Customers with the Alert Logic® network intrusion detection system can view the status of their protected hosts in the Alert Logic console. This article describes how to access the status of your protected hosts, what each status means, and actions that can be taken to resolve certain statuses.
Note: The following information applies only to customers with Alert Logic® Cloud Defender™ or Alert Logic Threat Manager™ entitlements.
Accessing Protected Host Statuses
Use the following procedure to access the log source statuses in the Alert Logic console:
- Click Configurations in the main menu.
- Click Deployments in the sub-menu.
- Click the deployment that you want to work in.
- Click Networks and Protected Hosts from the side bar.
- Click Protected Hosts from the list of tabs in the middle of the page.
- Find the protected host that you are interested in. You can quickly view its status in the Status column of the table. You can view additional details by clicking on the protected host – a panel will appear on the right side of the screen.
What Protected Host Statuses Mean
Status | Status Information | Action |
NEW | The agent is newly registered and online but not yet configured to send traffic via an assignment policy. | You must assign the protected host to an appliance using the assignment policies in the Alert Logic console. |
OK | The agent is functioning as designed. It is collecting traffic without issue and is able to transport data from the host to the appliance. | No action is required. |
WARNING | The agent has encountered an issue, but it does NOT prevent data collection. | Contact Alert Logic Support - they will be able to determine the issue by looking at the type of warning and provide the next step of action required. |
ERROR | The agent has encountered an issue that DOES prevent data collection. If you hover over the error, you should be able to see a better description of the error. |
Common errors are due to the firewall rules not being set up correctly. Check them against our US Firewall Rules and UK Firewall Rules documentation. If this does not resolve the issue, contact Alert Logic Support. They will be able to determine the issue by looking at the type of error and provide the next step required. |
OFFLINE | The machine may be turned off or something may have changed in the Firewall Rules to stop Alert Logic from getting the correct status of the agent. | If the Offline status is not intended, the first action is to restart the agent. Also, check that the firewall rules are correct by checking them against our US Firewall Rules and UK Firewall Rules documentation. Contact Alert Logic Support if the Offline status persists. |
Comments
0 comments
Please sign in to leave a comment.