Alert Logic® Log Manager™ customers can view the status of their log sources in the Alert Logic user interface (UI). This article describes how to access the status of your log sources, what each status means, and actions that can be taken to resolve certain statuses.
Accessing Log Source Statuses
Use the following procedure to access the log source statuses in the Alert Logic UI:
- At the top of the Alert Logic UI, from the drop-down menu, click Log Manager.
- In the left navigation area, under Collection, click Sources.
A table displays that lists each protected host. The status of each protected host displays in the Current Status column.
What Log Source Statuses Mean
|NEW||The agent is newly registered and online. In the case of Windows collection, it means we have not received any logs yet. In the case of Linux, more steps need to be taken to assure syslog transport.||
If the log source is using an Alert Logic agent and is a Linux machine, it is possible that the configuration of the local syslog daemon did not occur during the initial installation of the agent. This process involves add a line to the configuration file for the local syslog daemon and restarting the daemon so that it picks up the new configuration file. You can find a copy of the complete installation guide, as well as the specific instructions for the syslog configuration, in our Install the agent for Linux documentation.
If this process does not work, or if you are using a different type of log source, contact Alert Logic support for further guidance.
|OK||The agent is functioning as designed. It is collecting log data without issue and is able to transport data from the host to the appliance.||No action is required.|
|WARNING||The agent has encountered an issue that does NOT prevent data collection.||Contact Alert Logic support - they will be able to determine the issue by looking at the type of warning and provide the next step of action required.|
|ERROR||The agent has encountered an issue that DOES prevent data collection.||
Common errors are due to the Firewall Rules not being set up correctly. Check them against our Firewall Rules documentation.
If this does not resolve the issue, contact Alert Logic support. They will be able to determine the issue by looking at the type of error and provide the next step required.
|OFFLINE||The log source has not been heard from in 15 minutes or more. It may be a continuation of problems that forced the host into an error status.||If the Offline status is not intended, the first action is to restart the agent. Also, check that the Firewall Rules are correct by checking them against our Firewall Rules documentation. Contact Alert Logic support if the Offline status persists.|