AWS Lambda Function– https://github.com/SumoGoodies/Scripts/blob/master/

AWS_CloudWatch_Logs_to_Sumo.js– http://bit.ly/1lNwVHw (Python by David Gadoury)

Configuration – Sumo (source and app)– AWS (Log Group, Enable Log, attach Lambda function)

Demo

The Flow

Sumo Logic Confidential1

Additional Info

Sumo Logic Confidential2

Sign up a Sumo Free for yourselfFreeSumo.com

Check out Sumo’s Docker Log Analyzer– https://www.sumologic.com/application/docker

Monty Yao– monty@sumologic.com– @montythereal

David Rogers (sales)– drogers@sumologic.com

Two Years ago, at this meetup, I showed you

Sumo Logic Confidential3

You can really do that in 5min or less

Sumo Logic Confidential4

Joe Hacker recorded that

http://blog.joehack3r.com/cloudtrail-and-sumologic-getting-started/

In Sumo, configure an HTTP endpoint– Manage->Collections->Collector->Add Source– Key in the VPC flow name and a category– Hit Save (5 clicks + 10-20 key strokes)

Install the Out of the Box VPC Flow app– Library->AWS Apps->VPC Flow App->Install->Pick

SourceCategory->Done. (6 clicks)

1 min (max)

Steps for VPC Flow via Lambda – Sumo Side

Sumo Logic Confidential5

Import Lambda function, and update the URL from Sumo

Create a Cloud Watch Log group

Attached the Lambda function to the Log group

Browse to VPC and enable Log Flow.

2 mins (est)

Setup for VPC Flow via Lambda on AWS

Sumo Logic Confidential6

Validate VPC Flow is logging

Sumo Logic Confidential7

Validate VPC Flow is going to Sumo

Sumo Logic Confidential8

Check out the Sumo VPC Flow app

Sumo Logic Confidential9

Check out the Sumo VPC Flow app

Sumo Logic Confidential10

Check out the Sumo VPC Flow app

Sumo Logic Confidential11