Integration with Sumo Logic
You can integrate NetFlow Optimizer with Sumo Logic by sending data over UDP protocol in JSON format to Sumo Logic Installed Collector (SumoCollector). SumoCollector can be installed on NFO machine or on a separate host or VM.
Installation Steps
- Install Sumo Logic Collector
- Configure the Collector to connect to your Sumo Logic environment
- Configure a Syslog Source
- Configure NFO Output
Install Sumo Logic Collector
For information on Sumo Logic Installed Collectors and installation instructions, visit https://help.sumologic.com/03Send-Data/Installed-Collectors
Configure the Collector
To connect your Installed Collector configure user.properties file in the /opt/SumoCollector/config/ directory.
The Collector uses the settings defined in user.properties to register and start. See user.properties for a full list of all the supported parameters.
To use an access key, provide the accessid and accesskey parameters. For example:
name = <collectorName>
accessid = <accessId>
accesskey = <accessKey>
Start the Collector using the following command.
sudo service collector start
Configure a Syslog Source
- In the Sumo web app select Manage Data > Collection > Collection.
- Find the Installed Collector to which you'd like to add the Syslog Source. Click Add and **** then choose Add Source from the pop-up menu.
- Select Syslog for the Source type.
- Set the following:
Make sure your Port number matches your NFO Output UDP Port number.
For more information, visit https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Syslog-Source#configure-a-syslog-source
Configuring NFO Output
In the NFO GUI go to Outputs on the left navigation bar and press the plus sign. Set the following:
Specify Address/Port. If your Installed Collector is installed on NFO machine, you can set the address to localhost, other wise specify the IP address where Sumo Collector is installed.
Configuring NFO output format as JSON allows SumoLogic's Dynamic Parsing to perform automatic field extraction.