Alert Logic® SIEMless Threat Management™ Professional customers with hosts in their deployments may see the following configuration remediation, titled "Alert Logic recommends you re-enable the agent on this host," within the Alert Logic console at Remediations > List.
This remediation indicates that one of the following issues is occurring for the given host:
- The host is unable to reach Alert Logic
- The al-agent service on the host has stopped responding due to a crash
- The al-agent software has been removed from the host
Utilize the following steps to identify the cause of and remediate your offline agents.
1. Verify Hosts Can Reach Alert Logic
A common case for agents being declared as offline is that they have failed to reach the Alert Logic platform within the last 15 minutes. If you have made changes to your networking configuration, this is likely the cause. To remediate this, review the agent connectivity requirements and ensure that you allow outbound access for the required ports on the affected hosts.
For Amazon Web Services (AWS) deployments, Alert Logic can detect standard networking configurations that would prevent agent connectivity with Alert Logic from taking place. A relevant remediation is generated with details on what specific part of your network is blocking intrusion detection system traffic. Issues that are detected on AWS deployments by Alert Logic include:
Security groups blocking required ports
Network Access Control Lists blocking required ports
If you have an AWS deployment, check if a remediation has been generated on either of these blocks in the Alert Logic console at Remediations > List > filter for Category: Configuration.
2. Verify al-agent Service is Installed and Running on the Host
Once you have confirmed that the affected host can reach Alert Logic, ensure that the al-agent package is installed and running on the host.
For detailed information on verifying the agent's status, see the Check the Status of the Alert Logic Agent knowledge base article. Additionally, information on installing the Alert Logic agent is available based on host type:
3. Check the Alert Logic Status Page
In some cases, there may be issues on the Alert Logic side due to maintenance or outages. Check the status of all Alert Logic services by reviewing the Alert Logic Status page.
4. Contact Alert Logic Support
If your issue persists after verifying your hosts are reaching Alert Logic, verifying that your al-agent service is installed and running properly, and checking the Alert Logic Status page, submit a ticket with Alert Logic Support. Reference the affected deployments and your remediation steps.