This cookbook installs the Sumo Logic collector or updates an existing one if it was set to use Local Configuration Mangement. Installation on Linux uses the shell script installer and on Windows uses the exe installer. Here are the steps it follows:
sumo.conf
and sumo.json
(or the json folder). By default the standard Linux logs (system and security) are captured. On Windows the application and system event logs are captured.For collector update, the existing collector must have been switched to use Local Configuration Mangement - see the instructions to configure New Collectors or Existing Collectors for more details. The steps the cookbook follows:
sumo.conf
and sumo.json
(or the json files under the json folder).The collector Requires outbound access to https://collectors.sumologic.com.
Edit sumo.json
(or the json files under the json folder) to add/edit/remove sources. After installation you can
test connectivity.
Starting from 19.107, there are 2 major extensions to SumoLogic collectors:
syncSources
instead of sources
inside sumo.conf
.
See more details here.Install the cookbook in your Chef repo (your knife version should be at least 11.10.4 and you should have the knife github plugin installed):
knife cookbook github install SumoLogic/sumologic-collector-chef-cookbook
accessID
and accessKey
. Note that attribute names are case sensitive. If the cases mismatch, the values will not appear when chef-client runs. The default data bag/item is
['sumo-creds']['api-creds']
. More flexible approach is to set node.run_state['sumo_key_id']
and node.run_state['sumo_key_secret']
to supply credentials from your wrapper cookbook level. Please note, storing sensitive data anywhere outside of node.run_state
is not safe, because it's being uploaded to the Chef Server at the end of chef-client run. node.run_state
is not persistent and generally discarded at the end of chef-client run. But you still want to make sure that credentials originates from a secure place, such as your own encrypted data bag, Chef Vault or alternative approach that stores and communicates your secrets in an encrypted manner.default['sumologic']['local_management']
properly. By default this feature is on, to leverage the power of Chef.default['sumologic']['use_json_path_dir']
appropriately. By default a single json file is used.default['sumologic']['sumo_json_path']
. By default this is the path to the json file at /etc/sumo.json
on Linux or c:\sumo\sumo.json
on Windows.Upload the cookbook to your Chef Server:
knife cookbook upload sumologic-collector
sumologic-collector
receipe to your node run lists. This step depends
on your node configuration, so specifics will not be described in this README.md.['sumologic']['ephemeral'] | Boolean | Sumo Logic Ephemeral Setting | Required |
['sumologic']['installDir'] | String | Sumo Logic Install Directory | Required |
['sumologic']['credentials']['bag_name'] | String | Name of the data bag. | Required |
['sumologic']['credentials']['item_name'] | String | Name of the item within the data bag. | Required |
['sumologic']['credentials']['secret_file'] | String | Path to the local file containing the encryption secret key. | Optional |
Provides actions for installing and managing a SumoLogic Collector
default
= :install_and_configure
Installs an unconfigured and unregistered SumoLogic Collector. Use :configure
to configure it later
sumologic_collector 'C:\sumo' do
action :install
end
Installs and configures a SumoLogic Collector. This is the default action
sumologic_collector 'C:\sumo' do
collector_name 'fileserver'
sumo_access_id 'MYACCESSID'
sumo_access_key 'MYACCESSKEY'
proxy_host 'proxy.mydomain.com'
proxy_port '8080'
end
Configures a pre-installed but unconfigured (and unregistered) SumoLogic Collector
Note: The recommended flow to use this is to have the collector installed without
configuration or registration by using the :install
action
sumologic_collector 'C:\sumo' do
collector_name 'fileserver'
sumo_access_id 'MYACCESSID'
sumo_access_key 'MYACCESSKEY'
proxy_host 'proxy.mydomain.com'
proxy_port '8080'
action :configure
end
Uninstalls a SumoLogic collector using the provided uninstaller
sumologic_collector 'C:\sumo' do
action :remove
end
Starts the SumoLogic Collector
sumologic_collector 'C:\sumo' do
action :start
end
Stops the SumoLogic Collector
sumologic_collector 'C:\sumo' do
action :stop
end
Restarts the SumoLogic Collector
sumologic_collector 'C:\sumo' do
action :restart
end
See the Sumo Logic documentation for more information about these attributes.
Attribute | Type | Description | Default | Required | Used Actions |
---|---|---|---|---|---|
dir |
String |
Directory where collector will be installed (name attribute) |
none | true |
all |
source |
String |
URL to download collector installer from | none (uses the latest installer from SumoLogic) | false |
:install , :install_and_configure |
collector_name |
String |
Name of this Collector | nil |
false |
:install_and_configure , :configure |
collector_url |
String |
URL used to register Collector for data collection API | nil |
false |
:install_and_configure , :configure |
collector_secure_files |
Boolean |
Enable or disable enhanced file security | nil |
false |
:install_and_configure , :install |
host_name |
String |
Hostname of this collector + default hostname of sources on it | nil |
false |
:install_and_configure , :configure |
description |
String |
Description of this collector | nil |
false |
:install_and_configure , :configure |
category |
String |
Default category for sources on this collector | nil |
false |
:install_and_configure , :configure |
sumo_token_and_url |
String |
Encoded Setup Wizard token | nil |
false |
:install_and_configure |
sumo_access_id |
String |
Access ID used when logging in with Access ID and Key | nil |
false |
:install_and_configure , :configure |
sumo_access_key |
String |
Access Key used when logging in with Access ID and Key | nil |
false |
:install_and_configure , :configure |
proxy_host |
String |
Sets proxy host when a proxy server is used | nil |
false |
:install_and_configure , :configure |
proxy_port |
String , Fixnum |
Sets proxy port when a proxy server is used | nil |
false |
:install_and_configure , :configure |
proxy_user |
String |
Sets proxy user when a proxy server is used with authentication | nil |
false |
:install_and_configure , :configure |
proxy_password |
String |
Sets proxy password when a proxy server is used with authentication | nil |
false |
:install_and_configure , :configure |
proxy_ntlmdomain |
String |
Sets proxy NTLM domain when a proxy server is used with NTLM authentication | nil |
false |
:install_and_configure , :configure |
sources |
String |
Sets the JSON file describing sources to configure on registration | nil |
false |
:install_and_configure , :configure |
sync_sources |
String |
Sets the JSON file describing sources to configure on registration, which will be continuously monitored and synchronized with the Collector's configuration | nil |
false |
:install_and_configure , :configure |
ephemeral |
Boolean |
When true , the Collector will be deleted after goes offline for a certain period of time |
false |
false |
:install_and_configure , :configure |
clobber |
Boolean |
When true , if there is any existing Collector with the same name, that Collector will be deleted |
false |
false |
:install_and_configure , :configure |
disable_upgrade |
Boolean |
If true, the collector rejects upgrade requests from Sumo. | false |
false |
:install_and_configure , :configure |
enable_script_source |
Boolean |
Script Sources are disabled by default. You can enable them by setting this parameter to true. | false |
false |
:install_and_configure , :configure |
enable_action_source |
Boolean |
Script Action Sources are disabled by default. You can enable them by setting this parameter to true. | false |
false |
:install_and_configure , :configure |
time_zone |
String |
The default time zone for sources on this collector | nil |
false |
:install_and_configure , :configure |
target_cpu |
Integer |
Target to which to limit the CPU usage of this collector | nil |
false |
:install_and_configure , :configure |
wrapper_java_initmemory |
Integer |
Override the initial Java heap size | nil |
false |
:configure |
wrapper_java_maxmemory |
Integer |
Override the maximum Java heap size | nil |
false |
:configure |
runas_username |
String |
Which user the daemon will run as | nil |
false |
:install_and_configure , :install |
winrunas_password |
String |
On Windows, the password for the user the service will run as | nil |
false |
:install_and_configure , :install |
skip_registration |
Boolean |
When true the collector will not register upon installation |
false |
nil |
:install_and_configure |
fields |
Hash |
Sets the fields property in user.properties used by ingest budgets and other future features | nil |
false |
:install_and_configure , :configure |
Note: sumologic_collector_installer
has been deprecated, please use sumologic_collector
with the :install_and_configure
action (the default)
Allows for additional customisation of the Sumo Logic Collector installer
default
= :install
:install
- installs the Sumo Logic Collector if it is not already installedSee the Sumo Logic documentation for more information about these attributes.
dir
- Directory where the Collector will be installedsource
- URL where installer will be downloaded fromcollector_name
collector_url
sumo_token_and_url
sumo_access_id
sumo_access_key
proxy_host
proxy_port
proxy_user
proxy_password
proxy_ntlmdomain
sources
sync_sources
ephemeral
clobber
runas_username
winrunas_password
skip_registration
# Installs the Collector on Windows and skips registration
sumologic_collector_installer 'c:\sumo' do
source 'https://collectors.sumologic.com/rest/download/win64'
sumo_access_id node['SUMO_ACCESS_ID']
sumo_access_key node['SUMO_ACCESS_KEY']
skip_registration true
end
The following attributes are common to all of the sources listed below.
See the Sumo Logic documentation for more information about these attributes.
owner
- owner of the JSON Source configuration filegroup
- group of the JSON Source configuration filemode
- file mode of the JSON Source configuration filesource_name
- name of the source. requiredsource_json_directory
- directory where JSON Source configuration file will be stored. requireddescription
category
host_name
time_zone
automatic_date_parsing
multiline_processing_enabled
use_autoline_matching
manual_prefix_regexp
force_time_zone
default_date_format
filters
alive
default
= :create
:create
- creates a JSON Source configurationSee the Sumo Logic documentation for more information about these attributes.
The following attribute parameters are in addition to the generic parameters listed above.
uri
specified_containers
all_containers
cert_path
source_type
- one of :docker_stats
, :docker_log
. requiredcollect_events
sumo_source_docker 'docker_stats' do
source_json_directory node['sumologic']['sumo_json_path']
source_type :docker_stats
uri 'https://127.0.0.1:2376'
all_containers true
end
sumo_source_docker 'docker_log' do
source_json_directory node['sumologic']['sumo_json_path']
source_type :docker_log
uri 'https://127.0.0.1:2376'
all_containers true
end
default
= :create
:create
- creates a JSON Source configuration:remove
- removes a previously configured JSON source configurationSee the Sumo Logic documentation for more information about these attributes.
The following attribute parameters are in addition to the generic parameters listed above.
path_expression
- requiredblacklist
encoding
sumo_source_local_file 'local_file' do
source_json_directory node['sumologic']['sumo_json_path']
path_expression '/tmp/example'
fields {
_siemforward: true,
parser: '/MY_EXAMPLE_PARSER'
}
end
default
= :create
:create
- creates a JSON Source configurationSee the Sumo Logic documentation for more information about these attributes.
The following attribute parameters are in addition to the generic parameters listed above.
log_names
- requiredevent_format
- :legacy
for legacy format or :json
for JSON format. :legacy
is default.event_message
- Use with JSON format. :complete
, :message
(recommended), or :metadata
for metadata only.
:message
is default.allowlist
- Available in Collector version 19.351-4 and later. A comma-separated list of event IDs.
This is an empty string as default.denylist
- Available in Collector version 19.351-4 and later. A comma-separated list of event IDs.
This is an empty string as default.sumo_source_local_windows_event_log 'local_win_event_log' do
source_json_directory node['sumologic']['sumo_json_path']
log_names ['security', 'application']
end
Use JSON log format instead of legacy format:
sumo_source_local_windows_event_log 'local_win_event_log' do
source_json_directory node['sumologic']['sumo_json_path']
log_names ['security', 'application']
event_format :json
event_message :message
allowlist ""
denylist ""
end
default
= :create
:create
- creates a JSON Source configurationSee the Sumo Logic documentation for more information about these attributes.
The following attribute parameters are in addition to the generic parameters listed above.
remote_hosts
- requiredremote_port
- requiredremote_user
- requiredremote_password
- requiredkey_path
- requiredkey_password
path_expression
- requiredauth_method
- one of key
or password
.blacklist
sumo_source_remote_file 'remote_file' do
source_json_directory node['sumologic']['sumo_json_path']
remote_hosts ['127.0.0.1']
remote_port 22
remote_user 'user'
remote_password 'password'
key_path ''
path_expression '/tmp/example'
auth_method 'password'
end
default
= :create
:create
- creates a JSON Source configurationSee the Sumo Logic documentation for more information about these attributes.
The following attribute parameters are in addition to the generic and sumo_source_local_windows_event_log parameters listed above.
domain
- requiredusername
- requiredpassword
- requiredhosts
- requiredlog_names
- requiredsumo_source_remote_windows_event_log 'remote_win_event_log' do
source_json_directory node['sumologic']['sumo_json_path']
domain 'mydomain'
username 'user'
password 'password'
hosts ['myremotehost1']
log_names ['security', 'application']
end
Use JSON log format instead of legacy format:
sumo_source_remote_windows_event_log 'remote_win_event_log' do
source_json_directory node['sumologic']['sumo_json_path']
domain 'mydomain'
username 'user'
password 'password'
hosts ['myremotehost1']
log_names ['security', 'application']
event_format :json
event_message :message
allowlist ""
denylist ""
end
default
= :create
:create
- creates a JSON Source configurationSee the Sumo Logic documentation for more information about these attributes.
The following attribute parameters are in addition to the generic parameters listed above.
commands
- requiredfile
working_dir
timeout
script
cron_expression
sumo_source_script 'script' do
source_json_directory node['sumologic']['sumo_json_path']
commands ['/bin/bash']
cron_expression '0 * * * *'
end
default
= :create
:create
- creates a JSON Source configurationSee the Sumo Logic documentation for more information about these attributes.
The following attribute parameters are in addition to the generic parameters listed above.
protocol
port
sumo_source_syslog 'syslog' do
source_json_directory node['sumologic']['sumo_json_path']
end
default
= :create
:create
- creates a JSON Source configurationSee the Sumo Logic documentation for more information about these attributes.
The following attribute parameters are in addition to the generic parameters listed above.
protocol
port
sumo_source_graphite_metrics 'graphite' do
source_json_directory node['sumologic']['sumo_json_path']
end
Please see CONTRIBUTING.md for guidelines
Authors: Ben Newton (ben@sumologic.com), Duc Ha (duc@sumologic.com)