Install the Alert Logic agent for Windows

Alert Logic provides a single agent that supports Threat Manager, Log Manager, and Web Security Manager. The agent gathers data that Alert Logic must collect for analysis, such as log messages and network traffic, as well as metadata and host identification information. You can assign a maximum of 500 agents per corresponding appliance in both Linux and Windows, regardless of appliance size. Refer to the Requirements for the Alert Logic agent page for the minimum system requirements to communicate with the physical appliance.

For more information, please contact Technical Support: US:(877) 484-8383, EU: +44 (0) 203 011 5533

Download the agent

To download the agent:

1. In the Alert Logic console, open the Settings menu, and then click Support Information.
2. From the menu bar, click Quick Install Guide and Downloads.
3. Download the appropriate agent and follow the on-screen instructions.
   • For Windows users, click Windows Agents, and then select the desired agent.
   • For Linux users, click Linux Agents. Linux users can select either Debian-based agent installers or RPM-based agent installers. Both installers are available in a 32-bit or 64-bit format.
     
4. Locate the Unique Registration Key from the Downloads screen. Copy your unique registration key. You will need to enter this key to install the agent.
   

Install the agent

Install the agent via the GUI

To install the agent:

1. Run the MSI package.

2. In Provisioning API Key, paste your Unique Registration Key.

3. In Provision, select During Setup.
4. In Proxy Setting, select a connection method if you want traffic to pass through a proxy. You can connect via Direct Connection or a web proxy. You can also enter the URL of the proxy server.
   
5. Click Install.
6. Verify that the agent has registered with the Alert Logic console. To do so, navigate to the deployment the agent is assigned to, click Hosts and Sources, click Sources, and then search for the agent.

Install the agent via command prompt

To install the agent: 

1. Copy the MSI file to the target machine.
2. Type the following command: 
   

   msiexec /i [path to MSI file] prov_key=[unique registration key] install_only=1 /q

   • /i installs the agent normally
   • prov_key=[unique registration key] is your Unique Registration Key
   • Command prompt example:
     msiexec /i c:\downloads\al-agent-2.1.2.msi prov_key=da39EXAMPLEd3255bfef95641890dnu80799 install_only=1 /q
   

   If you previously installed the Alert Logic agent on the host, the system may reboot to complete the installation. If you want to avoid the system reboot, and consequently pause the installation process until you manually reboot, append to the command prompt:
   REBOOT=ReallySuppress

3. (Optional) If you have set up a NAT or virtual appliance and you want to use it as a single point of egress, enter the corresponding host name or IP address or port via the following command prompt parameters:
   • sensor_host=[host] indicates the IP address where the agent should forward logs.
   • sensor_port=[port] indicates the TCP port where the agent should connect.
     

   For other command prompts parameters, see (Optional) Windows command-prompt installation parameters .

4. Once you are finished preparing the image, set the agent service start type to Automatic:
   sc config al_agent start= auto
   

   

   Do not start the agent or reboot the image before capturing the image of your virtual machine.

5. (Optional) You can capture an image of the virtual machine that contains the installed agent.
6. (Optional) Start an instance of the saved image and verify that the agent has registered with the Alert Logic console.
   If you need to edit your OS image at any point, you must ensure when saving that the Alert Logic agent is *not* registered. You can accomplish this by stopping the agent with:
   sc stop al_agent
   Then, if it is present, remove the files:
   %CommonProgramFiles(x86)%\AlertLogic\host_crt.pem
   %CommonProgramFiles(x86)%\AlertLogic\host_key.pem
   where %CommonProgramFiles(x86)% refers to "C:\Program Files\Common Files" for x86 versions of windows and "C:\Program Files (x86)\Common Files" for amd64 and ia64 versions.

(Optional) Windows command-prompt installation parameters

To use optional command-prompt parameters during the Alert Logic agent installation, review the following:

Optional command-prompt parameters	Description
/quiet or /q[level]	Use this option to create different levels of user access. Use the following values for [level]: f permits a full Alert Logic console mode, which shows all dialog. This value is the default setting when /q is omitted. r permits a reduced Alert Logic console mode, which does not show any dialog requiring user input, other than error popups. Normally, this mode shows the progress status only. b permits a basic Alert Logic console mode, which shows error popups and a simple progress bar only. n is similar to to /q or /quiet, which does not show any Alert Logic console.
/log [log file] (or for a verbose log /l*vx [log file])	Use this option to troubleshoot installation failures. [log file] is the path, created by the installer, to the log file.
sensor_host=[host]	Use [host] to specify the IP address where the agent should forward logs.
sensor_port=[port]	Use [port] to specify the TCP port where the agent should connect.
use_proxy={0|1}	Use this option to specify whether the agent should use WinHTTP proxy settings.
installdir=[directory]	Use [directory] to specify the folder where the agent files should be installed.
reboot=ReallySuppress	Use this option to suppress any reboot prompts, leaving the installation incomplete until the next restart.

Related topics