Alert Logic Log Managerfor Google Cloud Platform (Windows remote collector)

Download the remote collector

To download a remote collector:

  1. In the Alert Logic console, click the Settings icon (), and then click Support Information.
  2. From the Details page, click Install Guides & Downloads.
  3. In the left navigation area, click Log Management.
  4. Click Collectors.
  5. Download the appropriate collector and follow the on-screen instructions.
  6. Click the Details tab.
  7. Copy your unique registration key. You will need this later to install the remote collector.

Install the remote collector for Windows

Install the remote collector via the GUI

  1. Copy the MSI package to the target machine.
  2. Run the MSI package.

  1. In the AL Syslog Setup graphical user interface, paste your unique registration key in the Provisioning API Key field
  2. Click Install.

Install the remote collector via the command prompt

To install remote collector:

  1. Copy the MSI package to the target machine.
  2. Run MsiExec.exe, a Windows MSI package installer, with the following command-line parameter: /i [path]al_log_syslog-[version]-[type].msi
  3. (Optional) Run the installer with the following optional command-prompt parameters:
Optional modes Description
/quiet or /q[level]

This mode configures different levels of user interaction. You can use the following values to determine the desired [level].

  • f offers user interface access, which shows all dialog. This value is the default when /q is omitted.
  • r offer reduced user interface access, which does not show any dialog requiring user input, other than error popups. Normally, this mode shows the progress status only.
  • b for basic UI mode, which shows error popups and a simple progress bar only
  • n (equivalent to /q or /quiet), does not show any user interface.
/log [log file] or, for a verbose log, /l*vx [log file] This mode troubleshoots installation failures. [log file] is the path, created by the installer, to the log file.
SENSOR_HOST=[host] [host] is the IP address where the remote collector should forward logs.
SENSOR_PORT=[port] [port] is the TCP port where the remote collector should connect.
USE_PROXY={0|1} This mode specifies whether the remote collector should use WinHTTP proxy settings
PROV_KEY=[key] This command is required in provisioning only mode. [key] is your Unique Registration Key.
INSTALLDIR=[directory] [directory] is the folder where remote collector files should be installed.
REBOOT=ReallySuppress This mode suppresses any reboot prompts, which leaves the installation incomplete until the next restart.

MsiExec.exe /i al_log_syslog-3.0.0.0-0-host.msi /log al_log_syslog_install.log /quiet PROV_KEY=da39a3ee5e6b4b0d3255bfef95601890afd80709

Create a collection alert rule

You can create a collection alert in Alert Logic Log Manager to receive notification if collection stops for any reason.

You must first create a collection alert and then apply the alert to the source.

To create a collection alert:

  1. At the top of the Alert Logic console, from the drop-down menu, select Log Manager.
  2. In the left navigation, under Alert Rules, click Collection.
  3. In the table of alert rules, in the Actions column, click the gear icon (), and select New Collection Alert.
  4. In Collection Alert Name, type a descriptive name.
  5. In Time without logs, type a number value in minutes.
  6. In Time Between Alert Occurrences, type a number value in minutes.

You cannot specify a number value of more than 3,600.

  1. In Email Addresses, type an email address. To add multiple email addresses, separate each entry with a comma.
  1. Select Send Alert Once to receive alerts only once.
  2. Click Save

Apply a collection alert rule

To apply the collection alert to a log source:

  1. In the left navigation, under Collection, click Sources.
  2. In Select Some Options, click the empty and select a log source type and then click Apply Filters.
  3. In the table of log sources, in the Actions column, click the gear icon ().
  4. Select Mass Edit.
  5.  In Apply changes to, select All Sources.
    • Select Only Selected Sources to choose an individual log source from the table.
  6.  Select your collection alert in Collection Policy.
  1. Click Apply.

Related topics