Installation of SumoLogic Collector on Linux EC2 machine using system manager run command
SumoLogic is a monitoring tool which collects logs or metrics and publish them in sumo dashboard.
For publishing any of the logs or metrics from EC2 to SumoLogic we need to have the access_id and access_key of SumoLogic.
Generate it by logging to SumoLogic and navigating as below
Administration → Security → Access Keys → add Access Key
Lets we have created key TEST_INSTANCE_SUMO_KEY.
Save those key to AWS Secrete Manager.
Lets we have saved it as Sumo/TEST_INSTANCE_SUMO_KEY.
Lets we have EC2 =TestInstance(AWS Linux AMI), which have attached Role=SumoLogicRole.
The SumoLogicRole have the identity provider ec2.amazonaws.com.
Its assume role policy will be-
{
"Version": "2012–10–17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}Two different policies needs to be attached to our role one policy(SecretManagerPolicy) for accessing the secrets which we have saved in secret managers and second one( AmazonSSMManagedInstanceCore)is to reflect the instance in system manager.
Policy 1 (SecretManagerPolicy) this will be our custom policy.
{
"Version": "2012–10–17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"kms:Decrypt",
"secretsmanager:DescribeSecret",
"kms:DescribeKey"
],
"Resource": [
"arn:aws:secretsmanager:::secret:Sumo/TEST_INSTANCE_SUMO_KEY",
"arn:aws:kms:::key/<KMS KEY WHICH IS USED TO ENCRYPT THE SECRETS>"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "secretsmanager:ListSecrets",
"Resource": "arn:aws:secretsmanager:::secret:Sumo/*"
}
]
}Policy 2 (AmazonSSMManagedInstanceCore) this is an aws managed policy.
arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
After attaching these policies check whether your linux machine is reflected under managed instance pane of system manger or not if its not reflected login to EC2 machine and check the status of amazon-ssm-agent.
If its not running then as our instance is linux one so execute below script.
#!/bin/bash
cd /tmp
sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
sudo systemctl enable amazon-ssm-agent
sudo systemctl start amazon-ssm-agentWhen amazon-ssm-agent will started the EC2 machine will be reflected under your managed instance pane of system manager.
So go to AWS Systems Manager → Run Command → Run a command then select AWS-RunShellScript and paste the below query in command section and select the EC2 machine and run.
#!/bin/bash
yum install jq -y
sudo rpm -ivh https://collectors.sumologic.com/rest/download/rpm/64
cat >/opt/SumoCollector/config/user.properties <<EOL
accessid=`aws secretsmanager get-secret-value - secret-id Sumo/TEST_INSTANCE_SUMO_KEY - region <AWS REGION >| jq - raw-output '.SecretString'| jq -r '.SUMO_ACCESS_ID'`
accesskey=`aws secretsmanager get-secret-value - secret-id Sumo/TEST_INSTANCE_SUMO_KEY - region <AWS REGION >| jq - raw-output '.SecretString'| jq -r '.SUMO_ACCESS_KEY'`
category=<THE SPECIFIED NAME WHICH YOU WANT TO REFCT IN SUMOLOGIC>
hostName=<THE SPECIFIED NAME WHICH YOU WANT TO REFCT IN SUMOLOGIC>
name=<THE SPECIFIED NAME WHICH YOU WANT TO REFCT IN SUMOLOGIC>
rpmAutoStart=false
syncSources=/opt/SumoCollector/config/sumo_sources.json
ephemeral=true
clobber=true
EOL
cat >/opt/SumoCollector/config/sumo_sources.json <<EOL
{
"api.version":"v1",
"sources":[{
"sourceType" : "SystemStats",
"category":"<CATEGORY NAME>",
"name" : "ec2 Host Metrics",
"interval" : 60000,
"hostName" : "<THE SPECIFIED NAME WHICH YOU WANT TO REFCT IN SUMOLOGIC>",
"metrics" : ["CPU_User", "Mem_UsedPercent", "TCP_InboundTotal", "Disk_UsedPercent"]
}]
}
EOL
chmod 755 /opt/SumoCollector/config/sumo_sources.json
sudo service collector startCheck your collectors in your SumoLogic Manage Data → Collections.
