Install the Alert Logic Agent for Linux
Alert Logic provides an agent that gathers data that Alert Logic must collect for analysis, such as log messages and network traffic, as well as metadata and host identification information. You must download the agent, and then deploy it to each host you want to monitor, or collect log messages. Alert Logic provides agents for Windows and Linux hosts. For more information, see Requirements for the Alert Logic Agent.
Download the agent
Linux users can select either Debian-based agent installers or RPM-based installers. Both installers are available in a 32-bit or 64-bit format. To download the Alert Logic agent for Linux, click the agent installer link for the agent you want to install:
| Agent Installer | Processor | Link |
|---|---|---|
| Debian | 32-bit | Latest Linux Agent Installer (32-bit Debian format) |
| Debian | 64-bit | Latest Linux Agent Installer (64-bit Debian format) |
| Debian | 64-bit ARM | Latest Linux Agent Installer (64-bit ARM Debian format) |
| RPM | 32-bit | Latest Linux Agent Installer (32-bit RPM format) |
| RPM | 64-bit | Latest Linux Agent Installer (64-bit RPM format) |
| RPM | 64-bit ARM | Latest Linux Agent Installer (64-bit ARM RPM format) |
Install the agent
Alert Logic gives you the option to install the agent with image capture. Alert Logic recommends image capture only when you want to install the agent for the purpose of creating a system image to be used by more than one host in the future. The process of installing for image capture installs the agent but does not assign the host an identity. After you download the agent installer, follow the appropriate procedure below.
Install the agent
To install the agent:
- Copy package to the target machine.
- If you run SELinux, you must first run the following command:
semanage port -a -t syslogd_port_t -p tcp 1514If the semanage command is not present in your system, you can install the policycoreutils-python package to obtain the semanage command. Alert Logic recommends that you consult with your system administrator to verify.
- Run one of the following commands, based on your distribution:
- RPM: rpm -U al-agent-<version>*.rpm
- Debian: dpkg -i al-agent-<version>*.deb
- (Optional) If you have set up a proxy, and you want to specify the proxy as a single point of egress for agents to use, then run the following command: /etc/init.d/al-agent configure --proxy <PROXYIP/PROXYHOST>
A TCP or HTTP proxy may be used in this configuration. - For Data Center deployments only, run the following command: /etc/init.d/al-agent provision --key <UNIQUEREGISTRATIONKEY>
- In the Alert Logic console, open the relevant data center deployment.
- Under Configuration Overview, click Installation Instructions.
- Copy your Unique Registration Key.
- For image capture on physical machines only, run the following command: /etc/init.d/al-agent start
- Do one of the following:
If you use an rsyslog daemon add the following line to rsyslog.conf:
*.* @@127.0.0.1:1514;RSYSLOG_FileFormatThis configuration directs your local syslog to the agent on TCP port 1514.
- If you use a syslog-ng daemon
add the following lines to syslog-ng.conf:
- destination d_alertlogic {tcp("localhost" port(1514));};
- log { source(s_sys); destination(d_alertlogic); };
This configuration directs your local syslog to the agent on TCP port 1514.
- Restart the syslog daemon.
- Verify that the agent has registered with the Alert Logic console.
To access your Unique Registration Key:
Agent registration can take several minutes.
Install the agent with image capture
To install the agent with image capture:
- Copy the package to the target machine.
- If you run SELinux, you must first run the following command:
semanage port -a -t syslogd_port_t -p tcp 1514If the semanage command is not present in your system, you can install the policycoreutils-python package to obtain the semanage command. Alert Logic recommends that you consult with your system administrator to verify.
- Run one of the following commands, based on your distribution:
- RPM: rpm -U al-agent-<version>*.rpm
- Debian: dpkg -i al-agent-<version>*.deb
- For Data Center deployments only, run the following command: /etc/init.d/al-agent configure --key <UNIQUEREGISTRATIONKEY>
- In the Alert Logic console, open the relevant data center deployment.
- Under Configuration Overview, click Installation Instructions.
- Copy your Unique Registration Key.
- Do one of the following:
- If you use an rsyslog daemon
add the following line to rsyslog.conf:
*.* @@127.0.0.1:1514;RSYSLOG_FileFormatThis configuration directs your local syslog to the agent on TCP port 1514.
- If you use a syslog-ng daemon
add the following lines to syslog-ng.conf:
destination d_alertlogic {tcp("localhost" port(1514));};
log { source(s_sys); destination(d_alertlogic); };This configuration directs your local syslog to the agent on TCP port 1514.
- Restart the syslog daemon.
- Shut down the target machine and save your operating system image.
Do not start the agent or reboot the image before capturing the image of your virtual machine.
If you start the agent or reboot the image before capturing the image on your virtual machine, the agent reaches out to the Alert Logic backend to be claimed. Once claimed, the agent host identity is fixed and will be copied to any new instances spun up with this image. To validate that claiming has not occurred (and ensure that you avoid this problem), go to the Alert Logic console and ensure the agent is not present before cloning the image.
- (Optional) Start an instance of the saved image and verify that the agent has registered with the Alert Logic console.
If you need to edit your OS image at any point, you must ensure when saving that the Alert Logic agent is *not* registered. You can accomplish this by stopping the agent with:
/etc/init.d/al-agent stop
Then, if it is present, remove the files:
/var/alertlogic/etc/host_crt.pem
/var/alertlogic/etc/host_key.pem
prior to shutting down and saving the resulting image.
To access your Unique Registration Key:
Agent registration can take several minutes.