Fortra's Alert Logic has made improvements to how log collection volume is determined. With these enhancements, more accurate log volume counts and updated collection methods are available in the Log Collection and Top 10 Log Collectors reports in the Alert Logic console.
More Accurate Log Volume Counts
When viewing log collection reports, the Collection Method "Appliance" is the aggregate total for all individual devices with the Collection Method "Remote". Previously, log volume calculations included both the remote log sources and the appliance that they were sending logs to, which could result in duplication and elevated log volume totals.
The new calculation excludes the Collection Method of "Appliance" from the total to eliminate duplicate counting. As a result, log volume counts and trends are more accurate and consistent in the Log Collection and Top 10 Log Collectors reports.
Note: With this change, you may notice lower overall log volume counts or a flattening in daily trends.
Updated Collection Methods
The following improvements have been made to the Collection Method section and column in the Log Collection and Top 10 Log Collectors reports:
- Collection Method “Appliance” has been removed.
- Collection Method “Remote Log Sources” has been renamed “Remote Sources”.
- Collection Method “Collector” has been added. Collectors include API-based log integrations such as azure_blob, azure_events, S3aws, S3collect, cloudtrail, cwe, ehub, and o365.
In addition, the Appliance Key identifies the Remote Log Collector appliance to which each individual Remote Source is sending logs. The “Appliance Key” column has been added to the CSV download for the Log Collection report and will be populated only for Collection Method “Remote Source”.
Comments
0 comments
Please sign in to leave a comment.