Install the Remote Collector for Linux

Before you begin:

  • Review the System requirements for the remote collector.
  • Remote collectors only support syslog collection.
  • You can select either Debian-based agent installers or RPM-based installers. Both installers are available in a 32-bit or 64-bit format.

About remote collectors

A remote collector collects, compresses, and encrypts log data from the configured remote machines to send directly to Alert Logic.

A remote collector can collect syslog data.

A remote collector is useful because:

  • A remote collector can be installed on a Windows machine or a Linux machine.
  • A remote collector can be upgraded remotely.
  • A remote collector does not require a virtual VMware instance, unlike a virtual appliance.
  • Hosts without an agent can send syslog data to Alert Logic via a remote collector.
  • Log status is reported directly to Alert Logic.

Download a remote collector

To download a remote collector:

  1. In the Alert Logic console, click the Settings icon (), and then click Support Information.
  2. From the Details page, click Install Guides & Downloads.
  3. In the left navigation area, click Log Management.
  4. Click Collectors.
  5. Download the appropriate collector and follow the on-screen instructions.
  6. Click the Details tab.
  7. Copy your unique registration key. You will need this later to install the remote collector.

Install the remote collector

Install for RPM-based distributions

To install a remote collector:

  1. Download the RPM package to the target machine.
  2. Run the following commands and replace <version> and <UNIQUEREGISTRATIONKEY> with the desired version and your Unique Registration Key, respectively.
    • rpm -U al-log-syslog-<version>*.rpm
    • /etc/init.d/al-log-syslog provision --key <UNIQUEREGISTRATIONKEY>
    • /etc/init.d/al-log-syslog start
  3. Direct all syslogs to the remote collector on inbound port 1514.
  4. If you use an rsyslog daemon, add the following line to rsyslog.conf:
    *.* @@yourIPaddress:1514;RSYSLOG_FileFormat

This configuration will direct your local syslog to the remote collector on TCP port 1514.

  1. If you use a syslog-ng daemon, add the following lines to syslog-ng.conf
    • destination
    • d_alertlogic {tcp("yourIPaddress" port(1514));};
    • log { source(s_src); yourIPaddress(d_alertlogic); };

This configuration will direct your local syslog to the remote collector on TCP port 1514.

Install for Debian-based distributions

To install a remote collector:

  1. Download the Debian package to the target machine.
  2. Run the following commands and replace <version> and <UNIQUEREGISTRATIONKEY> with the desired version and your Unique Registration Key, respectively.
    • dpkg -i al-log-syslog-<version>*.deb
    • /etc/init.d/al-log-syslog provision --key <UNIQUEREGISTRATIONKEY>
    • /etc/init.d/al-log-syslog start
  3. If you use an rsyslog daemon, add the following line to rsyslog.conf to configure your syslog device to forward logs to port 1514: *.* @@yourIPaddress:1514;RSYSLOG_FileFormat
  4. If you use a syslog-ng daemon, add the following lines to syslog-ng.conf:
    • destination d_alertlogic {tcp("yourIPaddress" port(1514));};
    • log { source(s_src); yourIPaddress(d_alertlogic); };

This configuration will direct your local syslog to the remote collector on TCP port 1514.