Update doc

jpipkin1 · jpipkin1 · commit 60d13d9cfb73 · 2025-07-28T12:02:16.000-05:00
diff --git a/docs/integrations/saas-cloud/acquia.md b/docs/integrations/saas-cloud/acquia.md
@@ -190,10 +190,20 @@ Be sure to copy and paste your **token** in a secure location. You'll need this
 
 **Sumo Logic SSL certificate**
 
-In the procedure below, you'll configure a Cloud Syslog Source. This will generate a Sumo Logic token and the endpoint hostname. Then you'll set up TLS by downloading a cert to your server. Download the DigiCert certificate from one of the following locations:
-* [https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt](https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt)
-* [https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt.pem](https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt.pem)
-
+In the procedure below, you'll configure a Cloud Syslog Source. This will generate a Sumo Logic token and the endpoint hostname. Then you'll set up TLS by downloading a cert to your server. 
+
+1. Download the DigiCert and AWS Certificate Manager (ACM) certificates from the following locations:
+   * https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt
+   * https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt.pem
+   * https://www.amazontrust.com/repository/AmazonRootCA1.cer
+1. Run the following commands:
+   * `wget -O digicert_ca.der https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.`
+   * `openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt`
+   * `wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer`
+   * `openssl x509 -inform der -in acm_ca.der -out acm_ca.crt`
+   * `cat acm_ca.crt digicert_ca.crt > digicert_acm_cas.crt`
+   * `perl -p -i -e "s/\r//g" digicert_acm_cas.crt`
+1. Upload the merged cert to the Acquia app.
 
 ### Configuring a cloud syslog source
 
diff --git a/docs/send-data/collect-from-other-data-sources/collect-logs-sentinelone.md b/docs/send-data/collect-from-other-data-sources/collect-logs-sentinelone.md
@@ -28,13 +28,17 @@ To get a token and certificate from Sumo Logic, do the following:
 
 1. Configure a Cloud Syslog [Hosted Collector](/docs/send-data/collector-faq/#configure-limits-for-collector-caching) and [Cloud Syslog Source](/docs/send-data/hosted-collectors/cloud-syslog-source), and generate a Cloud Syslog source token. 
 
-1. Download the crt server certificate file from [here](https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt).
+1. Download the server certificate files from https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt and https://www.amazontrust.com/repository/AmazonRootCA1.cer.
 
-1. Go to the location where the cert file is located and open a terminal window.
+1. Go to the location where the cert files are located and open a terminal window.
 
-1. Run the following two commands:
-  * `wget -O digicert_ca.der https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.`
-  * `openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt`
+1. Run the following commands:
+   * `wget -O digicert_ca.der https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.`
+   * `openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt`
+   * `wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer`
+   * `openssl x509 -inform der -in acm_ca.der -out acm_ca.crt`
+   * `cat acm_ca.crt digicert_ca.crt > digicert_acm_cas.crt`
+   * `perl -p -i -e "s/\r//g" digicert_acm_cas.crt`
 
 ## Step 2. Configure syslog messages
 
@@ -54,7 +58,7 @@ To configure syslog messages, do the following:
 1. Click **SYSLOG**. The SYSLOG dialog appears.
 1. Click the toggle to **Enable SYSLOG**.
 1. Enter the **Syslog Host URL** and **port** number.
-1. Click **Use SSL secure connection**, then click **Server certificate > Upload** and browse to the location of the downloaded crt certificate file.
+1. Click **Use SSL secure connection**, then click **Server certificate > Upload** and browse to the location of the merged crt certificate file.
 1. Specify the following **Formatting** options:
 
    * **Information format**: Select **CEF2**
diff --git a/docs/send-data/hosted-collectors/cloud-syslog-source/index.md b/docs/send-data/hosted-collectors/cloud-syslog-source/index.md
@@ -13,7 +13,7 @@ You can configure a cloud syslog source to allow a syslog client to send [RFC 5
 
 Syslog messages must be compliant with [RFC 5424](https://tools.ietf.org/html/rfc5424) or they are dropped. Messages over 64 KB are truncated.
 
-Sumo manages an elastic scaling set of syslog servers, which scales up and down behind a set of AWS Elastic Load Balancers. The AWS ELB set can also scale up and down. For this reason, instead of IP address-based endpoints, Sumo uses endpoint hostnames in this format:
+Sumo Logic manages an elastic scaling set of syslog servers, which scales up and down behind a set of AWS Elastic Load Balancers. The AWS ELB set can also scale up and down. For this reason, instead of IP address-based endpoints, Sumo Logic uses endpoint hostnames in this format:
 
 ```
 syslog.collection.YOUR_DEPLOYMENT.sumologic.com
@@ -25,17 +25,17 @@ where `YOUR_DEPLOYMENT` is `au`, `ca`, `de`, `eu`, `fed`, `jp`, `kr`, `us1`,
 FIPS 140-2 compliance is not available for Cloud Syslog in the FedRAMP deployment. It is with great emphasis that you must recognize and understand that the responsibility to mitigate information spillage is solely yours. We have no insight into your data or how it is classified.
 :::
 
-In the procedure below, you configure a Cloud Syslog Source, this will generate a Sumo Logic token and the endpoint hostname. Then you set up TLS by downloading a cert to your server. Download the **DigiCert** certificate
-from one of the following locations:
-* [https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt](https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt)
-* [https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.pem](https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.pem)
+In the procedure below, you configure a Cloud Syslog Source. This will generate a Sumo Logic token and the endpoint hostname. Then you set up TLS by downloading a cert to your server. Download the DigiCert and AWS Certificate Manager (ACM) certificates from the following locations:
+* https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt
+* https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.pem
+* https://www.amazontrust.com/repository/AmazonRootCA1.cer
 
 Sumo Logic supports syslog clients, including syslog-ng and rsyslog. Follow the instructions in the appropriate section below to configure your server to send syslog data. If syslog data does not appear in Sumo Logic, refer to
 [Troubleshooting](#troubleshooting) below.
 
 ## Configure a Cloud Syslog Source
 
-Cloud syslog configuration requires a token that is automatically generated when you configure a cloud syslog source. The token allows Sumo to distinguish your log messages from those of other customers. The token is tied to the source, but not to any specific user. 
+Cloud syslog configuration requires a token that is automatically generated when you configure a cloud syslog source. The token allows Sumo Logic to distinguish your log messages from those of other customers. The token is tied to the source, but not to any specific user. 
 
 Include the token as the [Structured ID](https://tools.ietf.org/html/rfc5424#section-7) in every syslog message that is sent to Sumo Logic. The token is removed by Sumo Logic during ingestion and is not included with your syslog message in search results.
 
@@ -46,18 +46,18 @@ To configure a cloud syslog source, do the following:
 1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic top menu select **Configuration**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**.
 1. On the **Collection** page, click **Add Source** next to a Hosted Collector. See [Set up a Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector) for information on adding Hosted Collectors.
 1. Select **Cloud Syslog**.
-1. Enter a **Name** to display for this source in Sumo. Description is optional.
+1. Enter a **Name** to display for this source in Sumo Logic. Description is optional.
 1. (Optional) For **Source Host** and **Source Category**, enter any string to tag the output collected from this source. (Category metadata is stored in a searchable field called `_sourceCategory`.)
 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
 
    * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema.
-   * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+   * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
 
 1. Set any of the following under **Advanced**:
 
    * **Enable Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed.
    * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns the UTC time zone; if the rest of your logs are from another time zone your search results will be affected.
-   * **Timestamp Format**. By default, Sumo will automatically detect the timestamp format of your logs. However, you can manually specify a timestamp format for a source. See [Timestamps, Time Zones, and Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference).
+   * **Timestamp Format**. By default, Sumo Logic will automatically detect the timestamp format of your logs. However, you can manually specify a timestamp format for a source. See [Timestamps, Time Zones, and Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference).
 
 1. Create any Processing Rules you'd like for the new source.
 1. Click **Save**. The token information is displayed in a read-only dialog box, shown below.
@@ -69,7 +69,7 @@ To configure a cloud syslog source, do the following:
     Token: 9HFxoa6+lXBmvSM9koPjGzvTaxXDQvJ4POE/WCURPAo+w4H7PmZm8H3mSEKxPl0Q@41123, Host: syslog.collection.YOUR_DEPLOYMENT.sumologic.com, TCP TLS Port: 6514
     ```
 
-    The number `41123` in the token is the Sumo Private Enterprise Number (PEN). There are two options for including the token. You can include it in the structured data field or in the message body.  In the following example, the token is in the structured data field. 
+    The number `41123` in the token is the Sumo Logic Private Enterprise Number (PEN). There are two options for including the token. You can include it in the structured data field or in the message body.  In the following example, the token is in the structured data field. 
 
     ```
     <165>1 2015-01-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [YOUR_TOKEN] msg
@@ -120,11 +120,11 @@ If syslog messages fail to authenticate to the syslog cloud source—for example
 
 ### Troubleshooting
 
-If you encounter problems, follow the instructions below to first verify the Sumo service connection, and then check the client configuration is correct.
+If you encounter problems, follow the instructions below to first verify the Sumo Logic service connection, and then check the client configuration is correct.
 
-#### Verify connection with Sumo service
+#### Verify connection with Sumo Logic service
 
-To verify that the Sumo service can receive syslog messages, use a networking utility that supports TLS, such as nMap.org's ncat, to check that the syslog port accepts messages. 
+To verify that the Sumo Logic service can receive syslog messages, use a networking utility that supports TLS, such as nMap.org's ncat, to check that the syslog port accepts messages. 
 
 ```
 $ ncat --ssl syslog.collection.YOUR_DEPLOYMENT.sumologic.com PORT
@@ -142,7 +142,7 @@ Then, enter a test message, for example:
 <165>1 2017-10-24T06:00:15.003Z mymachine.example.com evntslog - ID47 - YOUR_TOKEN This is a message
 ```
 
-where `YOUR_TOKEN` is the token that Sumo generated when you created the Cloud Syslog Source above.
+where `YOUR_TOKEN` is the token that Sumo Logic generated when you created the Cloud Syslog Source above.
 
 #### Verify client configuration
 
diff --git a/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog.md b/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog.md
@@ -12,25 +12,28 @@ Sumo Logic supports syslog clients such as rsyslog. This document has instructi
 
 Set up Transport Layer Security (TLS).
 
-Download the **DigiCert** certificate from https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.
+Download the DigiCert and ACM certificates from https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt and
+https://www.amazontrust.com/repository/AmazonRootCA1.cer.
 
 ### rsyslog
 
-To set up your **DigiCert** certificate follow these steps:
+To set up your DigiCert and AWS Certificate Manager (ACM) certificate, follow these steps:
 
 ```bash
 $ cd /etc/rsyslog.d/keys/ca.d
 $ wget -O digicert_ca.der https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt
 $ openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt
+$ wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer
+$ openssl x509 -inform der -in acm_ca.der -out acm_ca.crt
+$ cat acm_ca.crt digicert_ca.crt > digicert_acm_cas.crt
+$ perl -p -i -e "s/\r//g" digicert_acm_cas.crt
 ```
 
 ### Send data to a Cloud Syslog Source with rsyslog
 
 This section shows how to configure a syslog client using rsyslog that will send the syslog message to be received by the Sumo Logic Cloud syslog service. If you are new to rsyslog, follow the [rsyslog documentation](http://www.rsyslog.com/doc/v8-stable/installation/index.html) to install.
 
-After rsyslog is installed, edit the configuration file to start sending
-logs to Sumo. The configuration file is located at`/etc/rsyslog.conf` by
-default. 
+After rsyslog is installed, edit the configuration file to start sending logs to Sumo Logic. The configuration file is located at `/etc/rsyslog.conf` by default. 
 
 **For rsyslog v7 and earlier**
 
@@ -44,7 +47,7 @@ $ActionQueueType LinkedList               # run asynchronously
 $ActionResumeRetryCount -1                # infinite retries if host is down
 
 # RsyslogGnuTLS
-$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/digicert_ca.crt
+$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/digicert_acm_cas.crt
 $ActionSendStreamDriver gtls
 $ActionSendStreamDriverMode 1
 $ActionSendStreamDriverAuthMode x509/name
@@ -55,7 +58,9 @@ template(name="SumoFormat" type="string" string="<%pri%>%protocol-version% %time
 *.* action(type="omfwd" protocol="tcp" target="syslog.collection.YOUR_DEPLOYMENT.sumologic.com" port="6514" template="SumoFormat")
 ```
 
-In the template statement, be sure to replace `YOUR_TOKEN` with your actual token, and `YOUR_DEPLOYMENT` with your deployment. Properties in the string begin and end with '%'. All other texts and white space are treated literally. For more information about rsyslog configuration, see the [rsyslog template documentation](http://www.rsyslog.com/doc/v7-stable/configuration/templates.html) or the [rsyslog omfwd documentation](http://www.rsyslog.com/doc/v7-stable/configuration/modules/omfwd.html).
+In the template statement, be sure to replace `YOUR_TOKEN` with your actual token, and `YOUR_DEPLOYMENT` with your deployment. Properties in the string begin and end with '%'. All other texts and white space are treated literally. For more information about rsyslog configuration, see the [rsyslog template documentation](https://www.rsyslog.com/doc/configuration/templates.html) or the [rsyslog omfwd documentation](https://www.rsyslog.com/doc/configuration/modules/omfwd.html).
+
+In the template statement, be sure to replace YOUR_TOKEN with your actual token, and YOUR_DEPLOYMENT with your deployment. Properties in the string begin and end with '%'. All other texts and white space are treated literally. For more information about rsyslog configuration, see the rsyslog template documentation or the rsyslog omfwd documentation.
 
 **For rsyslog v8 and later**
 
@@ -69,19 +74,19 @@ $ActionQueueType LinkedList           # run asynchronously
 $ActionResumeRetryCount -1            # infinite retries if host is down
 
 # RsyslogGnuTLS
-$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/digicert_ca.crt
+$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/digicert_acm_cas.crt
 
 template(name="SumoFormat" type="string" string="<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [YOUR_TOKEN] %msg%\n")
 
 action(type="omfwd"
-    protocol="tcp"
-    target="syslog.collection.YOUR_DEPLOYMENT.sumologic.com"
-    port="6514"
-    template="SumoFormat"
-    StreamDriver="gtls"
-    StreamDriverMode="1"
-    StreamDriverAuthMode="x509/name"
-    StreamDriverPermittedPeers="syslog.collection.*.sumologic.com")
+   protocol="tcp"
+   target="syslog.collection.YOUR_DEPLOYMENT.sumologic.com"
+   port="6514"
+   template="SumoFormat"
+   StreamDriver="gtls"
+   StreamDriverMode="1"
+   StreamDriverAuthMode="x509/name"
+   StreamDriverPermittedPeers="syslog.collection.*.sumologic.com")
 ```
 
-In the template statement, be sure to replace `YOUR_TOKEN` with your actual token, and `YOUR_DEPLOYMENT` with your deployment. Properties in the string begin and end with '%'. All other texts and white space are treated literally. For more information about rsyslog configuration, see the [rsyslog template documentation](http://www.rsyslog.com/doc/master/configuration/templates.html) or the [rsyslog omfwd documentation](http://www.rsyslog.com/doc/master/configuration/modules/omfwd.html).
+In the template statement, be sure to replace `YOUR_TOKEN` with your actual token, and `YOUR_DEPLOYMENT` with your deployment. Properties in the string begin and end with '%'. All other texts and white space are treated literally. For more information about rsyslog configuration, see the [rsyslog template documentation](https://www.rsyslog.com/doc/configuration/templates.html) or the [rsyslog omfwd documentation](https://www.rsyslog.com/doc/configuration/modules/omfwd.html).
diff --git a/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng.md b/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng.md
