Using Fortanix DSM with Sumo Logic (SIEM) Integration Guide for Linux Server

  • Updated on Mar 12, 2025
  • Published on Jun 27, 2024
  • 3 minute(s) read

1.0 Introduction 

This document describes how to integrate Fortanix-Data-Security-Manager (DSM) with Sumo Logic (SIEM) on Linux Server. 

2.0 Terminology

  • DSM – Data Security Manager 

    Data Security Manager is the cloud solution secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as secrets, such as passwords, API keys, tokens, or any blob of data. 

  • Sumo Logic 

    Sumo Logic is a security information and event management (SIEM) solution that provides security analysts with enhanced visibility across the enterprise to thoroughly understand the impact and context of an attack. Sumo Logic offers streamlined workflows that automatically triage alerts to maximize security analyst efficiency and focus. 

3.0 Download and Install Sumo Logic Collector in Linux 

3.1 System Requirements

 System requirements for Linux: 

  • Linux, major distributions 64-bit, or any generic Unix capable of running Java 1.8

  • Single core, 512MB RAM

  • 8GB disk space

  • Package installers require TLS 1.2 or higher

3.2 Download the Collector 

Download the collector in one of the following ways:  

  • Through user interface (UI):

    • In Sumo Logic, select Manage Data → Collection → Collection.

    • Click Add Collector → Installed Collector.

    • Click the link for the collector to begin the download. 

  • Through Web Browser:

Fortanix recommends using the collector manually by downloading the .sh installation file corresponding to your endpoint. For example, for downloading the collector for Linux 64 bit, use the link:
https://collectors.in.sumologic.com/rest/download/linux/64

Run the following command:


ubuntu@sumologictest:~$ sudo wget https://collectors.in.sumologic.com/rest/download/linux/64
--2022-05-11 05:22:09-- https://collectors.in.sumologic.com/rest/download/linux/64
Resolving collectors.in.sumologic.com (collectors.in.sumologic.com)... 13.126.102.227, 65.2.26.137, 65.1.116.61, ...
Connecting to collectors.in.sumologic.com (collectors.in.sumologic.com)|13.126.102.227|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 84905788 (81M) [application/octet-stream]
Saving to: '64.1'

64.1                               100%[=======================================================================>]  80.97M  93.5MB/s    in 0.9s

2022-05-11 05:22:11 (93.5 MB/s) - '64.1' saved [84905788/84905788]
Downloading_the_Connector_on_Linux_64_bit_Server.png

Figure 1: Downloading the Connector on Linux 64 bit Server

3.3 Generate Access Keys

To generate access keys: 

  1. On the UI click Profile → Preferences → Add Access Key.  

    Add_Access_Key.png

    Figure 2: Add Access Key

  2. Enter a name for the key and click Create Key

    Create_Access_Key.png

    Figure 3: Create Access Key

For more details, refer to the article Access Keys.  

3.4 Install the Collector 

You can choose one of the following methods to install the Collector:

The easiest and the fastest way to install the connector is by using the command displayed below and replacing the values of accesskey and accessid.

ubuntu@sumologictest:~$ sudo ./SumoCollector.sh -q -Vsumo.accessid=suVzuyDcEwXy6u -Vsumo.accesskey=Kjpta1Obvs5SZMSYoyxYrAKNBTTtrgtPdSTLNXRyRZYS4zyzGcwZaBOauyQfmbih 
Unpacking JRE ...
Starting Installer ...
2022-05-11 05:25:14,118 main WARN The bufferSize is set to 8192 but bufferedIo is false: false
Uninstalling previous version
Extracting files...
Finishing installation...

To learn more about installing a collector on Linux, refer to the article Install a Collector on Linux. 

Once the collector is installed, it appears under Manage → Collection.

Collector_Appears_in_Sumo_Logic.png

Figure 4: Collector Appears in Sumo Logic

3.5 Configure Syslog Server

3.5.1 Configure Syslog Server on Sumo Logic 

  1. Click Manage Data → Collection

  2. Click Edit next to Syslog Server

  3. Select Protocol as TCP, Port as 514, leave the rest of the settings as default, and then click Save

    Configure_the_Connector_in_Sumo_Logic.png

    Figure 5: Configure the Connector in Sumo Logic

3.5.2 Configure Syslog Server on Fortanix DSM 

  1. Log in to Fortanix DSM.

  2. Click Settings → LOG MANAGEMENT

  3. Click EDIT CONFIGURATION for Syslog. 

    Configure_the_Connector_in_Fortanix_DSM.png

    Figure 6: Configure the Syslog Server in Fortanix DSM

  4. update the Host IP. Host IP is the server where you have installed the Sumo Collector.  

    Edit_Connector_Configuration_in_Fortanix_DSM.png

    Figure 7: Edit Syslog Server Configuration in Fortanix DSM

3.6 View Audit Logs in Sumo Logic

Once all the above steps are completed, you can see all the audit logs in the Sumo Logic Screen. 

View_Audit_Logs_in_Sumo_Logic.png

Figure 8: View Audit Logs in Sumo Logic

You can further customize the data and chart by writing a query on the search bar. For example: 

_sourceCategory="Fortanix" and _collector="sumologictest" |
logreduce
| timeslice 1h
| count by _timeslice
| order by _timeslice

Related articles