Alert Logic® log management customers who have deployed and enabled log collection may see the following configuration remediation, "Verify agent configuration does not prevent log collection," In the Alert Logic console. Alert Logic Cloud Defender or Log Manager customers will see the remediation at Remediations > List and Alert Logic Essentials, Professional, or Enterprise customers will see it at main menu () > Respond > Exposures.
This remediation indicates that Alert Logic has not received traffic from a host provisioned with log collection for over 24 hours. Failing to collect logs from a host may lead to greater security exposures, such as missed incidents.
1. Verify al-agent Service is Installed and Running on the Host
Once you have confirmed that the affected host can reach Alert Logic, ensure that the al-agent package is installed and running on the host.
For detailed information on verifying the agent's status, see the Check the Status of the Alert Logic Agent knowledge base article. Additionally, information on installing the Alert Logic agent is available based on host type:
Note: Linux users should specifically confirm within the linked documentation that they have completed the syslog daemon steps within the Install the Agent section.
2. Ensure Agent Health
Confirm that there are no outstanding remediations linked to the agent in the Alert Logic Health console.
- There are no remediations listed under the agent in the Health console
- Essentials, Professional, or Enterprise customers - the agent appears as Unhealthy in the Alert Logic console at main menu () > Respond > Health > Appliances and Agents > Agents
Navigate to main menu () > Respond > Health > Appliances and Agents > Agents and click on the applicable agent to confirm whether configuration actions are present. If yes, click Remediate and follow the steps provided in the remediation to fix any additional issues.
3. Check the Alert Logic Status Page
In some cases, there may be issues on the Alert Logic side due to maintenance or outages. Check the status of the Alert Logic services by reviewing the Alert Logic status page.
4. Contact Alert Logic Support
If your issue persists after verifying the agent service is running on the host, verifying agent internet connectivity, verifying log source configurations, ensuring the agent is healthy, and checking the Alert Logic status page, submit a ticket with Alert Logic Support. Reference the affected agents and your remediation steps.
Please sign in to leave a comment.