Sources for Installed Collectors

You can configure a variety of Sources on Installed Collectors.

In this section, we will introduce the following concepts:

📄️ Collect Forwarded Events from a Windows Event Collector

A Sumo Logic Windows Event Log Source can track and collect forwarded events from a Windows Event Collector. A Windows Event Collector receives forwarded events from other remote Windows computers.

📄️ Docker Sources

Docker is a lightweight open platform that provides a way to package applications in containers for a software development environment.

📄️ Host Metrics Source

An installed Sumo Logic Collector can collect host metrics pertaining to the local host. The metrics are ingested and become available for metrics visualization. The host metrics are gathered by the open-source SIGAR library.

📄️ Local File Source

To collect log messages from files on the same machine where a Collector is installed, create a Local File Source.

📄️ Local Windows Event Log Source

Set up a Local Windows Event Log Source to collect local events you would normally see in the Windows Event Viewer. Setting up a Local Windows Event Source is a quick process. There are no prerequisites for setting up the Source, and you'll begin collecting logs within a minute or so.

📄️ Windows Event Source Custom Channels

To configure a Local or Remote Windows Event Source, you must identify the channels to collect from. This page explains how to obtain this list of channel names from your systems, and describes channels which the Sumo Logic collector cannot process.

📄️ Local Windows Performance Monitor Log Source

Set up a Local Windows Performance Monitor Log Source to collect performance data that you would normally see in the Windows Performance Monitor. Setting up a Local Windows Performance Monitor Log Source is a quick process. There are no prerequisites for setting up the Source, and you'll begin collecting logs within a minute or so.

🗃️ Remote File Source

2 items

📄️ Remote Windows Event Log Source

Set up a Remote Windows Event Log Source to use a single Sumo Logic Collector to collect Windows event log entries from multiple remote systems.

📄️ Remote Windows Performance Monitor Log Source

This Source is no longer supported or available with Collector version 19.361-8.

📄️ Script Action

A Script Action passes the results of a scheduled search to a script or program that runs on a machine with an Installed Collector. The results are temporarily saved to the filesystem in JSON format at:

🗃️ Script Source

3 items

📄️ Streaming Metrics Source

You can use Sumo’s streaming metrics source with an installed collector to collect metrics from any application that emits metrics over TCP or UDP in the Graphite, Carbon 2.0, or Prometheus plaintext protocols. The streaming metrics source is analogous to a Syslog server, but for receiving metrics rather than logs.

📄️ Syslog Source

A Syslog Source operates like a syslog server listening on the designated port to receive syslog messages. You set your hosts or syslog-enabled devices to send syslog data to the same port you specify when you configure the Syslog Source.

📄️ Windows Active Directory Inventory Source

A Windows Active Directory Inventory Source collects inventory data from Active Directory Database. This includes information such as computer names, user names, email addresses, and location information.