# Sumo Logic

## Usage <a href="#usage" id="usage"></a>

The Sumo Logic syslog-based integration with the Netography product provides powerful log management and analytics capabilities tailored for modern applications.

This integration offers streamlined visibility into network behaviors, security incidents, and operational trends. It enhances the ability to detect anomalies, respond to threats, and optimize performance across the network. You can automate alerts and derive actionable insights, making it a vital tool for network management, compliance, and continuous improvement.

## Netography Portal Steps <a href="#netography-portal-steps" id="netography-portal-steps"></a>

In **Settings > Response Integrations**, click **Add Integration**. Select **Sumo Logic**\`

![](/files/YZsIkKL2w7oS7YexDWIm)

## Configuration <a href="#configuration" id="configuration"></a>

The following fields are specific to the Sumo Logic integration.

| Field        | Required | Description                                                                            | Example                 |
| ------------ | -------- | -------------------------------------------------------------------------------------- | ----------------------- |
| `Host`       | yes      | The hostname or IP address of the Sumo Logic server                                    | `sumologic.example.com` |
| `Facility`   | no       | The syslog facility level to be used (e.g., auth, cron, daemon, etc.)                  | `auth`                  |
| `Syslog Tag` | no       | The tag to be appended to each syslog message, used for easier filtering and searching | `neto.event`            |
| `Output`     | no       | Specifies the format in which the syslog messages are sent                             | `DEFAULT`               |

{% hint style="info" %}
**📘After your configuration is submitted, the Sumo Logic integration will be treated as a standard syslog integration in the Fusion portal.**
{% endhint %}

### Additional post configuration <a href="#additional-post-configuration" id="additional-post-configuration"></a>

After the Sumo Logic configuration is setup, you will need to configure a Response Policy in the Fusion portal and a custom parser in Sumo Logic to receive events from Fusion.

#### Configure a Response Policy to Sent Events to Sumo Logic <a href="#configure-a-response-policy-to-sent-events-to-sumo-logic" id="configure-a-response-policy-to-sent-events-to-sumo-logic"></a>

You can configure response policies in the portal by navigating to **Response -> Response Policies -> Add Response Policy**.

#### Configure Sumo Logic Custom Parser <a href="#configure-sumo-logic-custom-parser" id="configure-sumo-logic-custom-parser"></a>

To configure the custom log parser from Sumo Logic, follow the [custom parser](https://help.sumologic.com/docs/cse/schema/parser-editor/#configure-and-test-a-custom-parser) guide in Sumo Logic.

{% hint style="warning" %}
**🚧Ingested events in Sumo Logic will default to JSON format**
{% endhint %}

To get logs from the Fusion Portal to use for Panther's custom parser, go to **Search -> Events**, select an event. view the **raw record** from the properties tray, select the **JSON** tab, and click the top level clipboard icon as shown below:

![](/files/NIuBHlZB3WVtfn8AymzN)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fusion.vectra.ai/automate-responses/configuring-response-integrations/sumo-logic.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.