Log Sources

Alert Logic updated the appearance of the Alert Logic console, though all functionality remains. If you chose to use the beta navigation, note that the documentation below describes the current Alert Logic console. For more information about the new navigation, see Dashboard Navigation Menu.

A log source is a software or hardware component that produces log data. Multiple types of sources exist, and multiple methods exist to retrieve log data from the sources. The Alert Logic console allows you to create, edit, and update log sources, archive or restore old sources, and perform other tasks.

Supported log sources

Alert Logic supports log source types for all deployments, including Data Center, Amazon Web Services (AWS), and Microsoft Azure. For more information about creating, editing, and updating log sources for a specific deployment, see:

To access the Log Sources page:

  1. In the Alert Logic console, click CONFIGURATION, and then click Deployments.
  2. Click the deployment for which you want to configure log sources.
  3. On the bottom left of the screen, click CONFIGURE LOG SOURCES.

View log source information

Click any log source to view a slideout panel that contains the following details about the log source:

  • Details :This tab displays all information about the collection source, including the account number, the public host name, when it was created or modified, and the host ID.
  • The Status field lists any current errors.

  • Metadata History: This tab displays only the metadata history for the collection source.
  • Status History: This tab displays only the status history, including the current status of the collection source.
  • Stats: This tab displays only the statistics of the most recent log messages received, including the date, size, count for the hour, day, and month.

Mass edit sources

The Mass Edit feature allows you to edit policies and tags for all sources, filtered sources, or sources you specify. The feature also includes mass archive options.

The mass edit and mass archive/delete features have a maximum number of entries that they can handle. If you have an issue using the feature on a large number of entries, use the Alert Logic API instead.

To mass edit log sources:

  1. On the Log Sources page, click the gear icon ().
  2. Select Mass Edit.
  3. In Apply changes to, select:
    • All Sources to mass edit all sources
    • Only Filtered Sources to mass edit only filtered sources
    • Only Selected Sources to mass edit only selected sources
  4. From Collection Policy, select the collection policy to use.
  5. From Replace Collection Alerts, select an alert to apply to the selected sources.
    This action overrides the current alerts that correspond to the selected sources. If you leave this option blank, current alerts will not change.
  6. Select Enable Collection.
  7. In Tags, select a tag option from the drop-down menu. Below, type a tag to follow the rule selected in the drop-down menu.
  8. In Archive Sources, select an option from the drop-down menu.
  9. Click SAVE.

Archive and restore log sources

Archive a collection source to remove the log source entry from the Log Sources page, and make it available for use at a later time.

To archive a collection source:

  1. From the Deployments page, click the deployment for which you want to archive log sources.
  2. Click CONFIGURE LOG SOURCES.
  3. Place your cursor over the desired collection source and click the Archive icon ().
  4. Click ARCHIVE.
You cannot archive a log source that stops log collection.

To restore an archived log source:

  1. From the Deployments page, click the deployment to which you want to restore an archived log source.
  2. Click CONFIGURE LOG SOURCES.
  3. Above the log source table, select Show Archive.
  4. Place your cursor over the desired collection source and click the Archive icon ().
  5. Click RESTORE.