-
-
Save jorihardman/f3507764762e876cc9df to your computer and use it in GitHub Desktop.
| # This will automatically install the Sumo Logic collector on AWS Elastic | |
| # Beanstalk instances. Add this to the .ebextensions folder in your app root | |
| # and edit L24-25 to match your Sumo Logic accessid and accesskey. To add or | |
| # remove tracked files, simply add or remove source hashes to the sources | |
| # array on L36. | |
| packages: | |
| rpm: | |
| SumoCollector: https://collectors.sumologic.com/rest/download/rpm/64 | |
| services: | |
| sysvinit: | |
| collector: | |
| enabled: true | |
| ensureRunning: true | |
| files: | |
| - /etc/sumo.conf | |
| files: | |
| "/etc/sumo.conf": | |
| mode: "000755" | |
| owner: root | |
| group: root | |
| content: | | |
| accessid=YOURACCESSID | |
| accesskey=YOURACCESSKEY | |
| rpmAutoStart=false | |
| syncSources=/etc/sumo_sources.json | |
| "/etc/sumo_sources.json": | |
| mode: "000755" | |
| owner: root | |
| group: root | |
| content: | | |
| { | |
| "api.version": "v1", | |
| "sources": [ | |
| { | |
| "sourceType": "LocalFile", | |
| "name": "rails", | |
| "pathExpression": "/var/log/puma/puma.log" | |
| }, | |
| { | |
| "sourceType": "LocalFile", | |
| "name": "eb activity", | |
| "pathExpression": "/var/log/eb-activity.log" | |
| }, | |
| { | |
| "sourceType": "LocalFile", | |
| "name": "nginx access", | |
| "pathExpression": "/var/log/nginx/access.log" | |
| } | |
| ] | |
| } |
Hey @sfkaos! Glad you found it useful man.
This was a helpful starting point. I suggest, however, that we don't encourage people using their real access id and key; especially if checking into github/code management. Instead, we use an S3 bucket.
files:
"/etc/sumo.conf":
mode: "000755"
owner: root
group: root
source: https://s3.amazonaws.com/your-bucket-here/your-file-here.txt
authentication: S3AccessCredWe keep the sumo_sources.json file checked into code to make changes but you could certainly have that file in a bucket as well.
Finally, don't forget to add the authentication:
Resources:
AWSEBAutoScalingGroup:
Type: "AWS::AutoScaling::AutoScalingGroup"
Metadata:
AWS::CloudFormation::Authentication:
S3AccessCred:
type: "S3"
roleName: "your-role-name-here"
buckets: "your-bucket-here"This is assuming your role has the appropriate managed policy assigned to in in IAM. Basically that role needs Get and List S3 bucket access. There's a built in policy for S3 read-only; I suggest using that one.
This might be overkill for some but for my organization we didn't want to put the SL access credentials into the codebase.
Sumologic deprecated /etc/sumo.conf. The config should go here now: /opt/SumoCollector/config/user.properties.
Also, be sure to set "ephemeral=true" or else you'll get a lot of dangling collectors
Here's some changes taking into account some of the suggestions here:
https://gist.github.com/JefStat/98891d947a1bbadedcf25921b116e413
- Added ephemeral
- switched to using user.properties
- sumologic logs added to the log collector in beanstalk
- access keys set via environment variable
Hey homey, just got pointed to this gist from the sumologic site. Thanks for sharing! Hope everything is going well with you!