Get Started with Alert Logic Log Manager

Alert Logic Log Manager collects, aggregates, and normalizes log data whether it originates in your own data center, a hosted environment, or the cloud. Flexible data collection options – physical appliances, remote collectors with lightweight agents or agentless methodology, and cloud native APIs – provide low-impact deployment options for all of your infrastructure.

Your Deployment Services contact provides much of the setup information, and this guide supplements that guidance. If you have any questions, call your assigned Deployment Services contact.

Set up firewall rules

Log Manager requires that you update your firewall rules to allow Alert Logic access to your system. For more information, see the Firewall rules guide.

Integrate Log Manager with cloud deployments

Before Alert Logic can manage the protection of your AWS and Azure accounts, you must provide Alert Logic with access to your account.

Configure cross-account roles in AWS

Configure RBAC roles in Azure

Manual deployments, which utilize a physical appliance, have no extra steps for Log Manager integration.

Create a deployment

The Deployments page in the Alert Logic console shows all the implementations of Log Manager, and it allows you to add, edit, and delete deployments.

To create a deployment:

  1. In the Alert Logic console, click CONFIGURATION, and then click Deployments.
  2. Click the add icon ().
  3. Select the appropriate cloud service.
  4. Enter the requested information.
  • For an AWS deployment:
    • Enter the Role ARN.
    • Check the box at the bottom if you want to use cross-account CloudTrail to centralize CloudTrail log collection, and then enter the Role ARN for the receiving account.
  • For a Microsoft Azure deployment:

    • Enter the Environment Name
    • Enter the Subscription ID
    • Enter the Active Directory ID
    • Enter the User Name
    • Enter the Password

  1. Click SAVE.

For more detailed information about Deployments, see Deployments.

Install appliance

Deployments on cloud services use the roles created above to automatically install appliances. Manual deployments must follow this set of instructions.

When an appliance is automatically provisioned, the system creates one or two assignment policies, using the following guidelines:

  • Alert Logic creates an assignment policy for each appliance during the provisioning process.
  • If no VPC or VNet assignment policy exists, Alert Logic creates one and assigns the appliance to it.
  • If a VPC or VNet assignment policy exists, Alert Logic assigns the appliance to it.

Determine how you will deploy Log Manager, and then install the appropriate physical or virtual appliance.

You will need your unique registration key for the appliance installation. To locate your unique registration key, navigate to the Support page in the Alert Logic console. Click Downloads, and your unique registration key appears on the tab.

Configure agents and agentless collection

Agents and other collection options

To use Log Manager functions, you must install the Alert Logic agent, or set up agentless collection, and then configure the collection sources to send data to the appliance.

If you have an active IAM or RBAC role (for AWS or Azure, respectively), and have configured agents to automatically update, the agent you install automatically assigns itself to the local appliance and you need not enter the Unique Registration Key.

Configure Log Manager collection sources and policies

After deployment is complete, you must configure collection options and several other items within Log Manager. To set up Log Manager, you must:

  1. Set up collection sources.
  2. Modify policies. Log Manager deploys with default policies. AWS deployments automatically configure these policies for you for their environment. To create and edit Log Manager policies, refer to the Log Manager policies guide.