Upon the completion of log data collection, all applicable log data is immediately parsed/normalized within the data grid. As log messages are parsed, the analytics system correlates the applicable normalized data based on a set of correlation rules that can be defined by the user. Correlation across multiple platforms can be created via correlation policies in the Alert Logic® console. Upon the execution of an alert policy, Alert Logic log management will create a meta-event and insert it into the log record, send a proactive email alert notification (if desired), and create an incident case (if desired). The meta-event record can be used as an additional trigger for a secondary correlation policy (nested correlation rules).
Articles in this section
- Are automated compliance reports a component of Alert Logic Log Management?
- Are there any architectural scalability options available for Log Manager?
- Are there infrastructure requirements to facilitate the Alert Logic Log Management functionality?
- Can Alert Logic collect AWS RDS logs?
- Can Alert Logic display incoming log data in real time?
- Can Alert Logic Log Management centrally distribute rules?
- Can Alert Logic log management data be exported for forensic analysis?
- Can Alert Logic maintain verifiable unmodified event records?
- Can I add a custom report to the Log Review Service?
- Can I suppress or summarize duplicate alerts in Log Manager?