Skip to content

Latest commit

 

History

History
604 lines (478 loc) · 22 KB

File metadata and controls

604 lines (478 loc) · 22 KB

sumologic-collector Cookbook

Cookbook Version Build Status Build Status

This cookbook installs the Sumo Logic collector or updates an existing one if it was set to use Local Configuration Mangement. Installation on Linux uses the shell script installer and on Windows uses the exe installer. Here are the steps it follows:

  1. Sets up sumo.conf and sumo.json (or the json folder). By default the standard Linux logs (system and security) are captured. On Windows the application and system event logs are captured.
  2. Downloads latest installer
  3. Runs installer
  4. Starts collector and registers with the Sumo Logic service

For collector update, the existing collector must have been switched to use Local Configuration Mangement - see the instructions to configure New Collectors or Existing Collectors for more details. The steps the cookbook follows:

  1. Verify that the collector folder exists.
  2. (Optional) Recreate sumo.conf and sumo.json (or the json files under the json folder).
  3. Restart the collector for the changes to take effect.

The collector Requires outbound access to https://collectors.sumologic.com. Edit sumo.json (or the json files under the json folder) to add/edit/remove sources. After installation you can test connectivity.

Note

Starting from 19.107, there are 2 major extensions to SumoLogic collectors:

  • You can configure a collector's parameters from a set of json files under a common folder. Each of the json file will represent a source on that collector. Updates made to a json file will then be reflected on its corresponding source. Note that the format of this kind of file is slightly different from that of the traditional single json file (sumo.json) and they are not compatible. You also need to use the parameter syncSources instead of sources inside sumo.conf. See more details here.
  • You can change a collector's existing parameters through local configuration json file(s) continuously. Before this, using collector API was the only option. More information about this is here

Installation

  1. Create an Access Key
  2. Install the cookbook in your Chef repo (your knife version should be at least 11.10.4 and you should have the knife github plugin installed):
knife cookbook github install SumoLogic/sumologic-collector-chef-cookbook
  1. Specify data bag and item with your access credentials. The data item should contain attributes accessID and accessKey. Note that attribute names are case sensitive. If the cases mismatch, the values will not appear when chef-client runs. The default data bag/item is ['sumo-creds']['api-creds']. More flexible approach is to set node.run_state['sumo_key_id'] and node.run_state['sumo_key_secret'] to supply credentials from your wrapper cookbook level. Please note, storing sensitive data anywhere outside of node.run_state is not safe, because it's being uploaded to the Chef Server at the end of chef-client run. node.run_state is not persistent and generally discarded at the end of chef-client run. But you still want to make sure that credentials originates from a secure place, such as your own encrypted data bag, Chef Vault or alternative approach that stores and communicates your secrets in an encrypted manner.
  2. (Optional) Decide if you want to use the Local Configuration Management feature by setting the attribute default['sumologic']['local_management'] properly. By default this feature is on, to leverage the power of Chef.
  3. (Optional) Select the json configuration option (i.e. through a single file or a folder) by setting the attribute default['sumologic']['use_json_path_dir'] appropriately. By default a single json file is used.
  4. (Optional) Check if the path to the json file or the json folder is set correctly in the attribute default['sumologic']['sumo_json_path']. By default this is the path to the json file at /etc/sumo.json on Linux or c:\sumo\sumo.json on Windows.
  5. Upload the cookbook to your Chef Server:
knife cookbook upload sumologic-collector
  1. Add the sumologic-collector receipe to your node run lists. This step depends on your node configuration, so specifics will not be described in this README.md.

Attributes

['sumologic']['ephemeral'] Boolean Sumo Logic Ephemeral Setting Required
['sumologic']['installDir'] String Sumo Logic Install Directory Required
['sumologic']['credentials']['bag_name'] String Name of the data bag. Required
['sumologic']['credentials']['item_name'] String Name of the item within the data bag. Required
['sumologic']['credentials']['secret_file'] String Path to the local file containing the encryption secret key. Optional

Resource/Provider

sumologic_collector

Provides actions for installing and managing a SumoLogic Collector

Actions

default = :install_and_configure

:install

Installs an unconfigured and unregistered SumoLogic Collector. Use :configure to configure it later

sumologic_collector 'C:\sumo' do
  action :install
end

:install_and_configure

Installs and configures a SumoLogic Collector. This is the default action

sumologic_collector 'C:\sumo' do
  collector_name 'fileserver'
  sumo_access_id 'MYACCESSID'
  sumo_access_key 'MYACCESSKEY'
  proxy_host 'proxy.mydomain.com'
  proxy_port '8080'
end

:configure

Configures a pre-installed but unconfigured (and unregistered) SumoLogic Collector

Note: The recommended flow to use this is to have the collector installed without configuration or registration by using the :install action

sumologic_collector 'C:\sumo' do
  collector_name 'fileserver'
  sumo_access_id 'MYACCESSID'
  sumo_access_key 'MYACCESSKEY'
  proxy_host 'proxy.mydomain.com'
  proxy_port '8080'
  action :configure
end

:remove

Uninstalls a SumoLogic collector using the provided uninstaller

sumologic_collector 'C:\sumo' do
  action :remove
end

:start

Starts the SumoLogic Collector

sumologic_collector 'C:\sumo' do
  action :start
end

:stop

Stops the SumoLogic Collector

sumologic_collector 'C:\sumo' do
  action :stop
end

:restart

Restarts the SumoLogic Collector

sumologic_collector 'C:\sumo' do
  action :restart
end

Attribute Parameters

See the Sumo Logic documentation for more information about these attributes.

Attribute Type Description Default Required Used Actions
dir String Directory where collector will be installed (name attribute) none true all
source String URL to download collector installer from none (uses the latest installer from SumoLogic) false :install, :install_and_configure
collector_name String Name of this Collector nil false :install_and_configure, :configure
collector_url String URL used to register Collector for data collection API nil false :install_and_configure, :configure
collector_secure_files Boolean Enable or disable enhanced file security nil false :install_and_configure, :install
host_name String Hostname of this collector + default hostname of sources on it nil false :install_and_configure, :configure
description String Description of this collector nil false :install_and_configure, :configure
category String Default category for sources on this collector nil false :install_and_configure, :configure
sumo_token_and_url String Encoded Setup Wizard token nil false :install_and_configure
sumo_access_id String Access ID used when logging in with Access ID and Key nil false :install_and_configure, :configure
sumo_access_key String Access Key used when logging in with Access ID and Key nil false :install_and_configure, :configure
proxy_host String Sets proxy host when a proxy server is used nil false :install_and_configure, :configure
proxy_port String, Fixnum Sets proxy port when a proxy server is used nil false :install_and_configure, :configure
proxy_user String Sets proxy user when a proxy server is used with authentication nil false :install_and_configure, :configure
proxy_password String Sets proxy password when a proxy server is used with authentication nil false :install_and_configure, :configure
proxy_ntlmdomain String Sets proxy NTLM domain when a proxy server is used with NTLM authentication nil false :install_and_configure, :configure
sources String Sets the JSON file describing sources to configure on registration nil false :install_and_configure, :configure
sync_sources String Sets the JSON file describing sources to configure on registration, which will be continuously monitored and synchronized with the Collector's configuration nil false :install_and_configure, :configure
ephemeral Boolean When true, the Collector will be deleted after goes offline for a certain period of time false false :install_and_configure, :configure
clobber Boolean When true, if there is any existing Collector with the same name, that Collector will be deleted false false :install_and_configure, :configure
disable_upgrade Boolean If true, the collector rejects upgrade requests from Sumo. false false :install_and_configure, :configure
enable_script_source Boolean Script Sources are disabled by default. You can enable them by setting this parameter to true. false false :install_and_configure, :configure
enable_action_source Boolean Script Action Sources are disabled by default. You can enable them by setting this parameter to true. false false :install_and_configure, :configure
time_zone String The default time zone for sources on this collector nil false :install_and_configure, :configure
target_cpu Integer Target to which to limit the CPU usage of this collector nil false :install_and_configure, :configure
wrapper_java_initmemory Integer Override the initial Java heap size nil false :configure
wrapper_java_maxmemory Integer Override the maximum Java heap size nil false :configure
runas_username String Which user the daemon will run as nil false :install_and_configure, :install
winrunas_password String On Windows, the password for the user the service will run as nil false :install_and_configure, :install
skip_registration Boolean When true the collector will not register upon installation false nil :install_and_configure
fields Hash Sets the fields property in user.properties used by ingest budgets and other future features nil false :install_and_configure, :configure

sumologic_collector_installer

Note: sumologic_collector_installer has been deprecated, please use sumologic_collector with the :install_and_configure action (the default)

Allows for additional customisation of the Sumo Logic Collector installer

Actions

default = :install

  • :install - installs the Sumo Logic Collector if it is not already installed

Attribute Parameters

See the Sumo Logic documentation for more information about these attributes.

  • dir - Directory where the Collector will be installed
  • source - URL where installer will be downloaded from
  • collector_name
  • collector_url
  • sumo_token_and_url
  • sumo_access_id
  • sumo_access_key
  • proxy_host
  • proxy_port
  • proxy_user
  • proxy_password
  • proxy_ntlmdomain
  • sources
  • sync_sources
  • ephemeral
  • clobber
  • runas_username
  • winrunas_password
  • skip_registration

Examples

# Installs the Collector on Windows and skips registration
sumologic_collector_installer 'c:\sumo' do
  source 'https://collectors.sumologic.com/rest/download/win64'
  sumo_access_id node['SUMO_ACCESS_ID']
  sumo_access_key node['SUMO_ACCESS_KEY']
  skip_registration true
end

Collector Sources

Attribute Parameters

The following attributes are common to all of the sources listed below.

See the Sumo Logic documentation for more information about these attributes.

  • owner - owner of the JSON Source configuration file
  • group - group of the JSON Source configuration file
  • mode - file mode of the JSON Source configuration file
  • source_name - name of the source. required
  • source_json_directory - directory where JSON Source configuration file will be stored. required
  • description
  • category
  • host_name
  • time_zone
  • automatic_date_parsing
  • multiline_processing_enabled
  • use_autoline_matching
  • manual_prefix_regexp
  • force_time_zone
  • default_date_format
  • filters
  • alive

sumo_source_docker

Actions

default = :create

  • :create - creates a JSON Source configuration

Attribute Parameters

See the Sumo Logic documentation for more information about these attributes.

The following attribute parameters are in addition to the generic parameters listed above.

  • uri
  • specified_containers
  • all_containers
  • cert_path
  • source_type - one of :docker_stats, :docker_log. required
  • collect_events

Examples

sumo_source_docker 'docker_stats' do
  source_json_directory node['sumologic']['sumo_json_path']
  source_type :docker_stats
  uri 'https://127.0.0.1:2376'
  all_containers true
end

sumo_source_docker 'docker_log' do
  source_json_directory node['sumologic']['sumo_json_path']
  source_type :docker_log
  uri 'https://127.0.0.1:2376'
  all_containers true
end

sumo_source_local_file

Actions

default = :create

  • :create - creates a JSON Source configuration
  • :remove - removes a previously configured JSON source configuration

Attribute Parameters

See the Sumo Logic documentation for more information about these attributes.

The following attribute parameters are in addition to the generic parameters listed above.

  • path_expression - required
  • blacklist
  • encoding

Examples

sumo_source_local_file 'local_file' do
  source_json_directory node['sumologic']['sumo_json_path']
  path_expression '/tmp/example'
  fields {
    _siemforward: true,
    parser: '/MY_EXAMPLE_PARSER'
  }
end

sumo_source_local_windows_event_log

Actions

default = :create

  • :create - creates a JSON Source configuration

Attribute Parameters

See the Sumo Logic documentation for more information about these attributes.

The following attribute parameters are in addition to the generic parameters listed above.

  • log_names - required
  • event_format - :legacy for legacy format or :json for JSON format. :legacy is default.
  • event_message - Use with JSON format. :complete, :message (recommended), or :metadata for metadata only. :message is default.
  • allowlist - Available in Collector version 19.351-4 and later. A comma-separated list of event IDs. This is an empty string as default.
  • denylist - Available in Collector version 19.351-4 and later. A comma-separated list of event IDs. This is an empty string as default.

Examples

sumo_source_local_windows_event_log 'local_win_event_log' do
  source_json_directory node['sumologic']['sumo_json_path']
  log_names ['security', 'application']
end

Use JSON log format instead of legacy format:

sumo_source_local_windows_event_log 'local_win_event_log' do
  source_json_directory node['sumologic']['sumo_json_path']
  log_names ['security', 'application']
  event_format :json
  event_message :message
  allowlist ""
  denylist ""
end

sumo_source_remote_file

Actions

default = :create

  • :create - creates a JSON Source configuration

Attribute Parameters

See the Sumo Logic documentation for more information about these attributes.

The following attribute parameters are in addition to the generic parameters listed above.

  • remote_hosts - required
  • remote_port - required
  • remote_user - required
  • remote_password - required
  • key_path - required
  • key_password
  • path_expression - required
  • auth_method - one of key or password.
  • blacklist

Examples

sumo_source_remote_file 'remote_file' do
  source_json_directory node['sumologic']['sumo_json_path']
  remote_hosts ['127.0.0.1']
  remote_port 22
  remote_user 'user'
  remote_password 'password'
  key_path ''
  path_expression '/tmp/example'
  auth_method 'password'
end

sumo_source_remote_windows_event_log

Actions

default = :create

  • :create - creates a JSON Source configuration

Attribute Parameters

See the Sumo Logic documentation for more information about these attributes.

The following attribute parameters are in addition to the generic and sumo_source_local_windows_event_log parameters listed above.

  • domain - required
  • username - required
  • password - required
  • hosts - required
  • log_names - required

Examples

sumo_source_remote_windows_event_log 'remote_win_event_log' do
  source_json_directory node['sumologic']['sumo_json_path']
  domain 'mydomain'
  username 'user'
  password 'password'
  hosts ['myremotehost1']
  log_names ['security', 'application']
end

Use JSON log format instead of legacy format:

sumo_source_remote_windows_event_log 'remote_win_event_log' do
  source_json_directory node['sumologic']['sumo_json_path']
  domain 'mydomain'
  username 'user'
  password 'password'
  hosts ['myremotehost1']
  log_names ['security', 'application']
  event_format :json
  event_message :message
  allowlist ""
  denylist ""

end

sumo_source_script

Actions

default = :create

  • :create - creates a JSON Source configuration

Attribute Parameters

See the Sumo Logic documentation for more information about these attributes.

The following attribute parameters are in addition to the generic parameters listed above.

  • commands - required
  • file
  • working_dir
  • timeout
  • script
  • cron_expression

Examples

sumo_source_script 'script' do
  source_json_directory node['sumologic']['sumo_json_path']
  commands ['/bin/bash']
  cron_expression '0 * * * *'
end

sumo_source_syslog

Actions

default = :create

  • :create - creates a JSON Source configuration

Attribute Parameters

See the Sumo Logic documentation for more information about these attributes.

The following attribute parameters are in addition to the generic parameters listed above.

  • protocol
  • port

Examples

sumo_source_syslog 'syslog' do
  source_json_directory node['sumologic']['sumo_json_path']
end

sumo_source_graphite_metrics

Actions

default = :create

  • :create - creates a JSON Source configuration

Attribute Parameters

See the Sumo Logic documentation for more information about these attributes.

The following attribute parameters are in addition to the generic parameters listed above.

  • protocol
  • port

Examples

sumo_source_graphite_metrics 'graphite' do
  source_json_directory node['sumologic']['sumo_json_path']
end

Contributing

Please see CONTRIBUTING.md for guidelines

License and Authors

Authors: Ben Newton ([email protected]), Duc Ha ([email protected])