Install the Alert Logic Agent Container

You can deploy the Alert Logic Agent Container on the following container platforms:

Amazon Web Services (AWS)

  • Amazon Elastic Container Service for Kubernetes (Amazon EKS)
  • Amazon Elastic Container Service (Amazon ECS)
  • Amazon ECS running AWS Fargate
  • AWS Elastic Beanstalk for Multicontainer Docker Environments
  • CoreOS deployed on AWS EC2 instances
  • Docker
  • Kubernetes deployed on AWS EC2 instances

Microsoft Azure

  • Azure Kubernetes Service (AKS)
  • CoreOS on Azure
  • Docker
  • Kubernetes ACS-Engine

Google Cloud Platform

  • Google Kubernetes Engine (GKE)

Data Center

  • CoreOS
  • Docker
  • Kubernetes

Runtime Engines

  • Containerd
  • CRI-O
  • Docker

Prerequisites

Before you can deploy the Alert Logic Agent Container, you must deploy and configure your Network IDS appliance.

Minimum requirements

  • 0.25 CPU (up to 3 CPUs)
  • 100 MB memory (initial allocation), up to 500 MB cap

The environment must allow the al-agent-container to run in privileged mode.

The environment must allow the mounting of docker.sock, containerd.sock, or crio.sock through the volume mounting capability in the container engine.

To view requirements for AWS Fargate, see Deploy the Alert Logic Agent Container for Amazon ECS on AWS Fargate.

Deploy the Alert Logic Agent Container

Alert Logic hosts the readme files and the agent for each supported container platform on the public Alert Logic GitHub page.

Alert Logic support for AWS Fargate

Security support for the AWS Fargate environment differs because Fargate is a shared environment that hosts multiple customers. To learn more about AWS Fargate support, see Deploy the Alert Logic Agent Container for Amazon ECS on AWS Fargate.

Alert Logic support for Istio

The Alert Logic Agent Container includes an Istio detector to inspect the traffic between your containers. To learn more about Istio support, see Istio Support for Containers.

Container Agent vs. Universal Agent

The Flat File log collection, File Integrity Monitoring (FIM), and agent-based scanning features of the Alert Logic Agent are not currently container-aware. You cannot use these features if they are started inside a container (unless relevant file system paths are exposed to the Alert Logic Agent Container). To use these features, it is recommended to install the Alert Logic Agent for Linux on the base host instead. For all other use cases, use the Alert Logic Agent Container.