Setting up Logging with Sumo Logic - which Host should I use?

Not applicable

I was working on adding some MessageLogging policies to our Apigee proxies but am currently stuck on the Host configuration.. I have set up a Sumo Logic account and configured a Syslog Collector by following the instructions here:

http://help.sumologic.com/Help/#Configuring_a_Syslog_Source.htm%3FTocPath%3DSources%7CConfiguring%25...

Notice that there is no field to configure Host in the collector. Here's what my MessageLogging policy looks like (I don't know what to put between the <Host> tags)

<MessageLogging name="log-to-syslog"> 
  <Syslog> 
    <Message>
      "{organization.name}.{apiproxy.name}.{environment.name}"
    </Message>
    <Host>???</Host> 
    <Port>514</Port> 
    <Protocol>TCP</Protocol> 
  </Syslog> 
</MessageLogging>

I would appreciate any advice on how to proceed from here. Thank you!

0 8 6,592
8 REPLIES 8

Hi Yumin - Try either removing the <Host> element or making its value localhost. (I believe the default is localhost.) If that doesn't work, I'll have to defer to somebody else who's more familiar with using Sumo with Message Logging.

Hey @Floyd Jones, I gave both of those a shot (1. removing the <Host> element, 2. setting the <Host> value to localhost) but that did not seem to work. Thank you for the suggestions, though!

This is sumologic configuration, you will have do. I think you will have to setup a sumologic collector and configure it as a source in your administration.

https://service.sumologic.com/help/Installing_a_Collector_with_RPM.htm

Are you planning to integrate with sumologic or you are just trying to understand how Messagelogging works with syslog?

If latter, I would suggest using loggly, it provides a cloud host for writing syslogs - no need to setup collectors.

[https://www.loggly.com/docs/streaming-syslog-without-using-files/]

If former, then you will have to setup collector [maybe install it on a machine] or maybe sumologic admins could help

Thanks,

Not applicable

Hi Yumin. From Sumologic documentation I believe you need to setup Syslog as a Hosted Collector first. I'm no longer able to test it though, since Sumologic accounts are no longer free. So, my account has been deactivated.

Not applicable

Thank you for all the info and suggestions. @dzuluaga, I think you're right. Another suggestion I got (but have not tried) is

  • You need to install the collector software on a server with public IP.
  • TCP port 514 needs to be opened on that server.
  • Use the IP of that server as <Host> in your message logging policy.

Cool. My understanding is that you can do it that way if you don't want to leverage Syslog server provided by Sumologic e.g. RSyslog on AWS. However, if you still wish to leverage the same the Syslog service supplied by Sumologic, you can take advantage of it. I believe I tried a while ago, and it worked fine, here's an article about it. If you just want to test MessageLogging policy, I'd encourage you to try Loggly, it is simpler and it has been already tested. @Ricardo de Andrade provides a snippet of the configuration here.

@yumin

I set up logging to Sumo using a JavaScript callout to POST log entries to an HTTP endpoint. The use of SysLog requires the installation of a "collector" and I don't see how to do that.

Setting up logging to Sumo is really simple:

1. Create a trial account

2. Select "Set Up Streaming Data"

3572-sumo-1.png

3. Select the data type "Your Custom App"

3573-sumo-2.png

4. Set up the collection

3574-sumo-3.png

5. Configure the HTTP source, this can be what ever hierarchy you want.

3581-sumo-4.png

6. Save the obfuscated URL, there is no security other than the URL value

Wait for the email from Sumo indicating your log is ready (few minutes, maybe more).

In the meantime, you can configure your API to send log entries. In this example, I use the following JavaScript policy in the Proxy PostFlow:

// Get variable from previous KVM configuration lookup
// var logging = context.getVariable("exco.logging");
var logging = "true";

if (logging == "true") {


    // var logServerURL = context.getVariable("exco.loggingUrl");
    var logServerURL = "https://endpoint1.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV1oma90Vvb...";
    print('LOGGING ' + logServerURL);
    
    var request_start_time = context.getVariable('client.received.start.timestamp');
    var target_start_time  = context.getVariable('target.sent.start.timestamp');
    var target_end_time    = context.getVariable('target.received.end.timestamp');
    var request_end_time   = context.getVariable('system.timestamp');
    var total_request_time = request_end_time-request_start_time;
    var total_target_time  = target_end_time-target_start_time;
    var total_client_time  = total_request_time-total_target_time;


    var logObject = {
        "organization": context.getVariable("organization.name"),
        "environment": context.getVariable("environment.name"),
        "apiProduct": context.getVariable("apiproduct.name"),
        "proxyName": context.getVariable("apiproxy.name"),
        "appName": context.getVariable("developer.app.name"),
        "verb": context.getVariable("request.verb"),
        "url": '' + context.getVariable("client.scheme") + '://' + context.getVariable("request.header.host") + context.getVariable("request.uri"),
        "responseCode": context.getVariable("message.status.code"),
        "responseReason": context.getVariable("message.reason.phrase"),
        "clientLatency": total_client_time,
        "targetLatency": total_target_time,
        "totalLatency": total_request_time
    };


    var headers = {
        'Content-Type': 'application/json'
    };


    print('LOGGING OBJECT' + JSON.stringify(logObject));
    var myLoggingRequest = new Request(logServerURL, "POST", headers, JSON.stringify(logObject));


    httpClient.send(myLoggingRequest);
}

Then fire off a few requests and login to Sumo to search the logs.

3583-sumo-6.png

Not applicable

Hi, this is Brian Goleno, a product manager at Sumo Logic. The correct approach is to do as @yumin stated above, and at this post here: https://community.apigee.com/articles/32286/logging-to-sumo-logic-using-javascript-and-http.html