About Log-Alert at IU

On this page:


Log-Alert is a no-fee, UITS-funded service available to all IU units and intended to ensure that your IT department can align itself with Security of Information Technology Resources (IT-12) and its requirements for server log monitoring and review. Your servers are constantly generating logs, and analyzing this data manually is cumbersome and time consuming. Log-Alert provides a real-time automated log management solution that monitors your system's event logs.

Benefits of the Log-Alert service include:

  • IT-12 alignment
  • Encryption and security: All traffic to the Log-Alert service is fully encrypted and secured via direct firewall policies to your servers. Log events in storage are secured on servers housed in the IU Data Center.
  • Separate storage: All event logs are collected, transferred, and stored on the Log-Alert system. This ensures that logs cannot be lost by clearing them locally.
  • Search: Log-Alert indexes your events so that you can search directly from an intuitive web interface.

Presently, Log-Alert at Indiana University runs on the Elastic Stack platform. Elastic uses an agent called a "beat" to securely transmit your logs to Log-Alert.


OmniSOC system engineers updated the certificate authority (CA) certificate for the Log-ALERT Kafka cluster on December 2, 2021. If after this maintenance you are having issues getting your beats agents (filebeat, auditbeat, or winlogbeat) to submit logs to Log-ALERT, update their CA certificate files and restart your beats agents. The new CA certificate can be obtained from the Log-ALERT GitHub repository. If these steps do not resolve the issue, contact OmniSOC Platform Engineering (soc@omnisoc.iu.edu).

Access to Log-Alert logs

Outside of the Log-Alert and OmniSOC teams, only the people in your department who are defined by a departmental Active Directory group will have access to your logs. The Log-Alert team has implemented two simultaneous security methods within Elastic:

  • Log-Alert silos all data into indexes; this allows role-based access to a specific index so no one else can search the data.
  • Log-Alert restricts user options, allowing users to see only their application.

Learn more

If you have any questions or wish to onboard, send mail to lservnix@iu.edu, and the project team will respond.

This is document bezz in the Knowledge Base.
Last modified on 2022-01-11 16:17:00.