Alma Linux Update for AWS Legacy Customers

CentOS has announced the end of life for their version 6 and 8 operating systems. This means CentOS will no longer provide security patches, vulnerabilities, or bug fixes for these operating systems. As a result, Alert Logic is helping customers update all Alert Logic appliances running on out-of-date operating systems.

Update your appliance to Alma Linux using the documentation below.

As we transition all customers to Alma Linux, Alert Logic will continue to maintain necessary security updates for virtual CentOS versions 6 and 8 for a limited period, to ensure all customers remain secure. This support is valid until the following dates depending on the appliance type:

  • Virtual IDS to January 31, 2023
  • Virtual Log Manager to June 30, 2023

How to update for legacy customers with automatic AWS deployments

You must install and claim a new appliance, ensure that agents are configured to connect to the new appliance, and then terminate the old appliance.

  1. You must install a new appliance for every appliance you have in each VPC. Use the newest Alertlogic TMC package shared with your account (example: P16 or higher) AMI that is already shared with your account.

    It can take up to 60 minutes for the appliance to claim.

  2. You can find the P16 (or above) AMI in the AWS EC2 console, under My AMIs, and then click Shared with me. If you do not see the P16 (or above) AMI, contact Alert LogicTechnical Support and request that the AMI is shared to your AWS account. To claim a new appliance, refer to Claim your appliance for Amazon Web Services Direct (Linux).

  3. After the new appliance(s) are installed and claimed, verify that the appliance has been added to its VPC assignment policy:

    1. In the Alert Logic console, click CONFIGURATION, and then click Network IDS.
    2. In the left navigation area, click Policies.
    3. Click Assignment.
    4. Click the assignment policy associated with the VPC.
    5. Under Appliances, check that the instance ID of the new appliance is listed.
  4. After the assignment policy has the new appliance, you can terminate the old appliance and remove it from the assignment policy. The agents will automatically shift over to the new appliance(s). To learn how to manage assignment policies, see the Delete an assignment policy section.

  5. After the old appliance is terminated, verify the agent is sending data to the new appliance. To verify in the Alert Logic console:

    1. Click the Configuration tab.
    2. Click All Deployments.
    3. Click Networks and Protected Hosts, and then click the Protected Hosts tab.
    4. Click on the agent to see more details.

    Statistics are updated every 15 minutes in the Alert Logic console.

  6. After you have confirmed the new appliance is running, the assignment policy has the new appliance and the old appliance is terminated, submit a ticket to Alert Logic Technical Support with the ID of the old appliance for them to decommission.

How to update for legacy customers with manual AWS deployments

For IDS appliances, you must install and claim a new appliance, ensure that agents are configured to connect to the new appliance, and then terminate the old appliance.

  1. Install a new appliance for every appliance you have in each VPC. If you have an IDS appliance, use this IDS CloudFormation template. If you have a Scan appliance, use this scan CloudFormation template. If you have both IDS and Scan appliances, use both CloudFormation templates.

    It can take up to 60 minutes for the appliance to claim.

  2. If you get an AMI related error when using the CloudFormation template, contact Alert Logic Technical Support and request that Alert Logic share the AMI to your AWS account.

  3. After you install and claim the new appliance(s), verify that the appliance has been added to its VPC assignment policy:

    1. In the Alert Logic console, click CONFIGURATION, and then click Network IDS.
    2. In the left navigation area, click Policies.
    3. Click Assignment.
    4. Click the assignment policy associated with the VPC.
    5. Under Appliances, check that the instance ID of the new appliance is listed.
  4. After the assignment policy has the new appliance, terminate the old appliance and remove it from the assignment policy. For instructions on how to do this, see Remove existing IDS and scanning appliances. The agents will automatically shift over to the new appliance(s). To learn how to manage assignment policies, see the Delete an assignment policy section.

Remove existing IDS and scanning appliances

You must terminate the existing IDS and scanning appliances. If you have an previous IDS or scanning appliance that you created with an older CloudFormation template, then you must remove the old CloudFormation template. If you cannot find the old CloudFormation template, then you can remove the components: auto-scaling group (ASG), launch configuration, and security groups (SG).

  1. For more instructions on how to remove an CloudFormation template, see Deleting a stack on the AWS CloudFormation console.
  2. After the old appliance is terminated, verify the agent is sending data to the new appliance. To verify in the Alert Logic console:
    1. Click the Configuration tab.
    2. Click All Deployments.
    3. Click Networks and Protected Hosts, and then click the Protected Hosts tab.
    4. Click the agent to see more details.

      Statistics are updated every 15 minutes in the Alert Logic console.

  3. After you have confirmed the new appliance is running, the assignment policy has the new appliance, and the old appliance is terminated, submit a ticket to Alert Logic Technical Support with the ID of the old appliance for them to decommission.

How to update other products

If you do not have legacy or AWS deployments, refer to the links below for specific instructions depending on your subscription and services: