating to the Collector's installation directory under /config/creds/
and deleting all of its contents, and then add the Accesskey parameter in the user.properties
file to bake the AMI.
Build your image
Now you are ready to take the machine at its current state and generate an image. Follow the AWS procedure to create an image. Instances launched from the image will automatically be registered with the DNS name of the instance. The installed collector service will start and register automatically when the instance is launched.