Utilize the following table to proactively understand and improve your Alert Logic® visibility posture. These are the most common visibility issues that Alert Logic customers come across, as well as suggestions for fixing each issue.
Solution
Issue |
Solution |
Alert Logic is not configured to monitor all the traffic/logs from all the customer’s hosts. |
The customer should review and update their networks, agents, and log sources/collectors. |
Alert Logic is not receiving traffic from all the hosts that the customer wants to monitor. |
The customer should review and update their port mirroring configuration, firewall rules, and all agents in a non-OK status. |
Alert Logic is not writing the correct source IP in events/incidents. |
The customer should review and verify that the load balancers are writing XFF or similar headers that Alert Logic supports (X-Cluster-Client-IP, X-Forwarded-For, X-Real-IP, True-Client-IP, Fastly-Client-IP, and CF-Connecting-IP). The customer should disable TCP multiplexing or any other kind of session reuse. |
The customer has encrypted traffic that Alert Logic is not decrypting. |
The customer should verify that Diffie-Hellman is both not in use and disabled on their internal servers. |
The customer’s environment is not generating incidents from publicly-facing hosts. |
The customer should verify that Alert Logic is receiving traffic/logs from the publicly-facing hosts. If a load balancer is in place, the customer should verify that the load balancer is writing an XFF header that Alert Logic supports. |
The customer has a VPN or tunnel in an environment that Alert Logic monitors. |
The customer should review and verify that the traffic exiting the tunnel can be parsed by Alert Logic. |
The customer has VLAN-tagged traffic in an environment that Alert Logic monitors. |
If the customer would like to whitelist an IP, the customer should open a ticket with Alert Logic Support as whitelisting an IP within the Alert Logic console does not work with VLAN-tagged traffic. |
The customer runs HTTP on any ports that are not 80, 81, 8000, or 8080. |
The customer should open a ticket with Alert Logic Support to get this custom configuration handled. |
Comments
0 comments
Please sign in to leave a comment.