The Hosts page lists the hosts and appliances in the selected deployment to which you provisioned agents. The Hosts page allows you to ensure your provisioned hosts and appliances always have the latest agent installed, and create both log sources and protected hosts.
Hosts appear on the table, sorted by host name. To narrow the list of hosts, you can use the search field to search for a specific host name or tag, or you can use the filters to list hosts with the following characteristics:
- OS Type
- Host Status
- Host Type
- Host (Auto Scaling)
The host status indicates if a host is online or offline. If a host is offline, you cannot add it as a log source or a protected host.
An updates policy schedules hosts to update to the latest version of the agent software at the agent's specified check-in. By default, Alert Logic assigns the Default Update Policy, which sends software updates, as they become available, to your hosts. If the maintenance strategy for your organization requires a scheduled maintenance window, you can specify the time frame in Updates.
Updating detection or policy configurations affects all interconnected configurations.
To edit an updates policy for a host:
- In the Actions column, click the pencil icon ().
- In the Host Name field, enter a descriptive name.
- Select or create an updates policy as follows:
To select an existing updates policy
To create a new updates policy
- Keep the default selection: Use existing Updates.
- Under Choose an Updates Policy, select an existing updates policy.
- Select Create new Updates.
- In the Name field, type a descriptive name.
- Under Updates Frequency, select one of the following:
- If prompted, specify your scan options.
Use 24-hour format to schedule updates.
- In the Tags field, type a tag to use in filters. Press the Enter key to save each tag.
- Click Save.
Add log sources and protected hosts
From the Hosts page, you can add any online host as a log source from which Alert Logic collects log messages, or as a protected host.
Add a host as a protected host
When you create a protected host, you assign an assignment policy and a protected host policy to the appliance. Policies dictate how Network IDS interacts with its environment.
An assignment policy is a set of rules that indicates the traffic that appliances should either accept or ignore. An assignment policy directs protected hosts to encrypt traffic and send traffic to specific appliances. In a dynamic environment where IP addresses often change, an assignment policy ensures that hosts always correspond to their appliances.
To create a protected host:
- On the left navigation menu of the selected deployment, click Hosts.
- Click the Add () icon for the host you want to add as a protected host.
- In the New Protected Host slideout panel, provide the appropriate values. Use the table below for guidance.
- Click SAVE.
|Source Name||Name of this source. It will show on the display list and other areas of this product.||Server-tmdocs||Always|
|Use an existing Assignment Policy||Select this option to choose a policy from the existing Assignment Policy list.||Not applicable||Always|
|Create a new Assignment Policy||Select this option to open the Create a new Assignment Policy section.||Not applicable||Always|
|Existing Assignment Policy list||Select a policy from this list to assign it to the protected host.||cali-ngtm-01 Assignment||Visible when Use an existing Assignment Policy is selected.|
Create new Assignment Policy mini-form
Visible when you select Create new Assignment Policy
|Appliance Assignment Policy Name||Policy name. This name will be added to the Existing Assignment Policy list.||cali-ngtm-01 Assignment||Visible when Create a new Assignment Policy is selected.|
|An appliance on your network.||i-27273bcb||Visible when Create a new Assignment Policy is selected.|
|Restrict Network||Select this option if you want to include a netmask.||Not applicable||Visible when Create a new Assignment Policy is selected.|
|Netmask||One CIDR address.||10.0.0.0/16; partial address specifications are not acceptable.||Visible when Create a new Assignment Policy is selected.|
|Use existing Whitelist Policies||Select this option to choose a policy from the Existing Whitelist Policy list.||Not applicable||Visible when Create a new Assignment Policy is selected.|
|Create a new Whitelist Policy||Select this option to open the Create a new Whitelist Policy section.||Not applicable||Visible when Create a new Assignment Policy is selected.|
|Existing Whitelist Policy list||Select a policy from this list to assign it to the protected host.||SF01183529 Pentest||Visible when Create a new Assignment Policy and Use existing Whitelist Policies is selected.|
Create new Whitelist Policy mini-form
Visible when you select Create new Assignment Policy and Create a new Whitelist Policy
|Name||Policy name. This name will be added to the Existing Whitelist Policy list.||SF01183529 Pentest||Visible when you select Create new Assignment Policy and Create a new Whitelist Policy.|
|Enabled||Select this option to activate the policy.||Not applicable||Visible when you select Create new Assignment Policy and Create a new Whitelist Policy.|
|Rules||Click to add rules to the Whitelist Policy. This includes Protocol, CIDR, and Port.||Not applicable||Visible when you select Create new Assignment Policy and Create a new Whitelist Policy.|
|Protocol||Select the internet protocol for the current rule.||tcp||Visible when you select Create new Assignment Policy and Create a new Whitelist Policy.|
|CIDR||Type the Classless Inter-Domain Routing address for the current rule.||10.0.0.0/16||Visible when you select Create new Assignment Policy and Create a new Whitelist Policy.|
|Port||Type the port for the current rule.||22||Visible when you select Create new Assignment Policy and Create a new Whitelist Policy.|
|Use existing Host Policies||Select this option to choose a policy from the Existing Host Policy list.||Not applicable||Always|
|Create new Host Policy||Select this option to open the Create a new Host Policy section.||Not applicable||Always|
|Existing Host Policy list||Select a policy from this list to assign it to the protected host.||Default-test||Visible when Use existing Host Policies is selected.|
Create new Host Policy mini-form
Visible when you select Create new Host Policy
|Name||Policy name. This name will be added to the Existing Host Policy list.||Default-test||Visible when you select Create new Host Policy.|
|Encrypt||Select this option to encrypt traffic from the agent to the appliance.||Not applicable||Visible when you select Create new Host Policy.|
|Tags||A tag is a customer defined identifier that can be assigned to one or more sources. A customer can use tags to organize or search for specific types of sources.||High usage||Always|
Add a host as a log source
If you want to collect log messages from a host, you must add it as a log source and configure a log collection policy. When you configure a log source, you instruct the agent to collect logs based on the definitions within the policy.
Many log sources can belong to a given host or role; each log message originates from exactly one log source.
Available log source types are:
For all deployments:
- Flat file logs—A collection of text-based files from the host file system
- Syslog—A way for network devices to send event messages to a logging server
- Windows event logs—A Windows log file that tracks significant events, like user logins or program errors, on a Windows server
For AWS deployments:
- AWS CloudTrail logs—Log files that record AWS API calls for your account
- AWS S3 logs—Access log records that provide details about a single access request, such as the requester, bucket name, request time, request action, response status, and any error codes
For Azure deployments:
- Azure Activity logs—Logs that provide insight into the operations performed on resources in your subscription
- Azure App Service web server logs—Logs that provide detailed error information for HTTP failure status codes, failed requests, or HTTP transactions using the W3C extended log file format
- Azure SQL auditing logs—Logs that provide information on database events
You can also mass edit hosts, archive hosts, or export a list of hosts. To access these options, click the gear icon ().
Mass edit provides the option to edit updates policies, edit tags, and archive multiple hosts at once.
To mass edit hosts:
- Click the gear icon () in the top right corner of the page.
- Select Mass Edit.
- Under Apply changes to, select from:
- All Hosts
- Only Filtered Hosts
- Under Tags, select a tag option, and then in the Tags field, enter the applicable tag(s).
- Under Archive Hosts, select an option.
- Click Apply.
Archive a host to visibly remove the entry from the Alert Logic console. After you archive it, you can bring it back with the unarchive feature.
To archive a host:
- Find the desired host in the Hosts list.
- Click the archive icon ().
- Click ARCHIVE.
To restore an archived host:
- Above the Hosts list, click the Show Archive slider.
- In the Hosts list, find host you want to restore, and then click the archive icon ().
- Click UNARCHIVE.
You can export your hosts to a file you can save locally.
To export hosts:
- Click the gear icon () in the top right corner of the page.
- Select Export.
- Under Export, select to export one of the following:
- All Hosts
- Only Filtered Hosts
- Select a file format from the following list of formats:
- Click EXPORT.