Post on 11-Apr-2017
transcript
AWS Lambda Function– https://github.com/SumoGoodies/Scripts/blob/master/
AWS_CloudWatch_Logs_to_Sumo.js– http://bit.ly/1lNwVHw (Python by David Gadoury)
Configuration – Sumo (source and app)– AWS (Log Group, Enable Log, attach Lambda function)
Demo
The Flow
Sumo Logic Confidential1
Additional Info
Sumo Logic Confidential2
Sign up a Sumo Free for yourselfFreeSumo.com
Check out Sumo’s Docker Log Analyzer– https://www.sumologic.com/application/docker
Monty Yao– monty@sumologic.com– @montythereal
David Rogers (sales)– drogers@sumologic.com
Two Years ago, at this meetup, I showed you
Sumo Logic Confidential3
You can really do that in 5min or less
Sumo Logic Confidential4
Joe Hacker recorded that
http://blog.joehack3r.com/cloudtrail-and-sumologic-getting-started/
In Sumo, configure an HTTP endpoint– Manage->Collections->Collector->Add Source– Key in the VPC flow name and a category– Hit Save (5 clicks + 10-20 key strokes)
Install the Out of the Box VPC Flow app– Library->AWS Apps->VPC Flow App->Install->Pick
SourceCategory->Done. (6 clicks)
1 min (max)
Steps for VPC Flow via Lambda – Sumo Side
Sumo Logic Confidential5
Import Lambda function, and update the URL from Sumo
Create a Cloud Watch Log group
Attached the Lambda function to the Log group
Browse to VPC and enable Log Flow.
2 mins (est)
Setup for VPC Flow via Lambda on AWS
Sumo Logic Confidential6
Validate VPC Flow is logging
Sumo Logic Confidential7
Validate VPC Flow is going to Sumo
Sumo Logic Confidential8
Check out the Sumo VPC Flow app
Sumo Logic Confidential9
Check out the Sumo VPC Flow app
Sumo Logic Confidential10
Check out the Sumo VPC Flow app
Sumo Logic Confidential11