Install the Remote Collector for Windows

About remote collectors

A remote collector collects, compresses, and encrypts log data from the configured remote machines to send directly to Alert Logic.

Remote collectors only support syslog collection.

A remote collector is useful because:

  • A remote collector can be installed on a Windows machine or a Linux machine.
  • A remote collector can be upgraded remotely.
  • A remote collector does not require a virtual VMware instance, unlike a virtual appliance.
  • Hosts without an agent can send syslog data to Alert Logic via a remote collector.
  • Log status is reported directly to Alert Logic.

Data Center deployments only

For Data Center deployments, you must locate and copy your Unique Registration Key, which you need to install the remote collector.

Alert Logic uses the Unique Registration Key to assign the agent to your Alert Logic account.

To access your Unique Registration Key:

  1. Open the relevant data center deployment.
  2. Under Configuration Overview, click Installation Instructions.
  3. Copy your Unique Registration Key.

You can install the Alert Logic universal agent and syslog remote collector on the same host. This will allow the syslog remote collector to collect forwarded logs, while the universal agent collects local logs and network traffic for Network IDS and audit purposes. This setup ensures that the syslog remote collector host is protected the same way as all your other assets in a deployment.

After you install the syslog remote collector, you must adjust Windows Firewall settings to allow incoming connections on the port specified in the default syslog remote collector policy (or a custom syslog policy attached to the remote collector). Alert Logic recommends restricting these policies to allow connections only from specific hosts or private networks.

Download a remote collector

To download the remote collector, click a link in the table:

Format Link
MSI Latest syslog remote collector (.msi)
ZIP Latest syslog remote collector (.zip)

Install a remote collector

Install via the GUI

  1. Copy the MSI package to the target machine.
  2. Run the MSI package.

  1. In the AL Syslog Setup graphical user interface, paste your unique registration key in the Provisioning API Key field.
  2. Click Install.

Install via the command prompt

To install remote collector:

  1. Copy the MSI package to the target machine.
  2. Run MsiExec.exe, a Windows MSI package installer, with the following command-line parameter: /i [path]al_log_syslog-[version]-[type].msi
  3. (Optional) Run the installer with the following optional command-prompt parameters:
Optional modes Description
/quiet or /q[level]

This mode configures different levels of user interaction. You can use the following values to determine the desired [level].

  • f offers user interface access, which shows all dialog. This value is the default when /q is omitted.
  • r offer reduced user interface access, which does not show any dialog requiring user input, other than error popups. Normally, this mode shows the progress status only.
  • b for basic UI mode, which shows error popups and a simple progress bar only
  • n (equivalent to /q or /quiet), does not show any user interface.
/log [log file] or, for a verbose log, /l*vx [log file] This mode troubleshoots installation failures. [log file] is the path, created by the installer, to the log file.
SENSOR_HOST=[host] [host] is the IP address where the remote collector should forward logs.
SENSOR_PORT=[port] [port] is the TCP port where the remote collector should connect.
USE_PROXY={0|1} This mode specifies whether the remote collector should use WinHTTP proxy settings
PROV_KEY=[key] This command is required in provisioning only mode. [key] is your Unique Registration Key.
INSTALLDIR=[directory] [directory] is the folder where remote collector files should be installed.
REBOOT=ReallySuppress This mode suppresses any reboot prompts, which leaves the installation incomplete until the next restart.

MsiExec.exe /i al_log_syslog-3.0.0.0-0-host.msi /log al_log_syslog_install.log /quiet PROV_KEY=da39a3ee5e6b4b0d3255bfef95601890afd80709