Moogsoft Docs

Sumo Logic LAM Reference

This is a reference for the Sumo Logic LAM . The Sumo Logic LAM configuration file is located at $MOOGSOFT_HOME/config/sumo_logic_lam.conf

It contains the following sections and properties:

Monitor

name : Name of the LAM.

Type : String
Required : Yes
Default : "SumoLogic Lam" . Do not change.

class : Class of the LAM.

Type : String
Required : Yes
Default : " CRestMonitor" . Do not change.

port : Port on which Moogsoft AIOps receives data from Sumo Logic.

Type : Integer
Required : Yes
Default : 48019

address : Host name or IP address of Moogsoft AIOps.

Type : String
Required : Yes
Default : "0.0.0.0" if on premise.

use_ssl: Defines whether to use Secure Sockets Layer (SSL) certification. If you set this to True, provide SSL certificate details.

Type : Boolean
Required
: Yes
Default
: False

path_to_ssl_files : Path to the directory that contains the SSL certificates. You can use a relative path based upon the $MOOGSOFT_HOME directory. For example the default config indicates $MOOGSOFT_HOME/config .

Type : String
Required : If use_ssl = true
Default : "config"

ssl_key_filename : Name of the SSL server key file.

Type : String
Required : If use_ssl is set to True
Default : N/A

ssl_cert_filename : Name of the SSL root CA file. Must reside in the location contained in path_to_ssl_files .

Type : String
Required : If use_ssl = true
Default : N/A

use_client_certificates : Defines whether to use SSL client certification.

Type : Boolean
Required
: If use_ssl = true
Default
: False

client_ca_filename : Name of the SSL client CA file. Must reside in the location contained in path_to_ssl_files .

Type : String
Required
: If use_client_certificates = true
Default
: N/A

auth_token : Authentication token in the request body. If you define a token you must include it in the body of all requests.

Type : String
Required
: No
Default
: N/A

encrypted_auth_token : Encrypted authentication token in the request body. If you define a token you must include it in the body of all requests. Sumo Logic LAM can use e ither auth_token or encrypted_auth_token . The encrypted_auth_token property overrides auth_token .

Type : String
Required
: No
Default
: N/A

header_auth_token : Authentication token in the request header. If you define a token you must include it in the header of all requests.

Type : String
Required
: No
Default
: N/A

encrypted_header_auth_token : Encrypted authentication token in the request header. If you define a token you must include it in the header of all requests. Sumo Logic LAM can use either header_auth_token or encrypted_header_auth_token . The encrypted_header_auth_token property overrides header_auth .

Type : String
Required
: No
Default
: N/A

ssl_protocols : Sets the allowed SSL protocols.

Type : Array

Required : If protocol = POP3S or IMAPS
Valid protocols : SSLv3, TLSv1, TLSv1.1, TLSv1.2
Default : [ "TLSv1.2" ]

authentication_type : Defines the HTTP authentication type Sumo Logic uses. If set to basic Sumo Logic LAM uses the Graze login.

Type : String
Required
: Yes
One of : basic, none
Default : "basic"

authentication_cache : Defines whether a hashed version of a user's password is kept in the internal cache for the duration of the connection. If set to true it enables faster event handling. If set to false users are authenticated with each request.

Type : Boolean
Required
: If authentication_type = basic
Default
: True

accept_all_json : Allows the Sumo Logic LAM to read and process incoming requests using any valid form of JSON. If set to false, the LAM uses the Moogsoft AIOps REST LAM protocol . See Configure the REST LAM for further information.

Type : Boolean
Required
: Yes
Default
: True

lists_contain_multiple_events : Defi nes whether a JSON list is interpreted as multiple events.

Type : Boolean
Required
: If accept_all_json = true
Default
: False

num_threads : Number of worker threads to use.

Type : Integer
Required : No
Default : The number of available CPUs, up to a maximum of 8

rest_response_mode: Determines when a REST response is sent for a request.

Type : String
Required : Yes
One of : on_receipt - Send a response when a valid event is received.
event_forwarded - Send a response when an event is sent to the message bus.
event_processed - Send a response when an event is processed by the moogfarmd AlertBuilder Moolet.
Default : "event_processed"

rpc_response_timeout : The length of time to wait for a REST response from the moogfarmd AlertBuilder Moolet, in seconds.

Type : Integer
Required
: If rest_response_mode = event_processed
Default
: 20

event_ack_mode : Determines when moogfarmd acknowledges events from the Sumo Logic LAM.

Type : String
Required : Yes
One of : queued_for_processing - Acknowledge events when Moogsoft AIOps adds them to the Moolet queue.
event_processed - Acknowledge events when a Moolet processes them.
Default : "queued_for_processing"

Agent

name : Identifies events the Sumo Logic LAM sends to the Message Bus.

Type : String
Required : Yes
Default : "Sumologic"

log: Location of the Sumo Logic LAM's capture log file. The capture log contains the raw data the LAM receives. See Moogsoft AIOps Component Logs for more information.

Type : String
Required : No
Default : N/A

Process Log

configuration_file : File that specifies the configuration of the Sumo Logic LAM's process log. The process log records the activities of the LAM as it ingests raw data. See Moogsoft AIOps Component Logs for more information.

Type : String
Required : No
Default : "$MOOGSOFT_HOME/config/logging/integrations.log.json"