How I did it - "Remote Logging with the F5 XC Global Log Receiver and Sumo Logic"
Hello and welcome to another installment of "How I did it". In one of my more recent installments, we took a look at the F5 Distributed Cloud (XC) Global Log Receiver service and how easy it is to send event data to both Splunk and Datadog. For this installment, we continue on that theme and introduce another one of F5's partners, Sumo Logic.
Sumo Logic
The Sumo Logic platform provides a variety of services ranging from security event management (SEIM) and automated remediation (SOAR) services to application and performance monitoring (APM) and log analytics. Now with native support for Sumo Logic, I can easily connect an XC tenant to my Sumo Logic environment and start working with security event data.
F5 Distributed Cloud Services
F5 Distributed Cloud Services, (XC) provides a global cloud native platform where customers can deploy, manage and secure their applications regardless of whether the application resides in a public cloud, in a private data center, or a colocation facility, (see below). The platform provides a variety of ADN, MCN and CDN services.
Although the XC console UI provides very good observability natively, many enterprises prefer to aggregate their telemetry from various sources and centralize visibility/analytics down to a “single pane of glass”. To this end, the XC platform includes the Global Log Receiver service.
Global Log Receiver
There are a few different options for remote logging from the F5 Distributed Cloud Services platform. This includes querying an XC API logging endpoint, configuring a basic log receiver and the Global log receiver. A basic log receiver can be configured to send customer edge logs, ( in syslog format only) to either a TCP or UDP endpoint. In contrast, a Global log receiver can be configured to securely send logs to a variety of vendor-specific endpoints -including Sumo Logic- over HTTP(s).
Check it Out
Rather than walk you through the entire configuration, how about a movie? The video below provides a brief walkthrough demo integrating the F5 Distributed Cloud Services platform with Sumo Logic.
Try it Out
Liked what you saw? If that's the case, (as I hope it was) try it out for yourself. F5 Distributed Cloud Services (XC) offers a free version of access to the platform. Guidance for configuring global log streaming can be found here.
Additional Links