Sumo Logic
Usage
The Sumo Logic syslog-based integration with the Netography product provides powerful log management and analytics capabilities tailored for modern applications.
This integration offers streamlined visibility into network behaviors, security incidents, and operational trends. It enhances the ability to detect anomalies, respond to threats, and optimize performance across the network. You can automate alerts and derive actionable insights, making it a vital tool for network management, compliance, and continuous improvement.
Netography Portal Steps
Navigate to Integrations (make sure you are on the Response tab) and click "Add Integration", then select Sumo Logic
Configuration
The following fields are specific to the Sumo Logic integration.
| Field | Required | Description | Example |
|---|---|---|---|
Host | yes | The hostname or IP address of the Sumo Logic server | sumologic.example.com |
Facility | no | The syslog facility level to be used (e.g., auth, cron, daemon, etc.) | auth |
Syslog Tag | no | The tag to be appended to each syslog message, used for easier filtering and searching | neto.event |
Output | no | Specifies the format in which the syslog messages are sent | DEFAULT |
After your configuration is submitted, the Sumo Logic integration will be treated as a standard syslog integration in the Fusion portal.
Additional post configuration
After the Sumo Logic configuration is setup, you will need to configure a Response Policy in the Fusion portal and a custom parser in Sumo Logic to receive events from Fusion.
Configure a Response Policy to Sent Events to Sumo Logic
You can configure response policies in the portal by navigating to Response -> Response Policies -> Add Response Policy.
Configure Sumo Logic Custom Parser
To configure the custom log parser from Sumo Logic, follow the custom parser guide in Sumo Logic.
Ingested events in Sumo Logic will default to JSON format
To get logs from the Fusion Portal to use for Panther's custom parser, go to Search -> Events, select an event. view the raw record from the properties tray, select the JSON tab, and click the top level clipboard icon as shown below:
Updated 7 months ago