The Hosts page lists the hosts and appliances in the selected deployment to which you provisioned agents. The Hosts page allows you to ensure your provisioned hosts and appliances always have the latest agent installed, and create both log sources and protected hosts.

Hosts appear on the table, sorted by host name. To narrow the list of hosts, you can use the search field to search for a specific host name or tag, or you can use the filters to list hosts with the following characteristics:

  • OS Type
    • Windows
    • UNIX
  • Host Status
    • Online
    • Offline
  • Host Type
    • Host
    • Host (Auto Scaling)
    • Appliance
  • Tags

The host status indicates if a host is online or offline. If a host is offline, you cannot add it as a log source or a protected host.

Edit an updates policy for a host

An updates policy schedules hosts to update to the latest version of the agent software at the agent's specified check-in. By default, Alert Logic assigns the Default Update Policy, which sends software updates, as they become available, to your hosts. If the maintenance strategy for your organization requires a scheduled maintenance window, you can specify the time frame in Updates.

Updating detection or policy configurations affects all interconnected configurations.

To edit an updates policy for a host:

  1. In the Actions column, click the pencil icon ().
  2. In the Host Name field, enter a descriptive name.
  3. Select or create an updates policy as follows:
  4. In the Tags field, type a tag to use in filters. Press the Enter key to save each tag.
  5. Click Save.

Add log sources and protected hosts

From the Hosts page, you can add any online host as a log source from which Alert Logic collects log messages, or as a protected host.

Add a host as a protected host

When you create a protected host, you assign an assignment policy and a protected host policy to the appliance. Policies dictate how Network IDS interacts with its environment.

An assignment policy is a set of rules that indicates the traffic that appliances should either accept or ignore. An assignment policy directs protected hosts to encrypt traffic and send traffic to specific appliances. In a dynamic environment where IP addresses often change, an assignment policy ensures that hosts always correspond to their appliances.

To create a protected host:

  1. On the left navigation menu of the selected deployment, click Hosts.
  2. Click the Add () icon for the host you want to add as a protected host.
  3. In the New Protected Host slideout panel, provide the appropriate values.
  4. Click SAVE.

Add a host as a log source

If you want to collect log messages from a host, you must add it as a log source and configure a log collection policy. When you configure a log source, you instruct the agent to collect logs based on the definitions within the policy.

Many log sources can belong to a given host or role; each log message originates from exactly one log source.

Available log source types are:

For all deployments:

  • Flat file logs—A collection of text-based files from the host file system
  • Syslog—A way for network devices to send event messages to a logging server
  • Windows event logs—A Windows log file that tracks significant events, like user logins or program errors, on a Windows server

For AWS deployments:

  • AWS CloudTrail logs—Log files that record AWS API calls for your account
  • AWS S3 logs—Access log records that provide details about a single access request, such as the requester, bucket name, request time, request action, response status, and any error codes

For Azure deployments:

  • Azure Activity logs—Logs that provide insight into the operations performed on resources in your subscription
  • Azure App Service web server logs—Logs that provide detailed error information for HTTP failure status codes, failed requests, or HTTP transactions using the W3C extended log file format

Additional options

You can also mass edit hosts, archive hosts, or export a list of hosts. To access these options, click the gear icon ().

Mass edit hosts

Mass edit provides the option to edit updates policies, edit tags, and archive multiple hosts at once.

The mass edit and mass archive/delete features have a maximum number of entries that they can handle. If you have an issue using the feature on a large number of entries, use the Alert Logic API instead.

To mass edit hosts:

  1. Click the gear icon () in the top right corner of the page.
  2. Select Mass Edit.
  3. Under Apply changes to, select from:
    • All Hosts
    • Only Filtered Hosts
  4. Under Tags, select a tag option, and then in the Tags field, enter the applicable tag(s).
  5. Under Archive Hosts, select an option.
  6. Click Apply.

Archive or unarchive a host

Archive a host to visibly remove the entry from the Alert Logic console. After you archive it, you can bring it back with the unarchive feature.

To archive a host:

  1. Find the desired host in the Hosts list.
  2. Click the archive icon ().
  3. Click ARCHIVE.

To restore an archived host:

  1. Above the Hosts list, click the Show Archive slider.
  2. In the Hosts list, find host you want to restore, and then click the archive icon ().
  3. Click UNARCHIVE.

Export hosts

You can export your hosts to a file you can save locally.

To export hosts:

  1. Click the gear icon () in the top right corner of the page.
  2. Select Export.
  3. Under Export, select to export one of the following:
    • All Hosts
    • Only Filtered Hosts
  4. Select a file format from the following list of formats:
    • CSV
    • TXT
    • XLS
    • XLSX
  5. Click EXPORT.