Install the Alert Logic Agent for Linux

Alert Logic provides an agent that gathers data that Alert Logic must collect for analysis, such as log messages and network traffic, as well as metadata and host identification information. You must download the agent, and then deploy it to each host you want to monitor, or collect log messages. Alert Logic provides agents for Windows and Linux hosts. Refer to the Requirements for the Alert Logic Agent for the minimum system requirements to communicate with the physical appliance.

Download the agent

Linux users can select either Debian-based agent installers or RPM-based installers. Both installers are available in a 32-bit or 64-bit format. To download the Alert Logic agent for Linux, click the agent installer link for the agent you want to install:

Agent Installer Processor Link
Debian 32-bit Latest Linux Agent Installer (32-bit Debian format)
Debian 64-bit Latest Linux Agent Installer (64-bit Debian format)
RPM 32-bit Latest Linux Agent Installer (32-bit RPM format)
RPM 64-bit Latest Linux Agent Installer (64-bit RPM format)

Install the agent

Alert Logic gives you the option to install the agent with image capture. Alert Logic recommends image capture only when you want to install the agent for the purpose of creating a system image to be used by more than one host in the future. The process of installing for image capture installs the agent but does not assign the host an identity. After you download the agent installer, follow the appropriate procedure below.

If you have previously installed an older Linux version of an Alert Logic agent, you must uninstall that version before you install the current agent image.

Install the agent

To install the agent:

  1. Copy package to the target machine.
  2. If you run SELinux, you must first run the following command:
    semanage port -a -t syslogd_port_t -p tcp 1514

    If the semanage command is not present in your system, you can install the policycoreutils-python package to obtain the semanage command. Alert Logic recommends that you consult with your system administrator to verify.

  3. Run one of the following commands, based on your distribution:
    • RPM: rpm -U al-agent-<version>*.rpm
    • Debian: dpkg -i al-agent-<version>*.deb
  4. (Optional) If you have set up a proxy, and you want to specify the proxy as a single point of egress for agents to use, then run the following command: /etc/init.d/al-agent configure --proxy <PROXYIP/PROXYHOST>
    A TCP or HTTP proxy may be used in this configuration.
  5. For Data Center deployments only, run the following command: /etc/init.d/al-agent provision --key <UNIQUEREGISTRATIONKEY>
  6. For image capture on physical machines only, run the following command: /etc/init.d/al-agent start
  7. Do one of the following:
  8. Restart the syslog daemon.
  9. Verify that the agent has registered with the Alert Logic console. To do so, navigate to the deployment the agent is assigned to, click Collectors, and then search for the agent.

Agent registration can take several minutes.

Install the agent with image capture

To install the agent with image capture:

  1. Copy the package to the target machine.
  2. If you run SELinux, you must first run the following command:
    semanage port -a -t syslogd_port_t -p tcp 1514

    If the semanage command is not present in your system, you can install the policycoreutils-python package to obtain the semanage command. Alert Logic recommends that you consult with your system administrator to verify.

  3. Run one of the following commands, based on your distribution:
    • RPM: rpm -U al-agent-<version>*.rpm
    • Debian: dpkg -i al-agent-<version>*.deb
  4. Run the following command: /etc/init.d/al-agent configure --key <UNIQUEREGISTRATIONKEY>
  5. Do one of the following:
  6. Restart the syslog daemon.
  7. Shut down the target machine and save your operating system image.
  8. (Optional) Start an instance of the saved image and verify that the agent has registered with the Alert Logic console.
    If you need to edit your OS image at any point, you must ensure when saving that the Alert Logic agent is *not* registered. You can accomplish this by stopping the agent with:
    /etc/init.d/al-agent stop
    Then, if it is present, remove the files:
    /var/alertlogic/etc/host_crt.pem
    /var/alertlogic/etc/host_key.pem
    prior to shutting down and saving the resulting image.

Agent registration can take several minutes.