Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.asymptotelabs.ai/llms.txt

Use this file to discover all available pages before exploring further.

beacon endpoint sumo

Use beacon endpoint sumo to generate Sumo Logic HTTP Source forwarding content for Beacon endpoint events. The generated pack keeps Beacon as a local JSONL producer and helps your customer-managed shipper upload runtime.jsonl to a Sumo Logic Hosted Collector HTTP Logs & Metrics Source. Beacon does not store Sumo Source URLs, tokens, or collector configuration. Keep those values in your shipper configuration, endpoint-management secret store, or deployment tooling. 
beacon endpoint sumo [command]

Commands

beacon endpoint sumo print-config

Print a Sumo HTTP Source smoke-test uploader for the configured runtime log.

beacon endpoint sumo install-pack

Write Sumo Logic HTTP Source forwarding content to a directory.

beacon endpoint sumo validate

Write and describe a Beacon Sumo Logic validation event.

Runtime log paths

ModePath
User mode~/.beacon/endpoint/logs/runtime.jsonl
System mode/var/log/beacon-agent/runtime.jsonl

beacon endpoint sumo print-config

beacon endpoint sumo print-config prints a Sumo Logic HTTP Source smoke-test uploader for the configured Beacon runtime JSONL log. 
beacon endpoint sumo print-config
Use this command when you want to copy the one-shot upload script into an existing validation workflow. For production forwarding, use a tailing forwarder that checkpoints offsets instead of repeatedly uploading the whole file.

Examples

Print a smoke-test uploader for the default per-user Beacon install: 
beacon endpoint sumo print-config
Print a smoke-test uploader for a system-mode MDM deployment: 
sudo /opt/beacon/bin/beacon endpoint sumo print-config --system
Print a smoke-test uploader for a custom runtime log: 
beacon endpoint sumo print-config --log-path /path/to/runtime.jsonl

Flags

FlagDescription
--userUse per-user endpoint paths. Enabled by default
--systemUse system endpoint paths and launch daemon
--log-path <path>Runtime JSONL log path

beacon endpoint sumo install-pack

beacon endpoint sumo install-pack writes Sumo Logic HTTP Source forwarding content to a directory. 
beacon endpoint sumo install-pack --output ./beacon-sumo-pack
The pack includes setup instructions, a one-shot upload smoke-test script, and sample Beacon endpoint events.

Examples

Generate a content pack for the default per-user install: 
beacon endpoint sumo install-pack --output ./beacon-sumo-pack
Generate a content pack for a system-mode deployment: 
sudo /opt/beacon/bin/beacon endpoint sumo install-pack \
  --system \
  --output ./beacon-sumo-pack
Generate a content pack for a custom runtime log: 
beacon endpoint sumo install-pack \
  --output ./beacon-sumo-pack \
  --log-path /path/to/runtime.jsonl

Flags

FlagDescription
--output <dir>Output directory for the Sumo Logic content pack. Defaults to beacon-sumo-pack
--userUse per-user endpoint paths. Enabled by default
--systemUse system endpoint paths and launch daemon
--log-path <path>Runtime JSONL log path

beacon endpoint sumo validate

beacon endpoint sumo validate writes a Beacon validation event to the runtime JSONL log and prints the expected Sumo Logic fields and validation query. 
beacon endpoint sumo validate

Examples

Write a validation event for the default per-user install: 
beacon endpoint sumo validate
Write a validation event for a system-mode deployment: 
sudo /opt/beacon/bin/beacon endpoint sumo validate --system
Write a validation event to a custom runtime log: 
beacon endpoint sumo validate --log-path /path/to/runtime.jsonl
The validation command prints a Sumo Logic query: 
_sourceCategory=security/agentbeacon "Beacon endpoint Sumo validation event"

Flags

FlagDescription
--userUse per-user endpoint paths. Enabled by default
--systemUse system endpoint paths and launch daemon
--log-path <path>Runtime JSONL log path

Sumo Logic forwarding

Configure Sumo Logic Hosted Collector HTTP Source forwarding for Beacon events.

SIEM forwarding

Review forwarding patterns and validation steps.

Endpoint agent

Install and inspect the local endpoint agent.

Endpoint event schema

Review normalized Beacon JSONL fields and example events.