Install the Alert Logic virtual appliance

The main use for an Alert Logic virtual appliance is for remote syslog log collection in on-premises deployments.

If you have experience with VMWare management tools and virtual machine installation, you can install a virtual appliance into your environment to collect data from remote syslog sources.

The instructions below are not a complete guide to configure vSphere or virtual data centers. VMWare offers more information regarding vSphere.

Locate the Unique Registration Key

You must locate the Unique Registration Key from the Configuration page. Copy your unique registration key. You will need to enter this key to install the agent.

To access your Unique Registration Key:

  1. In the Alert Logic console, click Deployments, and then select an existing deployment.
  2. On the side navigation, click Installation Instructions, and then copy the network Unique Registration Key you are configuring for the virtual appliance.

Alert Logic uses the Unique Registration Key to assign the agent to your Alert Logic account.

Download the virtual appliance

Before you download the virtual appliance, review the virtual appliance requirements.

To download the virtual appliance, click the link in the table:

Version Link More Information MD5
threat-virtual-appliance_1.9.ova https://scc.alertlogic.net/software/threat-virtual-appliance_LATEST.ova 2017-07-13 13:24, 938.14MB b5734be9bed1822283703fa86ee33a2f

Install the virtual appliance

The appliance is configured with a 40 GB virtual drive.

To install a virtual appliance with vSphere:

  1. Save the virtual appliance image to your target machine.
  2. Import the file into vSphere.
  3. Power on the virtual machine.
  4. Configure your IP address. To manually assign an address, log into a serial console with the following credentials: setup/7739521
  5. In your browser, type: http://<YourVirtualApplianceIPAddress>.
  6. In Unique Registration ID, paste your unique registration key.
  7. Click Start Claim Process. A screen informing you your appliance is provisioning appears. For status details, click Go To Detailed Status .
  8. Configure all remote syslog sources to send logs to the virtual appliance address on TCP/UDP port 514.
Use of a remote collector is allowed as an alternate method of syslog collection. See Install the remote collector in Windows or Install the remote collector for Linux for more information.

To learn more about collecting syslog data from your sources, see How to collect syslog for an appliance without the agent.

Related topics