Last active
July 22, 2019 23:40
-
-
Save bwhaley/6471649 to your computer and use it in GitHub Desktop.
Use this little script as EC2 User Data to install a Sumo Logic collector. Be sure to base64 encode it.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -o /tmp/sumo.sh https://collectors.sumologic.com/rest/download/linux/64 | |
| sh /tmp/sumo.sh -q -dir "/usr/local/SumoCollector" | |
| /etc/init.d/collector stop | |
| cat > /usr/local/SumoCollector/config/custom_sources.json << END | |
| { | |
| "api.version": "v1", | |
| "sources": [ | |
| { | |
| "sourceType": "LocalFile", | |
| "name": "LocalAuth", | |
| "pathExpression": "/var/log/auth*", | |
| "blacklist": "", | |
| "category": "system", | |
| "useAutolineMatching": false, | |
| "multilineProcessingEnabled": false, | |
| "timeZone": "UTC", | |
| "automaticDateParsing": true, | |
| "forceTimeZone": false, | |
| "defaultDateFormat": "dd/MMM/yyyy HH:mm:ss" | |
| }, | |
| { | |
| "sourceType": "LocalFile", | |
| "name": "LocalSyslog", | |
| "pathExpression": "/var/log/syslog*", | |
| "blacklist": "", | |
| "category": "system", | |
| "useAutolineMatching": false, | |
| "multilineProcessingEnabled": false, | |
| "timeZone": "UTC", | |
| "automaticDateParsing": true, | |
| "forceTimeZone": false, | |
| "defaultDateFormat": "dd/MMM/yyyy HH:mm:ss" | |
| }, | |
| { | |
| "protocol": "TCP", | |
| "port": 514, | |
| "sourceType": "Syslog", | |
| "name": "SyslogSource", | |
| "description": "TCPSyslogSource", | |
| "category": "app", | |
| "timeZone": "UTC", | |
| "automaticDateParsing": true, | |
| "multilineProcessingEnabled": true, | |
| "useAutolineMatching": true, | |
| "manualPrefixRegex": "", | |
| "forceTimeZone": false, | |
| "defaultDateFormat": "dd/MMM/yyyy HH:mm:ss" | |
| } | |
| ] | |
| } | |
| END | |
| cat > /etc/sumo.conf << END | |
| name=<collector name> #Omit this line to use the hostname | |
| email=<collector email address> | |
| password=<password> | |
| sources=/usr/local/SumoCollector/config/custom_sources.json | |
| END | |
| /etc/init.d/collector start |
If this is in EC2 user data the beginning of it will execute and download the collector to install automatically when the instance boots for the first time. To include the sumo access key, it might be nice to pull it from the EC2 parameter store (not reflected here). Note that this script is from 2013 and definitely not at all maintained so the situation may have changed since then.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you for sharing this! How would you incorporate the access id and access key for the sumo collector and also include the package installer so that if the EC2 instance needs to be replaced, the collector would be installed automatically?