Skip to main content

VMware AirWatch Integration for Sumo Logic

VMware AirWatch is an enterprise mobility management (EMM) software and standalone management systems for content, applications and email. Sumo Logic integrates with VMware AirWatch to provide visibility for monitoring enterprise mobility management in your deployment. The unified digital workspace platform simplifies and secures app access and IT management throughout your environment.

VMware Airwatch is an integral part of Workspace ONE, an any app, any device experience that provides 1-click workflows with a virtual assistant for an intuitive and engaging experience.

Collecting AirWatch Events

AirWatch supports sending events to syslog. For Sumo Logic to receive AirWatch events, you must create a cloud syslog in Sumo Logic. This section shows you how to do the following:

  1. Configure cloud syslog in Sumo Logic.
  2. Integrate AirWatch and configure syslog.

Step 1. Configure cloud syslog in Sumo Logic

To configure cloud syslog in Sumo Logic, follow the instructions on this page.

After a cloud syslog is configured, the following values are available:

  • Token 
  • Host 
  • TCP TLS Port

These three values–shown on the Cloud Syslog Source dialog–are used to configure syslog integration in AirWatch. 

note

During syslog configuration in AirWatch, you can choose to send Console events, Device events, or both. Any events generated by the AirWatch Console are sent to Sumo Logic.

Step 2. Integrate AirWatch and configure syslog

This section shows you how to integrate AirWatch with Sumo Logic and configure syslog. During the syslog configuration process you can specify the events to be sent to Sumo Logic. You can choose to send Console events, Device events, or both.

To enable integration and configure syslog, do the following:

  1. Log in to your AirWatch account.

  2. Navigate to Monitor > Reports and Analytics > Events > Syslog.

    Syslog_dialog.png

  3. Select Enabled on the Syslog dialog.

    Syslog_dialog_options.png

  4. Specify the following options in the Syslog dialog:

SettingDescriptionSumo Logic Specific Value
Syslog IntegrationEnable/DisableEnable
Host NameHost Name of Cloud SyslogHost Name of the Sumo Logic Cloud Syslog:
syslog.collection.us1.sumologic.com
ProtocolUDP, TCP, Secure TCPA secure TCP is required for Sumo Logic
PortPort number6514
Syslog FacilityRoughly suggests from what part of a system a message originated, and can help distinguish different classes of messages.Optional, or as required
Message TagEnter a descriptive tag to identify events from the AirWatch Console in the Message Tag field.Optional, or as required
Message ContentEnter the data to include in the transmission in the Message Content field.
Note: Paste the Sumo Logic Token in the message field as highlighted in next column.
AirWatch Syslog Details are as follows:
Event Type: {EventType}
Event: {Event}
User: {User}
Event Source: {EventSource}
Event Module: {EventModule}
Event Category: {EventCategory}
Event Data: {EventData} 7SarExampleSumoLogicToken+57f7ZDzI4aDN29uOy0vPj6x9z6tkwH6KBtS@41123
  1. Click the Advanced tab, and configure the following settings.
SettingDescription
Console EventsSelect whether to enable or disable the reporting of Console events.
Select Console Events to Send to SyslogFor each subheading, select the specific events that you want to trigger a message to syslog.
Device EventsSelect whether to enable or disable the reporting of Device events.
Select Device Events to Send to SyslogFor each subheading, select the specific events that you want to trigger a message to syslog.
  1. Click Save, and then click Test Connection to ensure you have successful communication between the AirWatch Console and Sumo Logic. For more information, see the following AirWatch documentation.

After a successful integration, the events start flowing into Sumo Logic.

Sumo Logic YouTubeSumo Logic Twitter
Legal
Privacy Statement
Terms of Use

Copyright © 2022 by Sumo Logic, Inc.