Set Up Sumo Logic to Visualize S3 Audit Logs

1. Introduction to Sumo logic

Sumo logic is an intelligent global tool for security insights. It helps you make decisions based on the data derived from your assets. It reduces the time for operational issues and investigates the security concerns so that you can release your resources for other vital activities.

2. How does Sumo logic work?

Sumo Logic is a cloud-based service that helps collect, manage, and analyze your log data from different parameters. Its intelligent algorithm converts millions of log data to human-understandable log patterns so that you can analyze the logs and find any security issues.

3. Sumo Logic Prices

Note – You will get a one-month free trial

4. Datatypes supported by Sumo Logic:

Sumo logic supports various data types such as Apache, Apache Tomcat, Linux System, Windows IIS, AWS Cloud Trail, Amazon CloudFront, MacOS System, MySQL, Nginx, Windows Events, Windows Performance, and much more.

5. Setup Sumo Logic to Visualize S3 Audit Logs

Step1 – Log in using your sumo logic credentials

Step2 – Go into the sumo logic dashboard

Step3 – Click on Setup Wizard Icon on the dashboard

Step4 – Click on Integrate with Sumo Logic

Step5 – Select S3 audit in the data type

Step6- Copy the S3 bucket name which contain your logs

Step7- Enter the S3 bucket name in the S3 bucket name section

Step9 – Enter the path if you want all the logs to audit put *

Step10- Although S3 Is a global service the buckets are stored region wise, so enter the region where your bucket is placed

Step11- Use Role-based access for best practice instead of access key, just select Generate role-based access template, download the template, and create stack in AWS CloudFormation

Step12- After successful creation of stack copy the output IAM role ARN and paste it in the Sumo Logic Role ARN section

Step13 – Wait for a couple of minutes for Sumo Logic to fetch logs from S3 and preview you a diagrammatic view of logs

Step14 – Visit to main dashboard you will see S3 collection in left navigation just click on that, then you will see a picturized view of your logs

Note – If you are not able to view logs, change time to 3 hours based upon your S3 bucket logged enable timing

6. Use Case Scenarios

1. Suppose you have 100 AWS accounts and you want to perform some data analysis of the logs incoming from all the VPC available in all the accounts, here individual CloudWatch will perform the action in individual accounts but with the help of sumo logic it helps to analyze all data from all the accounts in one go.
2. Suppose you want to perform some advanced analytics which needs some operators like Outlier, Log Reduce, and Log Compare sumo logic support all such analytics operator
3. Sumo Logic can also be implemented as Threat Intelligence as it is able to check all your logs against Crows strike’s threat database.
4. We can create metadata to easily query across log groups

7. Conclusion

Although we have AWS CloudWatch metrics to monitor our AWS Infrastructure and with the help of these third-party tools. Our analysis becomes easier, and sumo logic helps us make any decision based on graphs and line charts.

8. About CloudThat

CloudThat is the official AWS Advanced Consulting Partner, Microsoft Gold Partner, and Training partner helping people develop knowledge of the cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

If you have any queries about Sumo Logic, AWS services, or any other cloud-related queries, feel free to drop in a comment and we will get back to you quickly.

9. FAQs

1. What is the difference between Amazon CloudWatch and Sumo logic?
   a. Amazon CloudWatch – Amazon CloudWatch Keep track of AWS resources as well as custom metrics created by your apps and services. You can get system-wide visibility into resource use, application performance, and operational health using Amazon CloudWatch. To help you troubleshoot, discover patterns, and take automatic action depending on the condition of your cloud environment, programmatically extract your monitoring data, see graphs, and create alarms.
   b. Sumo Logic – Application logs and IT log data are managed on the cloud. Cloud-based machine data analytics platform that allows businesses to proactively discover infrastructure availability and performance concerns, improve security posture, and improve application rollouts. Companies that use Sumo Logic may cut their mean time to resolution in half and save hundreds of thousands of dollars each year. Netflix, Medallia, Orange, and Gogo Inflight are among the company’s customers.

WRITTEN BY Rishi Raj