Alert Logic Log Manager for Rackspace Public Cloud (Linux remote collector)

Download the remote collector

To download a remote collector:

1. In the Alert Logic console, click the Settings icon (), and then click Support Information.
2. From the Details page, click Install Guides & Downloads.
3. In the left navigation area, click Log Management.
4. Click Collectors.
5. Download the appropriate collector and follow the on-screen instructions.
6. Click the Details tab.
7. Copy your unique registration key. You will need this later to install the remote collector.

Install the remote collector for Linux

Install the remote collector for RPM-based distributions

To install a remote collector:

1. Download the RPM package to the target machine.
2. Run the following commands and replace <version> and <UNIQUEREGISTRATIONKEY> with the desired version and your Unique Registration Key, respectively.
   
   • rpm -u al-log-syslog-<version>*.rpm
   • /etc/init.d/al-log-syslog provision --key <UNIQUEREGISTRATIONKEY>
   • /etc/init.d/al-log-syslog start
3. Direct all syslogs to the remote collector on inbound port 1514.
4. If you use an rsyslog daemon, add the following line to rsyslog.conf:
   *.* @@yourIPaddress:1514;RSYSLOG_FileFormat

5. If you use a syslog-ng daemon, add the following lines to syslog-ng.conf
   • destination
   • d_alertlogic {tcp("yourIPaddress" port(1514));};
   • log { source(s_src); yourIPaddress(d_alertlogic); };

Install the remote collector for Debian-based distributions

To install a remote collector:

1. Download the Debian package to the target machine.
2. Run the following commands and replace <version> and <UNIQUEREGISTRATIONKEY> with the desired version and your Unique Registration Key, respectively.
   • dpkg -i al-log-syslog-<version>*.deb
   • /etc/init.d/al-log-syslog provision --key <UNIQUEREGISTRATIONKEY>
   • /etc/init.d/al-log-syslog start
3. If you use an rsyslog daemon, add the following line to rsyslog.conf to configure your syslog device to forward logs to port 1514: *.* @@yourIPaddress:1514;RSYSLOG_FileFormat
4. If you use a syslog-ng daemon, add the following lines to syslog-ng.conf:
   • destination d_alertlogic {tcp("yourIPaddress" port(1514));};
   • log { source(s_src); yourIPaddress(d_alertlogic); };

Create a collection alert rule

You can create a collection alert in Alert Logic Log Manager to receive notification if collection stops for any reason.

You must first create a collection alert and then apply the alert to the source.

To create a collection alert:

1. At the top of the Alert Logic console, from the drop-down menu, select Log Manager.
2. In the left navigation, under Alert Rules, click Collection.
3. In the table of alert rules, in the Actions column, click the gear icon (), and select New Collection Alert.
4. In Collection Alert Name, type a descriptive name.
5. In Time without logs, type a number value in minutes.
6. In Time Between Alert Occurrences, type a number value in minutes.

7. In Email Addresses, type an email address. To add multiple email addresses, separate each entry with a comma.

8. Select Send Alert Once to receive alerts only once.
9. Click Save

Apply a collection alert rule

To apply the collection alert to a log source:

1. In the left navigation, under Collection, click Sources.
2. In Select Some Options, click the empty and select a log source type and then click Apply Filters.
3. In the table of log sources, in the Actions column, click the gear icon ().
4. Select Mass Edit.
5.  In Apply changes to, select All Sources.
   • Select Only Selected Sources to choose an individual log source from the table.
6.  Select your collection alert in Collection Policy.

7. Click Apply.

Related topics