How the Log Manager and Threat Manager Agent Works | Feature Education

In This Article


If you're using Alert Logic® Threat Manager™ or Alert Logic Log Manager™ in the Cloud, you're likely deploying the Universal Agent. Read on to gain a greater understanding of what Alert Logic agents are used for and why they're so important.

Return to top

Agent Education

Alert Logic utilizes agents within both Threat Manager and Log Manager as the means of collecting host information from our customers and clients. The agents copy only the necessary information and send it back to Alert Logic for analysis. In the simplest terms, agents are the means that Threat Manager and Log Manager use to collect logs about network activity taking place within your protected environments.

The Threat Manager aspect of the agent binds to the network interface of the machine on which the agent has been installed and collects copies of the network traffic sent to and from the host. The Log Manager aspect of the agent collects logs from host machines where the agent is installed. It is integral to the usefulness of both Threat Manager and Log Manager that agents are installed on your host machines. Without agents, you are potentially limiting Alert Logic's view into your cloud environment.

Agents are required for Threat Manager and Log Manager to work properly in a Cloud environment. In on-premises environments, however, agents are not required, but can be helpful. With Threat Manager, agents provide more insight into the traffic seen at a host level, beyond mere traffic in and out of the network. With Log Manager, agents allow for easier deployment and management.

Pro tip: Threat Manager and Log Manager are, by default, set to auto-update. Make sure that your environments allow for auto-updates! If you do not have automatic updates enabled, then you will need to manually apply updates. Otherwise, agents will not run the latest software. At some point, lack of new updates may cause performance issues. Updates need to be applied to get the full value and effect of new features and functionality.

Return to top

Agent Installation

Don't worry, step-by-step instructions on installations are available. Start here to Install the Alert Logic agent for Windows. And start here to Install the Alert Logic agent for Linux.

With the rollout of the Universal Agent on June 24th, 2015, which encompasses the agents of both Threat Manager and Log Manager, you need only manage a single install for both products. The Universal Agent's single install makes the installation process more efficient and less resource-intensive on the host. Customers who installed their agents before June 24, 2015 should have the Universal Agent, assuming automatic updates are enabled on the host.

Return to top

Performance Impact

Agents have little impact and overhead on customer systems. Because they run as a service, the entire system won't need to be rebooted if there is an issue with the agent. In that case, only the agent service would need to be restarted. On top of that, agents use almost no hard drive space.

Return to top

Platform Support

OS Platforms that support Alert logic agent deployment:

Windows Debian CentOS RHEL Ubuntu SUSE
Windows Server 2012 Wheezy (7.x) 7.x 7.x 14.x 12.1
Windows Server 2008 Squeeze (6.x) 6.x 6.x 12.x 12.0
Windows Server 2003; SP 1 Lenny (5.x) 5.x 5.x 10.x 11.4
Windows (8, 7, Vista)         11.3
Windows XP; SP 1          

Return to top

Health State Alerts

Agents generate health state alerts based on their condition within your environment. Below, learn more about agent health state alerts and what exactly they mean for the agent's current condition.

New Agent has registered but is not yet sending traffic.
OK Agent has registered and is sending traffic and functioning as designed.
Warning An appliance on the host that the agent uses must be updated, but does not impact collection or transport of customer data.

1) Agent can connect to the backend to transport status, but cannot send traffic to the appliance.

2) Agent has been orphaned. This is an agent that was assigned to an appliance but was erased, either intentionally or otherwise.


1) Agent cannot connect to the appliance.

2) Agent cannot connect to the backend to transport status.

Return to top

Additional Information

You can learn more about installing agents in Threat Manager and Log Manager within our LEARN portal. To access the Installing a Windows Agent in Log Manager or Installing a Windows Agent in Threat Manager training, complete the following steps:

  1. Go to the LEARN portal. If you do not have an account, click Register Here and fill in the required information. 
  2. In the search field, enter Installing a Windows Agent in Log Manager or Installing a Windows Agent in Threat Manager. Select Installing a Windows Agent in Log Manager or Installing a Windows Agent in Threat Manager from the results.
  3. Click Request.
  4. On the Transcript page, click Launch

Return to top

Was this article helpful?
4 out of 4 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.