The main use for an Alert Logic virtual appliance is for remote syslog log collection in on-premises deployments.
If you have experience with VMWare management tools and virtual machine installation, you can install a virtual appliance into your environment to collect data from remote syslog sources.
The instructions below are not a complete guide to configure vSphere or virtual data centers. VMWare offers more information regarding vSphere.
Locate the Unique Registration Key
You must locate the Unique Registration Key from the Configuration page. Copy your unique registration key. You will need to enter this key to install the agent.
To access your Unique Registration Key:
- In the Alert Logic console, click Deployments, and then select an existing deployment.
- On the side navigation, click Installation Instructions, and then copy the network Unique Registration Key you are configuring for the virtual appliance.
Alert Logic uses the Unique Registration Key to assign the agent to your Alert Logic account.
Before you download the virtual appliance, review the virtual appliance requirements.
To download the virtual appliance, click the link in the table:
|threat-virtual-appliance_1.9.ova||https://scc.alertlogic.net/software/threat-virtual-appliance_LATEST.ova||2017-07-13 13:24, 938.14MB||b5734be9bed1822283703fa86ee33a2f|
The appliance is configured with a 40 GB virtual drive.
To install a virtual appliance with vSphere:
- Save the virtual appliance image to your target machine.
- Import the file into vSphere.
- Power on the virtual machine.
- Configure your IP address. To manually assign an address, log into a serial console with the following credentials: setup/7739521
- In your browser, type: http://<YourVirtualApplianceIPAddress>.
- In Unique Registration ID, paste your unique registration key.
- Click Start Claim Process. A screen informing you your appliance is provisioning appears. For status details, click Go To Detailed Status .
- Configure all remote syslog sources to send logs to the virtual appliance address on TCP/UDP port 514.
To learn more about collecting syslog data from your sources, see How to collect syslog for an appliance without the agent.