SumoMetrics: Viewing Linux System Activity through log analytics

 



I. Created an EC2 using a Terraform script.

main.tf 


provider "aws" {
  region = "us-east-1"
}

resource "aws_instance" "sumo_ec2" {
  ami           = "ami-<#>"
  instance_type = "t2.micro"

  key_name        = "<#>"
  security_groups = ["<#>"]

  user_data = <<-EOF
                #!/bin/bash
                yum update -y
                yum install -y curl unzip
                wget "https://collectors.sumologic.com/rest/
download/linux/64" -O SumoCollector.sh &&
chmod +x SumoCollector.sh && sudo
./SumoCollector.sh -q -Vsumo.token_and_url=<#>
                EOF

  tags = {
    Name = "SumoLogic-EC2"
  }
}


2. Execute the Terraform commands to create the AWS resource:

- terraform init


- terraform validate

    This command validates the configuration files for syntactical validity and internal consistency. 

Source: https://developer.hashicorp.com/terraform/cli/commands/validate



- terraform fmt 

    Helps to ensure consistency in code formatting by using standarised styling conventions.

Source: https://developer.hashicorp.com/terraform/cli/commands/fmt


- terraform plan -out=planfile

This command stores "planfile" as a binary file and is not human-readable.

This command must be used in order to execute the next command, "terraform apply planfile".


NOTE: The following command is for isolated use cases, and is not considered a best practice nor is it efficient however, the command may serve a purpose when no tool/service is able to achieve a solution.

Now, execute terraform plan -no-color | tee tfplan.txt to save the output in a human-readable format to a text file. This is more of tool for isolated use cases, when no other tools/service/platform are feasible.

Standard best practices, aside from the "source of truth" terraform state file, is to use Datadog or Splunk to capture logs and parse Terraform outputs.


- terraform apply planfile

- terraform output 

3. Create an account on SumoLogic



4. Created a token on SumoLogic to pipe into the main.tf script so that log activity could be transferred to SumoLogic to create Dashboards.


Comments

Post a Comment