├── .dockerignore ├── .gitignore ├── Dockerfile ├── Dockerfile.arm64 ├── LICENSE ├── README.md ├── docker-sources ├── Dockerfile ├── Dockerfile.arm64 └── sumo-sources.json ├── example ├── Dockerfile ├── sumo-sources.json.file.example ├── sumo-sources.json.syslog-tcp.example └── sumo-sources.json.syslog-udp.example ├── file ├── Dockerfile ├── Dockerfile.arm64 ├── sumo-containers.json └── sumo-sources.json ├── logging-driver-syslog ├── Dockerfile ├── Dockerfile.arm64 ├── README.md └── sumo-sources.json ├── run.sh └── syslog ├── Dockerfile ├── Dockerfile.arm64 └── sumo-sources.json /.dockerignore: -------------------------------------------------------------------------------- 1 | .git 2 | example/ 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /sumo-sources.json 2 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Sumo Logic Collector Docker Image 2 | # Version 0.1 3 | 4 | FROM ubuntu:20.04 5 | LABEL maintainer="Sumo Logic " 6 | 7 | ENV DEBIAN_FRONTEND noninteractive 8 | RUN apt-get update --quiet && \ 9 | apt-get install -y --no-install-recommends apt-utils && \ 10 | apt-get upgrade --quiet --allow-downgrades --allow-remove-essential --allow-change-held-packages -y && \ 11 | apt-get install --quiet --allow-downgrades --allow-remove-essential --allow-change-held-packages -y wget && \ 12 | wget -q -O /tmp/collector.deb https://collectors.sumologic.com/rest/download/deb/64 && \ 13 | dpkg -i /tmp/collector.deb && \ 14 | rm /tmp/collector.deb && \ 15 | apt-get clean --quiet && \ 16 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* 17 | 18 | COPY run.sh /run.sh 19 | ENTRYPOINT ["/bin/bash", "/run.sh"] 20 | -------------------------------------------------------------------------------- /Dockerfile.arm64: -------------------------------------------------------------------------------- 1 | # Sumo Logic Collector Docker Image 2 | # Version 0.1 3 | 4 | FROM ubuntu:20.04 5 | LABEL maintainer="Sumo Logic " 6 | 7 | ENV DEBIAN_FRONTEND noninteractive 8 | RUN apt-get update --quiet && \ 9 | apt-get install -y --no-install-recommends apt-utils && \ 10 | apt-get upgrade --quiet --allow-downgrades --allow-remove-essential --allow-change-held-packages -y && \ 11 | apt-get install --quiet --allow-downgrades --allow-remove-essential --allow-change-held-packages -y wget && \ 12 | wget -q -O /tmp/collector.deb https://collectors.sumologic.com/rest/download/deb/aarch/64 && \ 13 | dpkg -i /tmp/collector.deb && \ 14 | rm /tmp/collector.deb && \ 15 | apt-get clean --quiet && \ 16 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* 17 | 18 | COPY run.sh /run.sh 19 | ENTRYPOINT ["/bin/bash", "/run.sh"] -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | Copyright 2015, Sumo Logic, Inc. 179 | 180 | Licensed under the Apache License, Version 2.0 (the "License"); 181 | you may not use this file except in compliance with the License. 182 | You may obtain a copy of the License at 183 | 184 | http://www.apache.org/licenses/LICENSE-2.0 185 | 186 | Unless required by applicable law or agreed to in writing, software 187 | distributed under the License is distributed on an "AS IS" BASIS, 188 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 189 | See the License for the specific language governing permissions and 190 | limitations under the License. 191 | 192 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | - [Sumo Logic Collector for Docker](#sumo-logic-collector-for-docker) 2 | - [Use the Docker collection image](#use-the-docker-collection-image) 3 | * [Prerequisites and limitations](#prerequisites-and-limitations) 4 | * [Step 1 Create Sumo Access ID and Key](#step-1-create-sumo-access-id-and-key) 5 | * [Step 2 Tailor source configuration](#step-2-tailor-source-configuration) 6 | + [More about defining container filters](#more-about-defining-container-filters) 7 | * [Step 3 Run the image](#step-3-run-the-image) 8 | + [Collector environment variables](#collector-environment-variables) 9 | + [Configure collector in user.properties file](#configure-collector-in-userproperties-file) 10 | + [To monitor more than 40 containers](#to-monitor-more-than-40-containers) 11 | + [To avoid exposing your keys on the command line](#to-avoid-exposing-your-keys-on-the-command-line) 12 | * [Step 4 Install Sumo app for Docker](#step-4-install-sumo-app-for-docker) 13 | * [Step 5 Run searches and use dashboards](#step-5-run-searches-and-use-dashboards) 14 | + [Sample Docker messages](#sample-docker-messages) 15 | + [Sample query for containers created or started](#sample-query-for-containers-created-or-started) 16 | - [Use the Syslog collection image](#use-the-syslog-collection-image) 17 | - [Use the file collection image](#use-the-file-collection-image) 18 | - [Create a custom Docker image](#create-a-custom-docker-image) 19 | * [Using source templates](#using-source-templates) 20 | 21 | 22 | 23 | # Sumo Logic Collector for Docker 24 | 25 | This repository offers several variants of Docker images to run the Sumo Logic collector. The batteries-included images contains one or more pre-configured sources. In Sumo, collectors use sources to collect data. The following images are available: 26 | 27 | * Docker Collection—This batteries-included image runs the collector with Sumo’s Docker Logs source and Docker Stats source. This allows you to collect container logs, events, and stats, and to use the [Sumo web app for Docker](https://help.sumologic.com/Send-Data/Data-Types/Docker/Docker-App-Dashboards). For instructions on using this image, see [Use the Docker Collection Image](#use-the-docker-collection-image). 28 | 29 | * Syslog Collection—This batteries-included image runs the collector with Sumo’s Syslog source. The collector will listen on port 514 TCP and UDP for Syslog traffic. For more information, see [Use the Syslog Collection Image](#use-the-syslog-collection-image). 30 | 31 | * File Collection—This batteries-included image runs the collector with Sumo’s local file source. This allows you to collect all files from `/tmp/clogs/` from a Docker volume on the host. For more information, see [Use the File Collection Image](#use-the-file-collection-image). 32 | 33 | * Custom Configuration—This is a base image you can use to build your own custom-configured collector image. For more information, see [Create a Custom Docker Image](#create-a-custom-docker-image). 34 | 35 | When you run a collector image, the collector automatically registers with the Sumo service and creates sources based on a `sumo-sources.json` file. In each of the batteries-included images, the collector is configured to be ephemeral: it will be deleted automatically after being offline for 12 hours. For information about ephemeral collectors, see [Set a Collector as Ephemeral](https://help.sumologic.com/Send-Data/Installed-Collectors/05Reference-Information-for-Collector-Installation/11Set-a-Collector-as-Ephemeral), in Sumo help. 36 | 37 | # Use the Docker collection image 38 | 39 | The batteries-included image tagged `latest` runs the collector with Sumo’s Docker Logs source and Docker Stats source. 40 | 41 | When run, the collector listens on the Docker Unix socket for container logs, events and stats. 42 | 43 | Sumo’s Docker Logs source and Docker Stats source use the Docker Engine API to gather the following data from Docker: 44 | 45 | * Docker container logs. Sumo’s Docker Logs source collects container logs. For information about the API Sumo uses to collect logs, see [Get Container Logs](https://docs.docker.com/engine/api/v1.29/#operation/ContainerLogs) in Docker API documentation. 46 | 47 | * Docker events. Sumo’s Dockers log source collect Docker events. For information about Docker events, see [Monitor Events](https://docs.docker.com/engine/api/v1.29/#operation/SystemEvents) in Docker API documentation. 48 | 49 | * Docker container stats. Sumo’s Docker stats source collects stats. For information about Docker stats, see [Get Container Stats Based on Resource Usage](https://docs.docker.com/engine/api/v1.29/#operation/ContainerExporthttps://docs.docker.com/engine/api/v1.29/#operation/ContainerExport) in Docker API documentation. 50 | 51 | ## Prerequisites and limitations 52 | Before installing, review the [Installed Collector Requirements](https://help.sumologic.com/Start-Here/01About-Sumo-Logic/System-Requirements/Installed-Collector-Requirements) help page to understand the resource requirements of the installed collector. 53 | 54 | The containers you’re going to monitor must use either the `json-file` or the `journald driver`. For more information, see [Configure Logging Drivers](https://docs.docker.com/engine/admin/logging/overview/) in Docker help. 55 | 56 | By default, you can monitor up to 40 Docker containers on a Docker host. If you want to monitor more than 40 containers on a given host, see [To monitor more than 40 containers](#to-monitor-more-than-40-containers). 57 | 58 | ## Step 1 Create Sumo Access ID and Key 59 | 60 | If you don’t already have a Sumo account, you can create one by clicking **Free Trial** on https://www.sumologic.com/. 61 | 62 | Log into Sumo to create an access ID and an access key to register the Sumo collector. For instructions, see [Access Keys](https://help.sumologic.com/Manage/Security/Access-Keys) in Sumo help. Make a note of the access ID and access key. You supply these credentials when you start the Sumo collector. 63 | 64 | ## Step 2 Tailor source configuration 65 | 66 | There are two Sumo sources included in the image: Docker logs and Docker stats. The JSON file defines the sources is at https://github.com/SumoLogic/sumologic-collector-docker/blob/master/docker-sources/sumo-sources.json. 67 | 68 | The Docker logs source in the image collects container logs from all containers on a Docker host, and events. Processing of multiline log messages is not enabled. 69 | 70 | The Docker stats source collects Docker stats from all containers on a Docker host. The polling interval is set to one minute. 71 | 72 | If you want to change the configuration of one or both of the sources, you can create your own `sumo-sources.json` using https://github.com/SumoLogic/sumologic-collector-docker/blob/master/docker-sources/sumo-sources.json as a starting point. 73 | 74 | For example: 75 | 76 | * If you only want to monitor Docker logs, remove the `Docker-stats` object from the `sources` array. 77 | 78 | * If you want to collect logs and events from only selected containers, set `allContainers` in the `Docker-logs` object to `false`, and specify selected containers using `specifiedContainers`. 79 | 80 | * If you want to collect stats from only selected containers, set `allContainers` in the `Docker-stats` object to `false`, and specify selected containers using `specifiedContainers.` For more information, see [More about defining container filters](#more-about-defining-container-filters). 81 | 82 | * If you want to prevent the Docker logs source from collecting events (start, stop, and so on) set `collectEvents` in the `Docker-logs` object to `false`. 83 | 84 | For general information about configuring Docker sources, see [Docker log source](https://help.sumologic.com/Send-Data/Sources/03Use-JSON-to-Configure-Sources/JSON-Parameters-for-Installed-Sources#Docker_Log_Source) and [Docker stats source](https://help.sumologic.com/Send-Data/Sources/03Use-JSON-to-Configure-Sources/JSON-Parameters-for-Installed-Sources#Docker_Stats_Source) in Sumo help. 85 | 86 | When you run the image, specify the location of your `sumo-sources.json` file using the `SUMO_SOURCES_JSON` environment variable. For information about using environment variables, see the [Collector environment variables](#collector-environment-variables) below. 87 | 88 | ### More about defining container filters 89 | 90 | In the `specifiedContainer` field of the `sumo-sources.json` file, you can enter a comma-separated list of one or more of the following types of filters: 91 | 92 | * A specific container name, for example, “my-container” 93 | * A wildcard filter, for example, “my-container-\*” 94 | * An exclusion (blacklist) filter, which begins with an exclamation mark, for example, ”!master-container” or “!prod-\*” 95 | 96 | For example, this filter list: 97 | 98 | `prod-*, !prod-*-mysql, master-*-app-*, sumologic-collector` 99 | 100 | will cause the source to collect from all containers whose names start with “prod-”, except those that match “prod-\*-mysql”. It will also collect from containers with names that match “master-\*-app-\*”, and from the “sumologic-collector” container. 101 | 102 | If your filter list contains only exclusions, the source will collect all containers except from those that match your exclusion filters. For example: 103 | 104 | `!container123*, !prod-*` 105 | 106 | will cause the source to exclude containers whose names begin with “container123” and “prod-”. 107 | 108 | 109 | 110 | 111 | ## Step 3 Run the image 112 | 113 | To run the Docker Collection image, run the following command, supplying your access ID and access key. 114 | 115 | `docker run -d -v /var/run/docker.sock:/var/run/docker.sock --name="sumo-logic-collector" sumologic/collector:latest AccessID AccessKey` 116 | 117 | The collector can be configured either with environment variables, or a volume-mounted `user.properties` file, as described in the sections below. 118 | 119 | ### Collector environment variables 120 | The following environment variables are supported. You can pass environment variables to the `docker run` command with the `-e` flag. 121 | 122 | 123 | |Environment Variable     |Description | 124 | |------------------------------------|---------------| 125 | |`SUMO_ACCESS_ID` |Passes the Access ID.| 126 | |`SUMO_ACCESS_KEY` |Passes the Access Key.| 127 | |`SUMO_INSTALLATION_TOKEN` |Passes the Installation Token. This is not the encoded Token+URL. It is the decoded token only. If your Sumo Logic instance is not in US1, you must also set `SUMO_RECEIVER_URL`.| 128 | |`SUMO_ACCESS_ID_FILE` |Passes a bound file path containing Access ID.| 129 | |`SUMO_ACCESS_KEY_FILE` |Passes a bound file path containing Access Key.| 130 | |`SUMO_INSTALLATION_TOKEN_FILE` |Passes a bound file path containing the Installation Token.| 131 | |`SUMO_CLOBBER` |When true, if there is an existing collector with the same name, that collector will be deleted.

Default: false| 132 | |`SUMO_COLLECTOR_CATEGORY` |Specify collector Category.| 133 | |`SUMO_COLLECTOR_EPHEMERAL` |When true, the collector will be deleted after it goes offline for 12 hours.

Default: true.| 134 | |`SUMO_COLLECTOR_FIELDS` |Optional comma separated list of key=value fields to be added to the collector e.g. `_budget=Dev_20,cluster=k8s.dev`. Does nothing if `SUMO_GENERATE_USER_PROPERTIES` is set to “false”.| 135 | |`SUMO_COLLECTOR_NAME` |Configures the name of the collector. The default is set dynamically to the value in `/etc/hostname`.| 136 | |`SUMO_COLLECTOR_NAME_PREFIX` |Configures a prefix to the collector name. Useful when overriding `SUMO_COLLECTOR_NAME` with the Docker hostname.

Default: "collector_container-"

If you do not want a prefix, set the variable as follows:

`SUMO_COLLECTOR_NAME_PREFIX = ""`| 137 | |`SUMO_COLLECTOR_HOSTNAME` |Sets the host name of the machine on which the Collector container is running.

Default: The container ID.| 138 | |`SUMO_DISABLE_SCRIPTS` |If your organization's internal policies restrict the use of scripts, you can disable the creation of script-based script sources. When this parameter is passed, this option is removed from the Sumo web application, and script source cannot be configured.

Deprecated on Collector version 19.245-4. Use `SUMO_ENABLE_SCRIPTS` instead.| 139 | |`SUMO_ENABLE_SCRIPTS` |Script Sources are disabled by default, you can enable the creation of script-based script sources.

Default: false.

Available on Collector version 19.245-4+.| 140 | |`SUMO_GENERATE_USER_PROPERTIES` |Set this variable to “false” if you are providing the collector configuration settings using a `user.properties` file via a Docker volume mount.| 141 | |`SUMO_GENERATE_COLLECTOR_PROPERTIES`|Set this variable to “false” if you are providing the collector configuration settings using a `collector.properties` file via a Docker volume mount.| 142 | |`SUMO_JAVA_MEMORY_INIT` |Sets the initial java heap size (in MB).

Default: 64| 143 | |`SUMO_JAVA_MEMORY_MAX` |Sets the maximum java heap size (in MB).

Default: 128.| 144 | |`SUMO_PROXY_HOST` |Sets proxy host when a proxy server is used.| 145 | |`SUMO_PROXY_NTLM_DOMAIN` |Sets proxy NTLM domain when a proxy server is used with NTLM authentication.| 146 | |`SUMO_PROXY_PASSWORD` |Sets proxy password when a proxy server is used with authentication.| 147 | |`SUMO_PROXY_PORT` |Sets proxy port when a proxy server is used.| 148 | |`SUMO_PROXY_USER` |Sets proxy user when a proxy server is used with authentication.| 149 | |`SUMO_RECEIVER_URL` |Passes the collector endpoint URL.

Default: `https://collectors.sumologic.com`| 150 | |`SUMO_SOURCES_JSON` |Specifies the path to the `sumo-sources.json` file.

Default: `/etc/sumo-sources.json`. | 151 | |`SUMO_SYNC_SOURCES` |If “true”, the `SUMO_SOURCES_JSON` file(s) will be continuously monitored and synchronized with the Collector's configuration. This will also disable editing of the collector in the Sumo UI.

Default: false| 152 | |`SUMO_FIPS_JCE` |If "true", the FIPS 140-2 compliant Java Cryptography Extension (JCE) would be used to encrypt the data.

Default: false| 153 | |`SUMO_UDP_READ_BUFFER_SIZE` |Sets the datagram size of the UDP messages (in bytes)

Default: 2048

Max: 65535| 154 | 155 | ### Configure collector in user.properties file 156 | You can supply source configuration values using a `user.properties` file via a Docker volume mount. For information about supported properties, see [user.properties](http://help.sumologic.com/Send_Data/Installed_Collectors/05Reference_Information_for_Collector_Installation/06user.properties) in Sumo help. For information about Docker volumes, see [Use Volumes](https://docs.docker.com/engine/admin/volumes/volumes/) in Docker help. 157 | 158 | **Note** If you configure a source using `user.properties`, you cannot update the source configuration using the Sumo web app or the collector management API. 159 | 160 | To use a custom `user.properties` file, you must pass the environment variable `SUMO_GENERATE_USER_PROPERTIES=false`, and provide the Docker volume mount to replace the file located at `/opt/SumoCollector/config/user.properties`. 161 | 162 | For example: 163 | ``` 164 | docker run other options -e SUMO_GENERATE_USER_PROPERTIES=false -v $some_path/user.properties:/opt/SumoCollector/config/user.properties sumologic/collector:$tag 165 | ``` 166 | 167 | ### Configure collector in collector.properties file 168 | You can supply source configuration values using a `collector.properties` file via a Docker volume mount. For information about supported properties, see [collector.properties](https://help.sumologic.com/03Send-Data/Installed-Collectors/05Reference-Information-for-Collector-Installation/collector.properties) in Sumo help. For information about Docker volumes, see [Use Volumes](https://docs.docker.com/engine/admin/volumes/volumes/) in Docker help. 169 | 170 | **Note** If you configure a source using `collector.properties`, you cannot update the source configuration using the Sumo web app or the collector management API. 171 | 172 | To use a custom `collector.properties` file, you must pass the environment variable `SUMO_GENERATE_COLLECTOR_PROPERTIES=false`, and provide the Docker volume mount to replace the file located at `/opt/SumoCollector/config/collector.properties`. 173 | 174 | For example: 175 | ``` 176 | docker run other options -e SUMO_GENERATE_COLLECTOR_PROPERTIES=false -v $some_path/collector.properties:/opt/SumoCollector/config/collector.properties sumologic/collector:$tag 177 | ``` 178 | 179 | ### To monitor more than 40 containers 180 | 181 | By default, you can collect from up to 40 containers. To increase the limit: 182 | 183 | 1. Open a bash shell with the running collector container with either: 184 | 185 | `docker exec -ti container_id /bin/bash` 186 | 187 | or 188 | 189 | `docker exec -ti container_name /bin/bash` 190 | 191 | 2. Edit the file located at `/opt/SumoCollector/config/collector.properties`, to add the `docker.maxPerContainerConnections` property. The maximum supported value is 100. 192 | 193 | 3. Exit the shell. 194 | 195 | 4. Restart the container with either: 196 | 197 | `docker restart container_id` 198 | 199 | or 200 | 201 | `docker restart container_name` 202 | 203 | ### To avoid exposing your keys on the command line 204 | 205 | #### Use Docker Secret Management 206 | 207 | To prevent exposing your keys on the commandline, use the following command lines: 208 | 209 | ``` 210 | # be sure you have an up and running docker swarm cluster (1 node or more): 211 | docker swarm init 212 | # store your API keys using docker secret manager: 213 | echo AccessID | docker secret create sumo-access-id 214 | echo AccessKey | docker secret ceate sumo-access-key 215 | docker service create --name sumologic-collector --mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock --mode global --secret sumo-access-id --secret sumo-secret-key -e SUMO_ACCESS_ID_FILE=/run/secret/sumo-access-id -e SUMO_ACCESS_KEY_FILE=/run/secrets/sumo-access-key sumologic/collector:latest 216 | ``` 217 | Using this commandline, the service will automatically be deployed to all nodes of your swarm cluster thanks to the _global_ mode. 218 | 219 | #### Store and historize your configuration with docker-compose file and docker stack 220 | 221 | You can automate your swarm cluster creation using docker-compose file together with the docker stack command and docker secret management. 222 | 223 | ``` 224 | # be sure you have an up and running docker swarm cluster (1 node or more): 225 | docker swarm init 226 | # store your API keys using docker secret manager: 227 | echo AccessID | docker secret create sumo-access-id 228 | echo AccessKey | docker secret ceate sumo-access-key 229 | 230 | cat > docker-compose.yml < 3 | COPY sumo-sources.json /etc/sumo-sources.json 4 | -------------------------------------------------------------------------------- /docker-sources/Dockerfile.arm64: -------------------------------------------------------------------------------- 1 | FROM sumologic/collector:latest-no-source-arm64 2 | MAINTAINER Sumo Logic 3 | COPY sumo-sources.json /etc/sumo-sources.json 4 | -------------------------------------------------------------------------------- /docker-sources/sumo-sources.json: -------------------------------------------------------------------------------- 1 | { 2 | "api.version": "v1", 3 | "sources": [ 4 | { 5 | "name": "Docker-logs", 6 | "category": "docker", 7 | "allContainers": true, 8 | "collectEvents": true, 9 | "uri": "unix:///var/run/docker.sock", 10 | "specifiedContainers": [], 11 | "multilineProcessingEnabled": false, 12 | "sourceType": "DockerLog" 13 | }, 14 | { 15 | "name": "Docker-stats", 16 | "category": "docker", 17 | "automaticDateParsing": true, 18 | "forceTimeZone": false, 19 | "cutoffTimestamp": 0, 20 | "uri": "unix:///var/run/docker.sock", 21 | "specifiedContainers": [], 22 | "allContainers": true, 23 | "multilineProcessingEnabled": false, 24 | "certPath": "", 25 | "sourceType": "DockerStats", 26 | "pollInterval": 60000 27 | } 28 | ] 29 | } 30 | 31 | -------------------------------------------------------------------------------- /example/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM sumologic/collector 2 | MAINTAINER Happy Sumo Customer 3 | ADD sumo-sources.json /etc/sumo-sources.json 4 | -------------------------------------------------------------------------------- /example/sumo-sources.json.file.example: -------------------------------------------------------------------------------- 1 | { 2 | "api.version": "v1", 3 | "sources": [ 4 | { 5 | "sourceType" : "LocalFile", 6 | "name": "localfile-collector-container", 7 | "pathExpression": "/logs/**", 8 | "multilineProcessingEnabled": false, 9 | "automaticDateParsing": true, 10 | "forceTimeZone": false, 11 | "category": "collector-container" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /example/sumo-sources.json.syslog-tcp.example: -------------------------------------------------------------------------------- 1 | { 2 | "api.version": "v1", 3 | "sources": [ 4 | { 5 | "sourceType": "Syslog", 6 | "name": "syslog-collector-container-tcp", 7 | "port": 514, 8 | "protocol": "TCP", 9 | "encoding": "UTF-8", 10 | "forceTimeZone": false, 11 | "category": "collector-container" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /example/sumo-sources.json.syslog-udp.example: -------------------------------------------------------------------------------- 1 | { 2 | "api.version": "v1", 3 | "sources": [ 4 | { 5 | "sourceType": "Syslog", 6 | "name": "syslog-collector-container-udp", 7 | "port": 514, 8 | "protocol": "UDP", 9 | "encoding": "UTF-8", 10 | "forceTimeZone": false, 11 | "category": "collector-container" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /file/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM sumologic/collector:latest-no-source 2 | MAINTAINER Sumo Logic 3 | ADD sumo*.json /etc/ 4 | -------------------------------------------------------------------------------- /file/Dockerfile.arm64: -------------------------------------------------------------------------------- 1 | FROM sumologic/collector:latest-no-source-arm64 2 | MAINTAINER Sumo Logic 3 | ADD sumo*.json /etc/ 4 | -------------------------------------------------------------------------------- /file/sumo-containers.json: -------------------------------------------------------------------------------- 1 | { 2 | "api.version": "v1", 3 | "sources": [ 4 | { 5 | "sourceType" : "LocalFile", 6 | "name": "localfile-collector-container", 7 | "pathExpression": "/var/lib/docker/containers/**/*.log", 8 | "multilineProcessingEnabled": false, 9 | "automaticDateParsing": true, 10 | "forceTimeZone": false, 11 | "category": "collector-container" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /file/sumo-sources.json: -------------------------------------------------------------------------------- 1 | { 2 | "api.version": "v1", 3 | "sources": [ 4 | { 5 | "sourceType" : "LocalFile", 6 | "name": "localfile-collector-container", 7 | "pathExpression": "/tmp/clogs/**", 8 | "multilineProcessingEnabled": false, 9 | "automaticDateParsing": true, 10 | "forceTimeZone": false, 11 | "category": "collector-container" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /logging-driver-syslog/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM sumologic/collector:latest-no-source 2 | MAINTAINER Sumo Logic 3 | ADD sumo-sources.json /etc/sumo-sources.json -------------------------------------------------------------------------------- /logging-driver-syslog/Dockerfile.arm64: -------------------------------------------------------------------------------- 1 | FROM sumologic/collector:latest-no-source-arm64 2 | MAINTAINER Sumo Logic 3 | ADD sumo-sources.json /etc/sumo-sources.json -------------------------------------------------------------------------------- /logging-driver-syslog/README.md: -------------------------------------------------------------------------------- 1 | Syslog Logging Driver With Sumo Logic 2 | ===================================== 3 | 4 | If you want to build the image locally yourself: 5 | 6 | ```bash 7 | $ docker build -t logging-driver-syslog . 8 | ``` 9 | 10 | Run that image: 11 | 12 | ```bash 13 | $ docker run -v /var/log/syslog:/syslog -d \ 14 | --name="sumo-logic-collector" \ 15 | logging-driver-syslog [Access ID] [Access Key] 16 | ``` 17 | 18 | It is recommended to use the official image from Docker Hub: 19 | 20 | ```bash 21 | $ docker run -v /var/log/syslog:/syslog -d \ 22 | --name="sumo-logic-collector" \ 23 | sumologic/collector:latest-logging-driver-syslog [Access ID] [Access Key] 24 | ``` 25 | 26 | Of course, all containers need to be run with ```--log-driver=syslog``` for this to work. 27 | -------------------------------------------------------------------------------- /logging-driver-syslog/sumo-sources.json: -------------------------------------------------------------------------------- 1 | { 2 | "api.version": "v1", 3 | "sources": [ 4 | { 5 | "sourceType" : "LocalFile", 6 | "name": "logging-driver-syslog", 7 | "pathExpression": "/syslog", 8 | "multilineProcessingEnabled": false, 9 | "automaticDateParsing": true, 10 | "forceTimeZone": false, 11 | "category": "collector-container" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [[ $SUMO_ACCESS_ID_FILE ]]; then 4 | export SUMO_ACCESS_ID=$(cat $SUMO_ACCESS_ID_FILE) 5 | fi 6 | 7 | if [[ $SUMO_ACCESS_KEY_FILE ]]; then 8 | export SUMO_ACCESS_KEY=$(cat $SUMO_ACCESS_KEY_FILE) 9 | fi 10 | 11 | if [[ $SUMO_INSTALLATION_TOKEN_FILE ]]; then 12 | export SUMO_INSTALLATION_TOKEN=$(cat $SUMO_INSTALLATION_TOKEN_FILE) 13 | fi 14 | 15 | SUMO_GENERATE_USER_PROPERTIES=${SUMO_GENERATE_USER_PROPERTIES:=true} 16 | SUMO_GENERATE_COLLECTOR_PROPERTIES=${SUMO_GENERATE_COLLECTOR_PROPERTIES:=true} 17 | SUMO_ACCESS_ID=${SUMO_ACCESS_ID:=$1} 18 | SUMO_ACCESS_KEY=${SUMO_ACCESS_KEY:=$2} 19 | SUMO_RECEIVER_URL=${SUMO_RECEIVER_URL:=https://collectors.sumologic.com} 20 | # Handle case for an empty string 21 | SUMO_COLLECTOR_NAME=${SUMO_COLLECTOR_NAME_PREFIX='collector_container-'}${SUMO_COLLECTOR_NAME:=$(cat /etc/hostname)} 22 | SUMO_SOURCES_JSON=${SUMO_SOURCES_JSON:=/etc/sumo-sources.json} 23 | SUMO_SYNC_SOURCES=${SUMO_SYNC_SOURCES:=false} 24 | SUMO_COLLECTOR_EPHEMERAL=${SUMO_COLLECTOR_EPHEMERAL:=true} 25 | SUMO_COLLECTOR_HOSTNAME=${SUMO_COLLECTOR_HOSTNAME:=$(cat /etc/hostname)} 26 | 27 | generate_collector_properties_file() { 28 | # Read values from ENV variables and place them in collector/config/collector.properties file 29 | declare -A SUPPORTED_OPTIONS 30 | SUPPORTED_OPTIONS=( 31 | ["SUMO_UDP_READ_BUFFER_SIZE"]="collector.syslog.udp.readBufferSize" 32 | ) 33 | COLLECTOR_PROPERTIES="" 34 | 35 | for key in "${!SUPPORTED_OPTIONS[@]}" 36 | do 37 | value=${!key} 38 | if [ -n "${value}" ]; then 39 | COLLECTOR_PROPERTIES="${COLLECTOR_PROPERTIES}${SUPPORTED_OPTIONS[$key]}=${value}\n" 40 | fi 41 | done 42 | 43 | if [ -n "${COLLECTOR_PROPERTIES}" ]; then 44 | echo -e ${COLLECTOR_PROPERTIES} > /opt/SumoCollector/config/collector.properties 45 | fi 46 | } 47 | 48 | generate_user_properties_file() { 49 | if [ -z "$SUMO_ACCESS_ID" ] && [ -z "$SUMO_ACCESS_KEY" ]; then 50 | if [ -z "$SUMO_INSTALLATION_TOKEN" ]; then 51 | echo "FATAL: Please provide credentials via:" 52 | echo " * the SUMO_ACCESS_ID and SUMO_ACCESS_KEY environment variables," 53 | echo " * as the first two command line arguments, or" 54 | echo " * in files references by SUMO_ACCESS_ID_FILE and SUMO_ACCESS_KEY_FILE" 55 | echo " You can also provide an installation token via:" 56 | echo " * the SUMO_INSTALLATION_TOKEN environment variable, or" 57 | echo " * in a file referenced by the SUMO_INSTALLATION_TOKEN_FILE environment variable" 58 | exit 1 59 | fi 60 | fi 61 | 62 | # Support using env as replacement within sources. 63 | # Gather all template files 64 | declare -a TEMPLATE_FILES 65 | if [ -r "${SUMO_SOURCES_JSON}.tmpl" ]; then 66 | TEMPLATE_FILES+=("${SUMO_SOURCES_JSON}.tmpl") 67 | fi 68 | if [ -d "${SUMO_SOURCES_JSON}" ]; then 69 | for f in $(find ${SUMO_SOURCES_JSON} -name '*.tmpl'); do TEMPLATE_FILES+=(${f}); done 70 | fi 71 | 72 | for from in "${TEMPLATE_FILES[@]}" 73 | do 74 | # Replace all env variables and remove .tmpl extension 75 | to=${from%.*} 76 | echo > ${to} 77 | if [ $? -ne 0 ]; then 78 | echo "FATAL: unable to write to ${to}" 79 | exit 1 80 | fi 81 | 82 | OLD_IFS=$IFS 83 | IFS=$'\n' 84 | while read -r line; do 85 | line_escape_backslashes=${line//\\/\\\\} 86 | printf "%s\n" "$(eval echo "\"${line_escape_backslashes//\"/\\\"}\"")" >> ${to} 87 | done <${from} 88 | IFS=${OLD_IFS} 89 | 90 | echo "INFO: Replacing environment variables from ${from} into ${to}" 91 | 92 | done 93 | 94 | if [ ! -e "${SUMO_SOURCES_JSON}" ]; then 95 | echo "FATAL: Unable to find $SUMO_SOURCES_JSON - please make sure you include it in your image!" 96 | exit 1 97 | fi 98 | 99 | if [ "${SUMO_SYNC_SOURCES}" == "true" ]; then 100 | SUMO_SYNC_SOURCES=${SUMO_SOURCES_JSON} 101 | unset SUMO_SOURCES_JSON 102 | else 103 | unset SUMO_SYNC_SOURCES 104 | fi 105 | 106 | # Supported user.properties configuration parameters 107 | # More information https://help.sumologic.com/Send_Data/Installed_Collectors/stu_user.properties 108 | declare -A SUPPORTED_OPTIONS 109 | SUPPORTED_OPTIONS=( 110 | ["SUMO_ACCESS_ID"]="accessid" 111 | ["SUMO_ACCESS_KEY"]="accesskey" 112 | ["SUMO_INSTALLATION_TOKEN"]="token" 113 | ["SUMO_RECEIVER_URL"]="url" 114 | ["SUMO_COLLECTOR_NAME"]="name" 115 | ["SUMO_COLLECTOR_HOSTNAME"]="hostName" 116 | ["SUMO_SOURCES_JSON"]="sources" 117 | ["SUMO_SYNC_SOURCES"]="syncSources" 118 | ["SUMO_COLLECTOR_EPHEMERAL"]="ephemeral" 119 | ["SUMO_PROXY_HOST"]="proxyHost" 120 | ["SUMO_PROXY_PORT"]="proxyPort" 121 | ["SUMO_PROXY_USER"]="proxyUser" 122 | ["SUMO_PROXY_PASSWORD"]="proxyPassword" 123 | ["SUMO_PROXY_NTLM_DOMAIN"]="proxyNtlmDomain" 124 | ["SUMO_CLOBBER"]="clobber" 125 | ["SUMO_DISABLE_SCRIPTS"]="disableScriptSource" 126 | ["SUMO_ENABLE_SCRIPTS"]="enableScriptSource" 127 | ["SUMO_JAVA_MEMORY_INIT"]="wrapper.java.initmemory" 128 | ["SUMO_JAVA_MEMORY_MAX"]="wrapper.java.maxmemory" 129 | ["SUMO_COLLECTOR_FIELDS"]="fields" 130 | ["SUMO_COLLECTOR_CATEGORY"]="category" 131 | ) 132 | 133 | USER_PROPERTIES="" 134 | 135 | for key in "${!SUPPORTED_OPTIONS[@]}" 136 | do 137 | value=${!key} 138 | if [ -n "${value}" ]; then 139 | USER_PROPERTIES="${USER_PROPERTIES}${SUPPORTED_OPTIONS[$key]}=${value}\n" 140 | fi 141 | done 142 | 143 | if [ -n "${USER_PROPERTIES}" ]; then 144 | echo -e ${USER_PROPERTIES} > /opt/SumoCollector/config/user.properties 145 | fi 146 | } 147 | 148 | # If the user didn't supply their own user.properties file, generate it 149 | $SUMO_GENERATE_USER_PROPERTIES && { 150 | generate_user_properties_file 151 | } 152 | 153 | # If the user didn't supply their own collector.properties file, generate it 154 | $SUMO_GENERATE_COLLECTOR_PROPERTIES && { 155 | generate_collector_properties_file 156 | } 157 | 158 | if [ "${SUMO_FIPS_JCE}" == "true" ]; then 159 | /opt/SumoCollector/script/configureFipsMode.sh 160 | fi 161 | 162 | # Don't leave our shell hanging around 163 | exec /opt/SumoCollector/collector console 164 | -------------------------------------------------------------------------------- /syslog/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM sumologic/collector:latest-no-source 2 | MAINTAINER Sumo Logic 3 | ADD sumo-sources.json /etc/sumo-sources.json 4 | EXPOSE 514/udp 5 | EXPOSE 514 6 | -------------------------------------------------------------------------------- /syslog/Dockerfile.arm64: -------------------------------------------------------------------------------- 1 | FROM sumologic/collector:latest-no-source-arm64 2 | MAINTAINER Sumo Logic 3 | ADD sumo-sources.json /etc/sumo-sources.json 4 | EXPOSE 514/udp 5 | EXPOSE 514 6 | -------------------------------------------------------------------------------- /syslog/sumo-sources.json: -------------------------------------------------------------------------------- 1 | { 2 | "api.version": "v1", 3 | "sources": [ 4 | { 5 | "sourceType": "Syslog", 6 | "name": "syslog-collector-container-tcp", 7 | "port": 514, 8 | "protocol": "TCP", 9 | "encoding": "UTF-8", 10 | "forceTimeZone": false, 11 | "category": "collector-container" 12 | }, 13 | { 14 | "sourceType": "Syslog", 15 | "name": "syslog-collector-container-udp", 16 | "port": 514, 17 | "protocol": "UDP", 18 | "encoding": "UTF-8", 19 | "forceTimeZone": false, 20 | "category": "collector-container" 21 | } 22 | ] 23 | } 24 | --------------------------------------------------------------------------------