Alert Logic Log Managerfor Google Cloud Platform (Windows agent)
- Review the Requirements for Alert Logic Log Manager for Google Cloud Platform.
-
For your convenience, the Alert Logic agent activates collection for Threat Manager, Log Manager, and Web Security Manager. For more information, please contact Technical Support: US:(877) 484-8383, EU: +44 (0) 203 011 5533.
Download the agent
To download the agent:
- In the Alert Logic console, open the Settings menu, and then click Support Information.
- From the menu bar, click Quick Install Guide and Downloads.
- Download the appropriate agent and follow the on-screen instructions.
- For Windows users, click Windows Agents, and then select the desired agent.
- For Linux users, click Linux Agents. Linux users can select either Debian-based agent installers or RPM-based agent installers. Both installers are available in a 32-bit or 64-bit format.
- Locate the Unique Registration Key from the Downloads screen. Copy your unique registration key. You will need to enter this key to install the agent.
If you have an active RBAC role, and have configured agents to automatically update, the agent you install automatically assigns itself to the local appliance and you need not enter the Unique Registration Key.
Alert Logic uses the Unique Registration Key to assign the agent to your Alert Logic account.
Install the agent for Windows
Install the agent via the GUI
To install the agent:
This method does not support image capture.
- Run the MSI package.
- In Provisioning API Key, paste your Unique Registration Key.
If you have an active RBAC role, and have configured agents to automatically update, the agent you install automatically assigns itself to the local appliance and you need not enter the Unique Registration Key.
- In Provision, select During Setup.
- In Proxy Setting, select a connection method if you want traffic to pass through a proxy. You can connect via Direct Connection or a web proxy. You can also enter the URL of the proxy server.
- Click Install.
- Verify that the agent has registered with the Alert Logic console. To do so, navigate to the deployment the agent is assigned to, click Hosts and Sources, click Sources, and then search for the agent.
Agent registration can take several minutes.
Install the agent via the command prompt and capture the image
To install the agent via the command prompt and capture the image:
- Copy the MSI file to the target machine.
- Type the following command:
msiexec /i [path to MSI file] prov_key=[unique registration key] /q
- /i installs the agent normally.
- prov_key=[unique registration key] is your Unique Registration Key.
msiexec /i c:\downloads\al-agent-1.0.33.msi prov_only=host prov_key=da39a3ee5e6b4b0d3255bfef95641890dnu80799/q
- (Optional) If you have set up a NAT or virtual appliance and you want to use it as a single point of egress, enter the corresponding host name or IP address or port via the following command prompt parameters:
- sensor_host=[host] indicates the IP address where the agent should forward logs.
- sensor_port=[port] indicates the TCP port where the agent should connect.
-
Once you are finished preparing the image, set the agent service start type to Automatic.
- Verify that the agent has registered with the Alert Logic console. To do so, click Deployments, click the deployment the agent is assigned to, click Hosts and Sources, click Sources, and then search for your agent.
Agent registration can take several minutes.
Create a collection alert rule
You can create a collection alert in Alert Logic Log Manager to receive notification if collection stops for any reason.
You must first create a collection alert and then apply the alert to the source.
To create a collection alert:
- At the top of the Alert Logic console, from the drop-down menu, select Log Manager.
- In the left navigation, under Alert Rules, click Collection.
- In the table of alert rules, in the Actions column, click the gear icon (), and select New Collection Alert.
- In Collection Alert Name, type a descriptive name.
- In Time without logs, type a number value in minutes.
- In Time Between Alert Occurrences, type a number value in minutes.
You cannot specify a number value of more than 3,600.
- In Email Addresses, type an email address. To add multiple email addresses, separate each entry with a comma.
- Select Send Alert Once to receive alerts only once.
- Click Save
Apply a collection alert rule
To apply the collection alert to a log source:
- In the left navigation, under Collection, click Sources.
- In Select Some Options, click the empty and select a log source type and then click Apply Filters.
- In the table of log sources, in the Actions column, click the gear icon ().
- Select Mass Edit.
- In Apply changes to, select All Sources.
- Select Only Selected Sources to choose an individual log source from the table.
- Select your collection alert in Collection Policy.
- Click Apply.