Customers with the Alert Logic® log management service can view the status of their log sources in the Alert Logic console. This article describes how to access the status of your log sources, what each status means, and actions that can be taken to resolve certain statuses.
Accessing Log Source Statuses
Alert Logic Cloud Defender or Log Manager customers, use the following procedure to access the log source statuses in the Alert Logic console:
- Click Configuration.
- Click Deployments in the sub-menu section.
- Click the deployment that you want to work in.
- Click Log Sources from the side bar.
- Find the log source that you are interested in. You can quickly view its status in the Current Status column of the table. You can view additional details by clicking on the log source - a panel will appear on the right side of the screen.
Alert Logic Essentials, Professional, or Enterprise customers, use the following procedure to access the log source statuses in the Alert Logic console:
- Open the navigation menu ().
- Navigate to Configure > Deployments > your desired deployment > Configure Log Sources bar at the bottom left corner.
- Find the log source that you are interested in. You can quickly view its status in the Current Status column of the table. You can view additional details by clicking on the log source - a panel will appear on the right side of the screen.
What Log Source Statuses Mean
Status | Status Information | Action |
NEW | The agent is newly registered and online. In the case of Windows collection, it means we have not received any logs yet. In the case of Linux, more steps need to be taken to assure syslog transport. |
If the log source is using an Alert Logic agent and is a Linux machine, it is possible that the configuration of the local syslog daemon did not occur during the initial installation of the agent. This process involves add a line to the configuration file for the local syslog daemon and restarting the daemon so that it picks up the new configuration file. You can find a copy of the complete installation guide, as well as the specific instructions for the syslog configuration, in our Install the agent for Linux documentation. If this process does not work, or if you are using a different type of log source, contact Alert Logic support for further guidance. |
OK | The agent is functioning as designed. It is collecting log data without issue and is able to transport data from the host to the appliance. | No action is required. |
WARNING | The agent has encountered an issue that does NOT prevent data collection. | Contact Alert Logic support - they will be able to determine the issue by looking at the type of warning and provide the next step of action required. |
ERROR | The agent has encountered an issue that DOES prevent data collection. |
Common errors are due to the Firewall Rules not being set up correctly. Check them against our United States and/or our United Kingdom/European Union Firewall Rules documentation. If this does not resolve the issue, contact Alert Logic support. They will be able to determine the issue by looking at the type of error and provide the next step required. |
OFFLINE | The log source has not been heard from in 15 minutes or more. It may be a continuation of problems that forced the host into an error status. | If the Offline status is not intended, the first action is to restart the agent. Also, check that the Firewall Rules are correct by checking them against our United States and/or our United Kingdom/European Union Firewall Rules documentation. Contact Alert Logic support if the Offline status persists. |
Comments
0 comments
Please sign in to leave a comment.