diff --git a/blog-service/2025-10-16-collection.md b/blog-service/2025-10-16-collection.md new file mode 100644 index 0000000000..8c6fc1111d --- /dev/null +++ b/blog-service/2025-10-16-collection.md @@ -0,0 +1,25 @@ +--- +title: Cloud Syslog Source Certificate Fully Transitioned to ACM (Collection) +image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082 +keywords: + - certificates + - Cloud Syslog Source +hide_table_of_contents: true +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +We're excited to announce that Sumo Logic has fully transitioned to AWS Certificate Manager (ACM) certificates for Transport Layer Security (TLS) communication between your cloud syslog sources and Sumo Logic. + +In [a previous release note](/release-notes-service/2025/08/01/collection/), we announced that we are transitioning from DigiCert to ACM certificates. + +This change provides the following benefits: +* **Automated certificate renewal and deployment**. ACM eliminates the need for future manual renewals, reducing administrative overhead. +* **Simplified infrastructure management for AWS customers**. ACM is deeply integrated into the AWS ecosystem, streamlining your overall infrastructure management. Because Sumo Logic is also on AWS, using ACM provides a seamless experience. + +If you use cloud syslog sources to send data to Sumo Logic, download and configure the ACM certificate on your system. For more information and setup instructions, see: +* [Cloud Syslog Source](/docs/send-data/hosted-collectors/cloud-syslog-source/) +* [rsyslog](/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog) +* [syslog-ng](/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng/) +* [Collect Logs for SentinelOne](/docs/send-data/collect-from-other-data-sources/collect-logs-sentinelone/) +* [Acquia](/docs/integrations/saas-cloud/acquia/#step-2-configure-a-source) \ No newline at end of file diff --git a/docs/integrations/saas-cloud/acquia.md b/docs/integrations/saas-cloud/acquia.md index bbfc765dc8..93994df46f 100644 --- a/docs/integrations/saas-cloud/acquia.md +++ b/docs/integrations/saas-cloud/acquia.md @@ -13,7 +13,6 @@ The Sumo Logic App for Acquia provides visibility into the key components of the Sumo Logic provides instant visibility across the critical components of the Acquia Platform, helping organizations become more proactive in their site monitoring as well as reducing the mean time to identify and resolve issues. - ## Log types Sumo Logic analyzes the following required Acquia data for more efficient monitoring: @@ -192,18 +191,13 @@ Be sure to copy and paste your **token** in a secure location. You'll need this In the procedure below, you'll configure a Cloud Syslog Source. This will generate a Sumo Logic token and the endpoint hostname. Then you'll set up TLS by downloading a cert to your server. -1. Download the DigiCert and AWS Certificate Manager (ACM) certificates from the following locations: - * https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt - * https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt.pem - * https://www.amazontrust.com/repository/AmazonRootCA1.cer +1. Download the AWS Certificate Manager (ACM) certificate from the following location: https://www.amazontrust.com/repository/AmazonRootCA1.cer 1. Run the following commands: - * `wget -O digicert_ca.der https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.` - * `openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt` - * `wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer` - * `openssl x509 -inform der -in acm_ca.der -out acm_ca.crt` - * `cat acm_ca.crt digicert_ca.crt > digicert_acm_cas.crt` - * `perl -p -i -e "s/\r//g" digicert_acm_cas.crt` -1. You'll upload the merged cert to the Acquia app when you configure Acquia log forwarding. See [Step 3: Configure logging for Acquia](#step-3-configure-logging-for-acquia). + ```bash + wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer + openssl x509 -inform der -in acm_ca.der -out acm_ca.crt + ``` +1. You'll upload the downloaded cert to the Acquia app when you configure Acquia log forwarding. See [Step 3: Configure logging for Acquia](#step-3-configure-logging-for-acquia). ### Configuring a cloud syslog source diff --git a/docs/send-data/collect-from-other-data-sources/collect-logs-sentinelone.md b/docs/send-data/collect-from-other-data-sources/collect-logs-sentinelone.md index d87d4d3af6..d5ffc57e2d 100644 --- a/docs/send-data/collect-from-other-data-sources/collect-logs-sentinelone.md +++ b/docs/send-data/collect-from-other-data-sources/collect-logs-sentinelone.md @@ -23,22 +23,15 @@ The procedure assumes you have wget installed. ::: To get a token and certificate from Sumo Logic, do the following: - 1. Log in to the [Sumo Logic web site](https://www.sumologic.com/). - -1. Configure a Cloud Syslog [Hosted Collector](/docs/send-data/collector-faq/#configure-limits-for-collector-caching) and [Cloud Syslog Source](/docs/send-data/hosted-collectors/cloud-syslog-source), and generate a Cloud Syslog source token.  - -1. Download the server certificate files from https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt and https://www.amazontrust.com/repository/AmazonRootCA1.cer. - -1. Go to the location where the cert files are located and open a terminal window. - +1. Configure a Cloud Syslog [Hosted Collector](/docs/send-data/collector-faq/#configure-limits-for-collector-caching) and [Cloud Syslog Source](/docs/send-data/hosted-collectors/cloud-syslog-source/), and generate a Cloud Syslog source token.  +1. Download the crt server certificate file from https://www.amazontrust.com/repository/AmazonRootCA1.cer. +1. Go to the location where the cert file is located and open a terminal window. 1. Run the following commands: - * `wget -O digicert_ca.der https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.` - * `openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt` - * `wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer` - * `openssl x509 -inform der -in acm_ca.der -out acm_ca.crt` - * `cat acm_ca.crt digicert_ca.crt > digicert_acm_cas.crt` - * `perl -p -i -e "s/\r//g" digicert_acm_cas.crt` + ```bash + wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer + openssl x509 -inform der -in acm_ca.der -out acm_ca.crt + ``` ## Step 2. Configure syslog messages @@ -47,28 +40,19 @@ In this step, you configure syslog messages from the Management Console. To configure syslog messages, do the following: 1. In the SentinelOne sidebar, click **Scope**, and then select a scope. - :::note If you are a Site or Account admin, you must select one Site to be able to open Settings. ::: - 1. In the sidebar, click **Settings**. 1. In the Settings toolbar, click **Integrations**.
![SentinelOne_Integrations_option.png](/img/send-data/SentinelOne_Integrations_option.png) - 1. Click **SYSLOG**. The SYSLOG dialog appears. 1. Click the toggle to **Enable SYSLOG**. 1. Enter the **Syslog Host URL** and **port** number. -1. Click **Use SSL secure connection**, then click **Server certificate > Upload** and browse to the location of the merged crt certificate file. +1. Click **Use SSL secure connection**, then click **Server certificate > Upload** and browse to the location of the downloaded crt certificate file. 1. Specify the following **Formatting** options: - * **Information format**: Select **CEF2** * **SIEM Token**: Paste the Cloud Syslog Source Token generated from Sumo Logic.
![SentinelOne_SYSLOG_dialog.png](/img/send-data/SentinelOne_SYSLOG_dialog.png) - 1. Click **Test**, and then click **Save**. - 1. In Sumo Logic, verify that the logs are being ingested by running a search against the Cloud Syslog source you configured in [Step 1](#step-1-geta-token-and-certificate-from-sumo-logic). If you do not see any data coming in after 2-3 minutes, check the following: - * that the Sumo Logic Collector has read access to the logs - * that your time zone is configured correctly. - -  + * that your time zone is configured correctly. \ No newline at end of file diff --git a/docs/send-data/hosted-collectors/cloud-syslog-source/index.md b/docs/send-data/hosted-collectors/cloud-syslog-source/index.md index cb69c32f62..354e214094 100644 --- a/docs/send-data/hosted-collectors/cloud-syslog-source/index.md +++ b/docs/send-data/hosted-collectors/cloud-syslog-source/index.md @@ -27,10 +27,7 @@ FIPS 140-2 compliance is not available for Cloud Syslog in the FedRAMP deploymen In the procedure below, you configure a Cloud Syslog Source. This will generate a Sumo Logic token and the endpoint hostname. -Then you set up TLS by downloading a cert to your server (see procedures for [rsyslog](/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog/#setup-tls) and [syslog-ng](/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng/#setup-tls)). Download the DigiCert and AWS Certificate Manager (ACM) certificates from the following locations: -* https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt -* https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt.pem -* https://www.amazontrust.com/repository/AmazonRootCA1.cer +Then you set up TLS by downloading a cert to your server (see procedures for [rsyslog](/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog/#setup-tls) and [syslog-ng](/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng/#setup-tls)). Download the AWS Certificate Manager (ACM) certificate from the following location: https://www.amazontrust.com/repository/AmazonRootCA1.cer. Sumo Logic supports syslog clients, including syslog-ng and rsyslog. Follow the instructions in the appropriate section below to configure your server to send syslog data. If syslog data does not appear in Sumo Logic, refer to [Troubleshooting](#troubleshooting) below. diff --git a/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog.md b/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog.md index 59a9ed43c9..b5ea50f385 100644 --- a/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog.md +++ b/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog.md @@ -4,31 +4,22 @@ title: rsyslog description: Learn how to configure your server to send syslog data with rsyslog. --- - - Sumo Logic supports syslog clients such as rsyslog. This document has instructions on how to configure your server to send syslog data. If syslog data does not appear in Sumo Logic, refer to the Troubleshooting section in [Cloud Syslog Source](/docs/send-data/hosted-collectors/cloud-syslog-source). ## Set up TLS Set up Transport Layer Security (TLS). -Download DigiCert and AWS Certificate Manager (ACM) certificates from https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt and -https://www.amazontrust.com/repository/AmazonRootCA1.cer. +Download AWS Certificate Manager (ACM) certificate from https://www.amazontrust.com/repository/AmazonRootCA1.cer. ### rsyslog -For rsyslog, concatenate the ACM root CA with the DigiCert certificate. - -To set up your DigiCert and AWS Certificate Manager (ACM) certificate, follow these steps: +To set up your AWS Certificate Manager (ACM) certificate, follow these steps: ```bash -$ cd /etc/rsyslog.d/keys/ca.d -$ wget -O digicert_ca.der https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt -$ openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt +cd /etc/rsyslog.d/keys/ca.d $ wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer $ openssl x509 -inform der -in acm_ca.der -out acm_ca.crt -$ cat acm_ca.crt digicert_ca.crt > digicert_acm_cas.crt -$ perl -p -i -e "s/\r//g" digicert_acm_cas.crt ``` ### Send data to a Cloud Syslog Source with rsyslog @@ -49,7 +40,7 @@ $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is down # RsyslogGnuTLS -$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/digicert_acm_cas.crt +$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/acm_ca.crt $ActionSendStreamDriver gtls $ActionSendStreamDriverMode 1 $ActionSendStreamDriverAuthMode x509/name @@ -60,9 +51,7 @@ template(name="SumoFormat" type="string" string="<%pri%>%protocol-version% %time *.* action(type="omfwd" protocol="tcp" target="syslog.collection.YOUR_DEPLOYMENT.sumologic.com" port="6514" template="SumoFormat") ``` -In the template statement, be sure to replace `YOUR_TOKEN` with your actual token, and `YOUR_DEPLOYMENT` with your deployment. Properties in the string begin and end with `%`. All other texts and white space are treated literally. For more information about rsyslog configuration, see the [rsyslog template documentation](https://www.rsyslog.com/doc/configuration/templates.html) or the [rsyslog omfwd documentation](https://www.rsyslog.com/doc/configuration/modules/omfwd.html). - -In the template statement, be sure to replace YOUR_TOKEN with your actual token, and YOUR_DEPLOYMENT with your deployment. Properties in the string begin and end with `%`. All other texts and white space are treated literally. For more information about rsyslog configuration, see the rsyslog template documentation or the rsyslog omfwd documentation. +In the template statement, be sure to replace `YOUR_TOKEN` with your actual token, and `YOUR_DEPLOYMENT` with your deployment. Properties in the string begin and end with `%`. All other texts and white space are treated literally. For more information about rsyslog configuration, see the [rsyslog template documentation](http://www.rsyslog.com/doc/v7-stable/configuration/templates.html) or the [rsyslog omfwd documentation](http://www.rsyslog.com/doc/v7-stable/configuration/modules/omfwd.html). **For rsyslog v8 and later** @@ -76,7 +65,7 @@ $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is down # RsyslogGnuTLS -$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/digicert_acm_cas.crt +$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/acm_ca.crt template(name="SumoFormat" type="string" string="<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [YOUR_TOKEN] %msg%\n") @@ -91,4 +80,4 @@ action(type="omfwd" StreamDriverPermittedPeers="syslog.collection.*.sumologic.com") ``` -In the template statement, be sure to replace `YOUR_TOKEN` with your actual token, and `YOUR_DEPLOYMENT` with your deployment. Properties in the string begin and end with `%`. All other texts and white space are treated literally. For more information about rsyslog configuration, see the [rsyslog template documentation](https://www.rsyslog.com/doc/configuration/templates.html) or the [rsyslog omfwd documentation](https://www.rsyslog.com/doc/configuration/modules/omfwd.html). +In the template statement, be sure to replace `YOUR_TOKEN` with your actual token, and `YOUR_DEPLOYMENT` with your deployment. Properties in the string begin and end with `%`. All other texts and white space are treated literally. For more information about rsyslog configuration, see the [rsyslog template documentation](http://www.rsyslog.com/doc/master/configuration/templates.html) or the [rsyslog omfwd documentation](http://www.rsyslog.com/doc/master/configuration/modules/omfwd.html). diff --git a/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng.md b/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng.md index 54da93818d..548e4c20c0 100644 --- a/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng.md +++ b/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng.md @@ -4,22 +4,19 @@ title: syslog-ng description: Learn how to configure your server to send syslog data with syslog-ng. --- - - Sumo Logic supports syslog clients such as syslog-ng. This document has instructions on how to configure your server to send syslog data. If syslog data does not appear in Sumo Logic, refer to the Troubleshooting section in [Cloud Syslog Source](/docs/send-data/hosted-collectors/cloud-syslog-source). ## Set up TLS Set up Transport Layer Security (TLS). -Download the DigiCert and AWS Certificate Manager (ACM) certificates from https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt and -https://www.amazontrust.com/repository/AmazonRootCA1.cer. +Download the AWS Certificate Manager (ACM) certificate from https://www.amazontrust.com/repository/AmazonRootCA1.cer. ### syslog-ng -For syslog-ng, place both certificates in the configuration directory, allowing the syslog-ng client to automatically select the appropriate certificate. +For syslog-ng place the certificates in the configuration directory and the syslog-ng client will pick up the certificates working from that directory. -To set up your DigiCert and AWS Certificate Manager (AWS) certificates, follow these steps: +To set up your AWS Certificate Manager (AWS) certificate, follow these steps: 1. Check if you have the directory `/etc/syslog-ng/ca.d`. 1. If you don’t, create it with this command: @@ -29,9 +26,6 @@ To set up your DigiCert and AWS Certificate Manager (AWS) certificates, follow t 1. Then run: ```bash $ cd /etc/syslog-ng/ca.d - $ sudo wget -O digicert_ca.der https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt - $ sudo openssl x509 -inform der -in digicert_ca.der -out digicert_ca.crt - $ sudo ln -s digicert_ca.crt `openssl x509 -noout -hash -in digicert_ca.crt`.0 $ wget -O acm_ca.der https://www.amazontrust.com/repository/AmazonRootCA1.cer $ openssl x509 -inform der -in acm_ca.der -out acm_ca.crt $ ln -s acm_ca.crt `openssl x509 -noout -hash -in acm_ca.crt`.0