Alert Logic has introduced improvements to the Alert Logic console to allow health notifications to be configured for Remote Sources which Alert Logic hasn't collected logs from over a period of time.
Background
A Remote Source consists of logs that have been pushed to one of our syslog collectors, a Remote Collector, or Log Manager. These are sources where the standard agent cannot be installed, but the logs have high security value. Most commonly, this is a firewall, such as Palo Alto or Cisco.
Previously, Remote Sources would only trigger a health Remediation when no logs had been received for 24 hours.
Health Notification Improvements
With these new improvements, you can now configure Health Notifications for Remote Sources. You can configure against all Remote Sources or against specific Remote Sources.
To configure Health Notifications for Remote Sources:
- In the Alert Logic console, click the menu icon (
). - Click
Manage, and then click Notifications.
- On the Alerts Notifications tab, click
Create a Notification, and then click Health.
- In the Name box, enter a name for the notification.
- From the Collection Asset Type list, select Remote Source.
- Click NEXT.
- For Remote Source Status, select Not Collecting checkbox. A list of your Remote Sources will appear grouped by their deployment.
- Select which Remote Sources you want to enable the health notification for. We encourage that you specify specific Remote Sources that are extremely important, there will be other sources which either send a limited number of logs or aren't critical.
- Click NEXT.
- On the Delivery tab, select the users who will receive this health notification.
- Click SAVE.
Additional Resources
See the following documentation for information around Remote Sources and configuring health notifications:
Comments
0 comments
Please sign in to leave a comment.