Solved: Sumologic syslog connection from apigee - Page 2

edu4krishanu · 02-26-2018 01:06 PM

Hi,

In our org we have asked sumologic team to provide syslog interface to submit log from apigee cloud.

They have give us a token, host and port.

But in apigee message logging i don't see an option to provide the token and when I test without the token I don't see the log in sumo logic.

How do i provide token in the message logging policy? Also, how do I know apigee successfully posted the log in sumo logic.

<Syslog><Message> "{organization.name}.{apiproxy.name}.{environment.name}" </Message><Host>syslog.XXX.sumologic.com</Host><Port>XXXX</Port><Protocol>TCP</Protocol></Syslog>

Thanks,

Krish

DChiesa

The token is not part of the standard syslog interface, and so there is no explicit element in the Syslog configuration for including that token .

According to my reading of the sumologic documentation, you need to embed the token into the message itself. For example, supposing you have the token ABCDEFG12345 , then you might use this configuration:

<Syslog>
  <Message>ABCDEFG12345 {organization.name}.{apiproxy.name}.{environment.name}</Message>
  <Host>syslog.XXX.sumologic.com</Host>
  <Port>XXXX</Port>
  <Protocol>TCP</Protocol>
</Syslog>

You could of course, parameterize the token as well. If you populate the token from a KVM or some other AssignVariable policy, and use the variable name "sumologic.token" , then you could use this alternative policy configuration:

<Syslog>
  <Message>{sumologic.token} {organization.name}.{apiproxy.name}.{environment.name}</Message>
  <Host>syslog.XXX.sumologic.com</Host>
  <Port>XXXX</Port>
  <Protocol>TCP</Protocol>
</Syslog>

View solution in original post