Log Management Policies
Alert Logic allows you to create four types of Log Management policies. These policies dictate how Alert Logic collects log messages, and allows you to reuse this common configuration for several log sources of the same type.
- Flat File policy: Allows you to collect flat file messages. This is a common log message format for web servers and other server software. For more information about Flat File policies, see Log Management Flat File Policy.
- Syslog policy: Allows you to collect syslog messages, which are a way for network devices to send event messages to a logging server – usually known as a syslog server. For more information about Syslog policies, see Log Management Syslog Policies.
- Windows event log policy: Allows you to collect event log files that track significant events on a Windows server, such as user logins or program errors. For more information about Windows event log policies, see Log Management Windows Event Log Policies.
- S3 policy: Sets guidelines for collecting Amazon Simple Storage Service (S3) access logs, which provide details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code. For more information about S3 policies, see Log Management S3 Policies.
Alert Logic automatically assigns either a Windows event log or syslog source to each host in your environment. To edit a default collection source, you must create a new Windows event log or syslog policy. To collect Flat File or S3 log messages, you must create a new collection policy, and then create the corresponding collection source.
To access the Log Management policies page, click CONFIGURATION, click Log Management, and then click Policies in the left navigation panel.