Using Fortanix DSM with Sumo Logic (SIEM) Integration Guide for Windows Server

  • Updated on Apr 21, 2025
  • Published on Jun 27, 2024
  • 3 minute(s) read
Prev Next

1.0 Introduction 

This article describes how to integrate Fortanix-Data-Security-Manager (DSM) with Sumo Logic (SIEM) on Windows Server. 

2.0 Terminology

  • DSM - Data Security Manager

    Data Security Manager is the cloud solution secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as secrets, such as passwords, API keys, tokens, or any blob of data. 

  • Sumo Logic 

    Sumo Logic is a security information and event management (SIEM) solution that provides security analysts with enhanced visibility across the enterprise to thoroughly understand the impact and context of an attack. Sumo Logic offers streamlined workflows that automatically triage alerts to maximize security analyst efficiency and focus. 

3.0 Download and Install Sumo Logic Collector in Windows 

3.1 System Requirements

 System requirements for Windows: 

  • Windows 7, 32 or 64 bit 

  • Windows 8, 32 or 64 bit 

  • Windows 8.1, 32 or 64 bit 

  • Windows 10, 32 or 64 bit 

  • Windows Server 2012 

  • Windows Server 2016 

  • Windows Server 2019 

  • Single core, 512MB RAM 

  • 8GB disk space 

  • Package installers require TLS 1.2 or higher

3.2 Download the Collector 

Download the collector in one of the following ways:  

  • Through user interface (UI):

    • In Sumo Logic, select  Manage Data → Collection → Collection.

    • Click Add Collector → Installed Collector.

    • Click the link for the collector to begin the download. 

  • Through Web Browser:

3.3 Generate Access Keys

Perform the following steps to generate access keys: 

  1. On the UI click Profile → Preferences → Add Access Key.  

    Add_Access_Key.png

    Figure 1: Add Access Key

  2. Enter a name for the key and click Create Key

    Create_Access_Key.png

    Figure 2: Create Access Key

For more details, refer to the article Access Keys.  

3.4 Install the Connector 

You can choose one of the following methods to install the Collector: 

  • UI installer (This method does not support all advanced settings) 

    To install the connecter using UI installer:

    1. Extract the zip file you downloaded in Section 3.2: Download the Collector.

    2. Right click on the .EXE file and click Run.

    3. Enter your admin username and password if prompted.

    4. Click Next and when prompted enter a name for the collector.

      Enter_Collector_Name.png

      Figure 3: Enter Collector Name

    5. When prompted to select URL, select Override the Default URL and enter the Fortanix DSM URL. For example, amer.smartkey.io.

      Enter the URL1.png

      Figure 4: Enter the URL

    6. When prompted enter the Access Key and Key ID generated in Section 3.3: Generate Access Keys.

    7. Keep clicking Next and click Finish when the installation is complete.

  • Command line installer

    The easiest and fastest way to install the connector is by using the command line installer. To install the connector using the command line installer:

    1. From the command prompt, run the downloaded .EXE file with the parameters that you want to configure. See Parameters for the Command Line Installer for a description of the parameters.

    2. When you see the Finishing installation.. message, close the command prompt window. The installation is complete.

    NOTE

    1. The -console parameter is required to display output messages from the installation.

    2. For Powershell Users: When using quiet mode installation on Windows with Microsoft PowerShell, the parameters following -console -q must be escaped with quotes, for example:

    SumoCollector.exe -console -q "-Vsumo.accessid=<accessId>" "-Vsumo.accesskey=<accessKey>" "-Vsources=<filepath>"

    To learn more about installing a collector on Windows, refer to the article Install a Collector on Windows. 

    Once the collector is installed, it appears under Manage → Collection.

    Collector_Appears_in_Sumo_Logic.png

    Figure 5: Collector Appears in Sumo Logic

3.5 Configure Syslog Server on Windows

3.5.1 Configure Syslog Server on Sumo Logic

  1. Click Manage Data → Collection

  2. Click Edit next to Syslog Server

  3. Select Protocol as TCP, Port as 514, leave the rest of the settings as default, and then click Save

    Configure_the_Connector_in_Sumo_Logic.png

    Figure 6: Configure the Connector in Sumo Logic

3.5.2 Configure Syslog Server on Fortanix DSM

  1. Log in to the Fortanix DSM.

  2. Click Settings → Log Managements

  3. Click Syslog

    Configure_the_Connector_in_Fortanix_DSM.png

    Figure 7: Configure the Connector in Fortanix DSM

  4. Update the Host IP. Host IP is the server where you have installed the Sumo Collector.  

    Edit_Connector_Configuration_in_Fortanix_DSM.png

    Figure 8: Edit Syslog Server Configuration in Fortanix DSM

  5. Click the SAVE CHANGES button.

3.6 View Audit Logs on Sumo Logic

Once all the above steps are completed, you can see all the audit logs in the Sumo Logic Screen. 

View_Audit_Logs_in_Sumo_Logic.png

Figure 9: View Audit Logs in Sumo Logic

You can further customize the data and chart by writing a query on the search bar. For example: 

_sourceCategory="Fortanix" and _collector="sumologictest" |
logreduce
| timeslice 1h
| count by _timeslice
| order by _timeslice

Related articles