- Agent Education
- Agent Installation
- Performance Impact
- Platform Support
- Health State Alerts
- Additional Information
If you're using Alert Logic® Threat Manager™ or Alert Logic Log Manager™ in the Cloud, you're likely deploying the Universal Agent. Read on to gain a greater understanding of what Alert Logic agents are used for and why they're so important.
Alert Logic utilizes agents within both Threat Manager and Log Manager as the means of collecting host information from our customers and clients. The agents copy only the necessary information and send it back to Alert Logic for analysis. In the simplest terms, agents are the means that Threat Manager and Log Manager use to collect logs about network activity taking place within your protected environments.
The Threat Manager aspect of the agent binds to the network interface of the machine on which the agent has been installed and collects copies of the network traffic sent to and from the host.
The Log Manager aspect of the agent collects logs from host machines where the agent is installed. It is integral to the usefulness of both Threat Manager and Log Manager that agents are installed on your host machines. Without agents, you are potentially limiting Alert Logic's view into your cloud environment.
Agents are required for Threat Manager and Log Manager to work properly in a Cloud environment. In on-premises environments, however, agents are not required, but can be helpful. With Threat Manager, agents provide more insight into the traffic seen at a host level, beyond mere traffic in and out of the network. With Log Manager, agents allow for easier deployment and management.
Pro tip: Threat Manager and Log Manager are, by default, set to auto-update. Make sure that your environments allow for auto-updates! If you do not have automatic updates enabled, then you will need to manually apply updates. Otherwise, agents will not run the latest software. At some point, lack of new updates may cause performance issues. Updates need to be applied to get the full value and effect of new features and functionality.
With the rollout of the Universal Agent on June 24th, 2015, which encompasses the agents of both Threat Manager and Log Manager, you need only manage a single install for both products. The Universal Agent's single install makes the installation process more efficient and less resource-intensive on the host. Customers who installed their agents before June 24, 2015 should have the Universal Agent, assuming automatic updates are enabled on the host.
Agents have little impact and overhead on customer systems. Because they run as a service, the entire system won't need to be rebooted if there is an issue with the agent. In that case, only the agent service would need to be restarted. On top of that, agents use almost no hard drive space.
Amazon Linux is supported by the Alert Logic Agent. Amazon Linux instances are highly based on CentOS/Red Hat Linux, which we do currently support and will work to maintain support with the latest available releases. Alert Logic has a number of customers running the agent on Amazon Linux instances.
OS Platforms that support Alert logic agent deployment:
|Windows Server 2016||Jessie (8.x)||7.x||7.x||16.x||12.1|
|Windows Server 2012||Wheezy (7.x)||7.x||7.x||14.x||12.1|
|Windows 10||Squeeze (6.x)||5.x||5.x||12.x||11.4|
|Windows Server 2008||Lenny (5.x)||10.x||11.3|
|Windows Server 2003; SP 1|
|Windows (8, 7, Vista)|
|Windows XP; SP 1|
Agents generate health state alerts based on their condition within your environment. Below, learn more about agent health state alerts and what exactly they mean for the agent's current condition.
|New||Agent has registered but is not yet sending traffic.|
|OK||Agent has registered and is sending traffic and functioning as designed.|
|Warning||An application on the host that the agent uses must be updated, but does not impact collection or transport of customer data.|
1) Agent can connect to the backend to transport status, but cannot send traffic to the appliance.
2) Agent has been orphaned. This is an agent that was assigned to an appliance but was erased, either intentionally or otherwise.
1) Agent cannot connect to the appliance.
2) Agent cannot connect to the backend to transport status.
You can learn more about installing agents in Threat Manager and Log Manager within our LEARN portal. To access the Installing a Windows Agent in Log Manager or Installing a Windows Agent in Threat Manager training, complete the following steps:
- Go to the LEARN portal. If you do not have an account, click Register Here and fill in the required information.
- In the search field, enter Installing a Windows Agent in Log Manager or Installing a Windows Agent in Threat Manager. Select Installing a Windows Agent in Log Manager or Installing a Windows Agent in Threat Manager from the results.
- Click Request.
- On the Transcript page, click Launch.