To find which log sources and messages are contributing most to your log volume, several resources are available to you. This article describes best practices for managing your log volume with Alert Logic® log management.
Note: This information applies only to customers with Alert Logic® Cloud Defender™ or Alert Logic Log Manager™ entitlements.
In this Article
- Locating Message Volume in the Alert Logic Console
- Making Adjustments
- Additional Information
Locating Message Volume in the Alert Logic Console
Multiple reports and modules are available in the Alert Logic console to track the message counts per log source and the message type that is responsible for the majority of the volume. There are multiple ways to obtain useful information about message volumes:
- Run the Saved View reports from the Alert Logic console to see the message counts per log source and the message type that is responsible for the majority of the volume. There are three related Saved View reports: one showing Messages by Source, one showing Messages by Type, and one showing Messages by Type and Source.
- In the Alert Logic console, on the Log Management dashboard from the Overview main menu tab, review the following modules: - Received Logs - Top 10 Message Types
- Review the Top 10 Sources Collecting module, which can be found in the Alert Logic console under Reports > Usage > Log Management.
Once you've determined the source of the majority of your volume, review your collection practices and determine if adjustments can be made to reduce volume without undue compromise with respect to your security and compliance.
The following related documentation may be useful when reviewing and updating Alert Logic log management data and settings:
- Log Manager Policies
- Log Manager Dashboard
- Log Manager Messages