Install the Remote Collector for Linux

Before you begin:

  • Review the System requirements for the remote collector.
  • Remote collectors only support syslog collection.
  • You can select either Debian-based agent installers or RPM-based installers. Both installers are available in a 32-bit or 64-bit format.

About remote collectors

A remote collector collects, compresses, and encrypts log data from the configured remote machines to send directly to Alert Logic.

A remote collector can collect syslog data.

A remote collector is useful because:

  • A remote collector can be installed on a Windows machine or a Linux machine.
  • A remote collector can be upgraded remotely.
  • A remote collector does not require a virtual VMware instance, unlike a virtual appliance.
  • Hosts without an agent can send syslog data to Alert Logic via a remote collector.
  • Log status is reported directly to Alert Logic.

Data Center deployments only

For Data Center deployments, you must locate and copy your Unique Registration Key, which you need to install the remote collector.

Alert Logic uses the Unique Registration Key to assign the agent to your Alert Logic account.

To access your Unique Registration Key:

  1. In the Alert Logic console, click the Settings icon (), and then select Support Information.
  2. Copy your Unique Registration Key.

Download a remote collector

To download the agent, select the link of the desired agent installers:

Agent Installer Processor Version Link More Information MD5
Debian 32-bit 2.9.4 al-log-syslog_2.9.4_i386.deb 2018-12-14 18:17, 2.91MB b5ec77cabddb26fc9e0582a2f645c954
Debian 64-bit 2.9.4 al-log-syslog_2.9.4_amd64.deb 2018-12-14 18:17, 3.47MB e8b4ab45f2b05c0bef24eb3d9990a96d
RPM 32-bit 2.9.4 al-log-syslog-2.9.4-1.i386.rpm 2018-12-14 18:17, 2.92MB c1384f366195a23a3ffc05e836c6a000
RPM 64-bit 2.9.4 al-log-syslog-2.9.4-1.x86_64.rpm 2018-12-14 18:17, 3.47MB 33158fc23fde2a06da07c1f2e8b94715

Install the remote collector

Install for RPM-based distributions

To install a remote collector:

  1. Download the RPM package to the target machine.
  2. Run the following commands and replace <version> and <UNIQUEREGISTRATIONKEY> with the desired version and your Unique Registration Key, respectively.
    • rpm -U al-log-syslog-<version>*.rpm
    • /etc/init.d/al-log-syslog provision --key <UNIQUEREGISTRATIONKEY>
    • /etc/init.d/al-log-syslog start
  3. Direct all syslogs to the remote collector on inbound port 1514.
  4. If you use an rsyslog daemon, add the following line to rsyslog.conf:
    *.* @@yourIPaddress:1514;RSYSLOG_FileFormat

This configuration will direct your local syslog to the remote collector on TCP port 1514.

  1. If you use a syslog-ng daemon, add the following lines to syslog-ng.conf
    • destination
    • d_alertlogic {tcp("yourIPaddress" port(1514));};
    • log { source(s_src); yourIPaddress(d_alertlogic); };

This configuration will direct your local syslog to the remote collector on TCP port 1514.

Install for Debian-based distributions

To install a remote collector:

  1. Download the Debian package to the target machine.
  2. Run the following commands and replace <version> and <UNIQUEREGISTRATIONKEY> with the desired version and your Unique Registration Key, respectively.
    • dpkg -i al-log-syslog-<version>*.deb
    • /etc/init.d/al-log-syslog provision --key <UNIQUEREGISTRATIONKEY>
    • /etc/init.d/al-log-syslog start
  3. If you use an rsyslog daemon, add the following line to rsyslog.conf to configure your syslog device to forward logs to port 1514: *.* @@yourIPaddress:1514;RSYSLOG_FileFormat
  4. If you use a syslog-ng daemon, add the following lines to syslog-ng.conf:
    • destination d_alertlogic {tcp("yourIPaddress" port(1514));};
    • log { source(s_src); yourIPaddress(d_alertlogic); };

This configuration will direct your local syslog to the remote collector on TCP port 1514.