Skip to main content
Version: 2.11.0

Integration with Sumo Logic

Sending flow data to Sumo Logic provides valuable insights into network traffic patterns, enabling proactive threat detection, network performance optimization, and comprehensive visibility for effective troubleshooting. Leveraging Sumo Logic's robust analytics and visualization capabilities, organizations can gain actionable intelligence, enhance security posture, and streamline network operations with remarkable precision and efficiency.

You can integrate NetFlow Optimizer with Sumo Logic by sending data over UDP protocol in JSON format to Sumo Logic Installed Collector (SumoCollector). SumoCollector can be installed on NFO machine or on a separate host or VM.

Installation Steps

  1. Install Sumo Logic Collector
  2. Configure the Collector to connect to your Sumo Logic environment
  3. Configure a Syslog Source
  4. Configure NFO Output

Install Sumo Logic Collector

For information on Sumo Logic Installed Collectors and installation instructions, visit https://help.sumologic.com/03Send-Data/Installed-Collectors

Configure the Collector

To connect your Installed Collector configure user.properties file in the /opt/SumoCollector/config/ directory.

The Collector uses the settings defined in user.properties to register and start. See user.properties for a full list of all the supported parameters.

To use an access key, provide the accessid and accesskey parameters. For example:

name = <collectorName>
accessid = <accessId>
accesskey = <accessKey>

Start the Collector using the following command.

sudo service collector start

Configure a Syslog Source

  1. In the Sumo web app select Manage Data > Collection > Collection.
  2. Find the Installed Collector to which you'd like to add the Syslog Source. Click Add and **** then choose Add Source from the pop-up menu.
  3. Select Syslog for the Source type.
  4. Set the following:

note

Make sure your Port number matches your NFO Output UDP Port number.

For more information, visit https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Syslog-Source#configure-a-syslog-source

Configuring NFO Output

In the NFO GUI go to Outputs on the left navigation bar and press the plus sign. Set the following:

Specify Address/Port. If your Installed Collector is installed on NFO machine, you can set the address to localhost, other wise specify the IP address where Sumo Collector is installed.

Configuring NFO output format as JSON allows SumoLogic's Dynamic Parsing to perform automatic field extraction.