Export Logs to Sumo Logic

The Auth0 Logs to Sumo Logic extension consists of a scheduled job that exports your Auth0 logs to Sumo Logic. This document will guide you through the process of setting up this integration.

To learn more, read Start Here on Sumo Logic.

Create a Sumo Logic HTTP endpoint

  1. Log in to Sumo Logic and from the top menu, select Manage > Setup Wizard.

    Dashboard - Extensions - Sumologic - Sumologic Setup Wizard
  2. On the next screen, click Set Up Streaming Data.

  3. At the Select Data Type page, select Your Custom App.

    Dashboard - Extensions - Sumologic - Sumologic Data Type
  4. Select HTTP Source as the way to collect the logs.

    Dashboard - Extensions - Sumologic - Sumologic Setup Collection
  5. Modify the Source Category and select a time zone for your log file. Click Continue.

  6. You should now be provided with a URL. This is the HTTP Source that Sumo Logic configured for you. Copy the value and click Continue. Exit the setup wizard.

    Dashboard - Extensions - Sumologic - Sumologic Http Source
  7. Go back to the Auth0 Dashboard to set the value you copied as the value for SUMOLOGIC_URL.

Configure the extension

To install and configure this extension:

  1. Navigate to Auth0 Dashboard > Extensions, and select Auth0 Logs to Sumo Logic. The Install Extension window opens.

    Dashboard - Extensions - Sumo Logic - Install
  2. Set the following configuration parameters, and select Install:

  • Schedule: The frequency with which logs should be exported. The schedule can be customized even further after creation.

  • BATCH_SIZE: The number of logs to be sent per batch. Maximum is 100. Logs are batched before sending, and multiple batches are sent each time the extension runs.

  • SUMOLOGIC_URL: Your Sumo Logic HTTP Collector endpoint. Set the value you copied when creating the Sumo Logic HTTP endpoint.

  • LOG_LEVEL: The minimal log level of events that you would like sent to Sumo Logic.

  • LOG_TYPES: The events for which logs should be exported.

  • START_FROM: The log_id of the log from which you would like to start sending. The default is to start with the oldest available log.

  • SLACK_INCOMING_WEBHOOK_URL: The specific Slack webhook to which you want to send reports from the extension.

  • SLACK_SEND_SUCCESS: Choose whether to send verbose notifications to Slack. Useful for troubleshooting.

The integration between Auth0 and Sumo Logic is now in place!

Batch size

When setting your BATCH_SIZE, please keep the following information in mind.

During each time frame/window (defined by your chosen Schedule), outstanding logs will be batched into groups and sent. The size of each group is determined by the BATCH_SIZE value.

In other words, during each window, NUM_BATCHES batches of logs will be sent based on the following logic:

IF (NUM_LOGS modulo 100 == 0): NUM_BATCHES = (NUM_LOGS / BATCH_SIZE) ELSE: NUM_BATCHES = (NUM_LOGS / BATCH_SIZE) + 1

In the ELSE case, the last batch will have < 100 logs.

View results

The integration you just set up created a scheduled job that is responsible for exporting the logs.

To view this scheduled job:

  1. Navigate to Auth0 Dashboard > Extensions, and select Installed Extensions.

  2. Select Auth0 Logs to Sumo Logic. The job you just created appears. You can modify its state by toggling the State switch, see when the next run is due, and see the result of the last execution.

    Dashboard - Extensions - Azure - View Cron Jobs

You can view more details by clicking on the job you created. On this page, you can view details for each execution, reschedule the job, access realtime logs, and more.

Dashboard - Extensions - Azure - View Cron Details

That's it; you are done! You can now navigate to Sumo Logic and view your Auth0 Logs by selecting the configured system.

Dashboard - Extensions - Sumologic - Auth0 Logs at Sumologic

Replay logs

In the event of a Sumo Logic failure or service interruption, you can replay the logs starting from the failed log.

To replay logs:

  1. Get the checkpoint ID of the failed log.

  2. Navigate to Auth0 Dashboard > Extensions, and select Installed Extensions.

  3. Select the gear icon to view Auth0 Logs to Sumo Logic extension settings.

  4. Enter the checkpoint ID in the START_FROM field.

  5. Select Save.

Integrate with Slack

This extension can send failed transaction notifications to Slack with the checkpoint code displayed in the message. To set up the integration:

  1. Get the Slack Incoming Webhook URL.

  2. Navigate to Auth0 Dashboard > Extensions, and select Installed Extensions.

  3. Select the gear icon to view Auth0 Logs to Sumo Logic extension settings.

  4. Enter the Slack Incoming Webhook URL in the SLACK_INCOMING_WEBHOOK field.

  5. Select Save.

You can also enable verbose notifications by enabling the SLACK_SEND_SUCCESS setting.

Use the Auth0 Dashboard

At Auth0, we have been using the Auth0 to Sumo Logic extension since it was first released, and it's proven to be useful for staying on top of what's happening with our own Auth0 accounts and our internal users. Sumo Logic makes it easy to see the latest failed logins, find and alert on error messages, create charts to visualize trends, or even do complex statistical analysis on your data.

To help us (and our customers) visualize these logs, we spent some time creating a dashboard. The Sumo Logic for Auth0 dashboard shows you the output of several saved searches all on one easy-to-read screen and makes it easy to zoom in or drill down when something looks interesting.

Dashboard - Extensions - Sumologic - Auth0 Dashboard

If you're a Sumo Logic customer and are interested in trying out this dashboard, you can find details on installing the Auth0 App for the Sumo Logic extension here: Install the Auth0 App.

Once it's available through your account, you're free to customize it, add to it, create alerts based on the searches, or do anything else that you find useful.

Have fun analyzing and visualizing those logs!