Skip to content

Instantly share code, notes, and snippets.

@jorihardman

jorihardman/sumo_logic.config

Last active April 27, 2023 18:43
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jorihardman/f3507764762e876cc9df to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jorihardman/f3507764762e876cc9df to your computer and use it in GitHub Desktop.
Download ZIP
Elastic Beanstalk Sumo Logic Config
Raw
sumo_logic.config
# This will automatically install the Sumo Logic collector on AWS Elastic
# Beanstalk instances. Add this to the .ebextensions folder in your app root
# and edit L24-25 to match your Sumo Logic accessid and accesskey. To add or
# remove tracked files, simply add or remove source hashes to the sources
# array on L36.
packages:
rpm:
SumoCollector: https://collectors.sumologic.com/rest/download/rpm/64
services:
sysvinit:
collector:
enabled: true
ensureRunning: true
files:
- /etc/sumo.conf
files:
"/etc/sumo.conf":
mode: "000755"
owner: root
group: root
content: |
accessid=YOURACCESSID
accesskey=YOURACCESSKEY
rpmAutoStart=false
syncSources=/etc/sumo_sources.json
"/etc/sumo_sources.json":
mode: "000755"
owner: root
group: root
content: |
{
"api.version": "v1",
"sources": [
{
"sourceType": "LocalFile",
"name": "rails",
"pathExpression": "/var/log/puma/puma.log"
},
{
"sourceType": "LocalFile",
"name": "eb activity",
"pathExpression": "/var/log/eb-activity.log"
},
{
"sourceType": "LocalFile",
"name": "nginx access",
"pathExpression": "/var/log/nginx/access.log"
}
]
}
@jorihardman
Copy link
Author

jorihardman commented Sep 21, 2015

Hey @sfkaos! Glad you found it useful man.

@nwhobart
Copy link

nwhobart commented Oct 13, 2015

This was a helpful starting point. I suggest, however, that we don't encourage people using their real access id and key; especially if checking into github/code management. Instead, we use an S3 bucket.

files:
  "/etc/sumo.conf":
    mode: "000755"
    owner: root
    group: root
    source: https://s3.amazonaws.com/your-bucket-here/your-file-here.txt
    authentication: S3AccessCred

We keep the sumo_sources.json file checked into code to make changes but you could certainly have that file in a bucket as well.

Finally, don't forget to add the authentication:

Resources:
  AWSEBAutoScalingGroup:
    Type: "AWS::AutoScaling::AutoScalingGroup"
    Metadata:
      AWS::CloudFormation::Authentication:
        S3AccessCred:
          type: "S3"
          roleName: "your-role-name-here"
          buckets: "your-bucket-here"

This is assuming your role has the appropriate managed policy assigned to in in IAM. Basically that role needs Get and List S3 bucket access. There's a built in policy for S3 read-only; I suggest using that one.

This might be overkill for some but for my organization we didn't want to put the SL access credentials into the codebase.

@felixSchl
Copy link

felixSchl commented Jul 22, 2016

Sumologic deprecated /etc/sumo.conf. The config should go here now: /opt/SumoCollector/config/user.properties.

@ryangardner
Copy link

ryangardner commented Aug 18, 2016

Also, be sure to set "ephemeral=true" or else you'll get a lot of dangling collectors

https://help.sumologic.com/Send_Data/Installed_Collectors/stu_user.properties/Setting_a_Collector_as_Ephemeral

@JefStat
Copy link

JefStat commented Mar 7, 2017

Here's some changes taking into account some of the suggestions here:
https://gist.github.com/JefStat/98891d947a1bbadedcf25921b116e413

  • Added ephemeral
  • switched to using user.properties
  • sumologic logs added to the log collector in beanstalk
  • access keys set via environment variable

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment