Install the remote collector for Windows

Before you begin, review the System requirements for the remote collector requirements.

Remote collectors only support syslog collection.

About remote collectors

A remote collector collects, compresses, and encrypts log data from the configured remote machines to send directly to Alert Logic.

A remote collector is useful because:

  • A remote collector can be installed on a Windows machine or a Linux machine.
  • A remote collector can be upgraded remotely.
  • A remote collector does not require a virtual VMware instance, unlike a virtual appliance.
  • Hosts without an agent can send syslog data to Alert Logic via a remote collector.
  • Log status is reported directly to Alert Logic.

Download a remote collector

To download a remote collector:

  1. In the Alert Logic console, click the Settings icon (), and then click Support Information.
  2. From the Details page, click Install Guides & Downloads.
  3. In the left navigation area, click Log Management.
  4. Click Collectors.
  5. Download the appropriate collector and follow the on-screen instructions.
  6. Click the Details tab.
  7. Copy your unique registration key. You will need this later to install the remote collector.

Install a remote collector

Install via the GUI

  1. Copy the MSI package to the target machine.
  2. Run the MSI package.

  1. In the AL Syslog Setup graphical user interface, paste your unique registration key in the Provisioning API Key field
  2. Click Install.

Install via the command prompt

To install remote collector:

  1. Copy the MSI package to the target machine.
  2. Run MsiExec.exe, a Windows MSI package installer, with the following command-line parameter: /i [path]al_log_syslog-[version]-[type].msi
  3. (Optional) Run the installer with the following optional command-prompt parameters:
Optional modes Description
/quiet or /q[level]

This mode configures different levels of user interaction. You can use the following values to determine the desired [level].

  • f offers user interface access, which shows all dialog. This value is the default when /q is omitted.
  • r offer reduced user interface access, which does not show any dialog requiring user input, other than error popups. Normally, this mode shows the progress status only.
  • b for basic UI mode, which shows error popups and a simple progress bar only
  • n (equivalent to /q or /quiet), does not show any user interface.
/log [log file] or, for a verbose log, /l*vx [log file] This mode troubleshoots installation failures. [log file] is the path, created by the installer, to the log file.
SENSOR_HOST=[host] [host] is the IP address where the remote collector should forward logs.
SENSOR_PORT=[port] [port] is the TCP port where the remote collector should connect.
USE_PROXY={0|1} This mode specifies whether the remote collector should use WinHTTP proxy settings
PROV_KEY=[key] This command is required in provisioning only mode. [key] is your Unique Registration Key.
INSTALLDIR=[directory] [directory] is the folder where remote collector files should be installed.
REBOOT=ReallySuppress This mode suppresses any reboot prompts, which leaves the installation incomplete until the next restart.

MsiExec.exe /i al_log_syslog-3.0.0.0-0-host.msi /log al_log_syslog_install.log /quiet PROV_KEY=da39a3ee5e6b4b0d3255bfef95601890afd80709