Upon the completion of log data collection, all applicable log data is immediately parsed/normalized within the data grid. As log messages are parsed, the analytics system correlates the applicable normalized data based on a set of correlation rules that can be defined by the user. Correlation across multiple platforms can be created via correlation policies in the Alert Logic® console. Upon the execution of an alert policy, Alert Logic log management will create a meta-event and insert it into the log record, send a proactive email alert notification (if desired), and create an incident case (if desired). The meta-event record can be used as an additional trigger for a secondary correlation policy (nested correlation rules).
Articles in this section
- Are automated compliance reports a component of Alert Logic Log Management?
- Are there infrastructure requirements to facilitate the Alert Logic Log Management functionality?
- Can I add a custom report to the Log Review Service?
- Can you filter data while collecting logs?
- Can you mask log management data before it leaves the customer site?
- How are logs transported from a customer environment to Alert Logic data centers?
- How can I access container metadata using search?
- How can I reduce the volume of syslog messages sent from a host running rsyslog?
- How can I request for my logs to be parsed?
- How do I configure Amazon Web Services CloudTrail for log collection?
Comments
0 comments
Please sign in to leave a comment.