Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can use the Host Log Collector add-on product to securely store file-based application logs with Armor for 30 days or 13 months, based on your log retention plan. 

Host Log Collector:  

  • Only collects single-line log formats.
  • Does not provide security analysis, parsing, or awareness of log content. 
  • Can store up to 10,000 logs, regardless if you do not reach the 90-day limit.
  • Can collect CloudTrail logs from AWS. 

...

To use these instructions, you must have powershell admin access.

  1. Log into a the server instance that contains the Armor Anywhere - Security Agentagent. 
  2. Stop the agent with the following command: 
    • spsv armor-agent
  3. Run the agent policy command to add log policies. You can use the following commands as an example: 
    • For filelog type, run C:\.armor\opt\armor policy filelog add --path C:\inetpub\logs\web1.log --category web --tags web1,iis

    • For eventlog type, run C:\.armor\opt\armor policy eventlog add --name Application --category app --tags app
    • Category is required. You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web. 
    • Tags are optional. 
  4. Sync the agent's policy to the API with the following command:
    • C:\.armor\opt\armor policy filelog sync
  5. Restart the agent with the following command: 
    • sasv armor-agent
  6. (Optional) To review any Host Log Collector files in AMP:
    1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
    2. Click Log & Data Management
    3. Click Search
    4. Use the filter function to select Log Depot

...

  1. Log into a server instance that contains the Armor Anywhere - Security Agentagent
  2. Stop the agent with the following command: 
    • service armor-agent stop
  3. Run the agent policy command to add log policies. You can use the following command as example: 
    • /opt/armor/armor policy filelog add --path /var/log/app.log --category app --tags app,app1
      • Category is required. You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web. 
      • Tags are optional.
  4. Sync the agent's policy to the API with the following command: 
    • /opt/armor/armor policy filelog sync
  5. Restart the agent with the following command: 
    • service armor-agent start
  6. (Optional) To review any Host Log Collector files in AMP:
    1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
    2. Click Log & Data Management
    3. Click Search
    4. Use the filter function to select Log Depot

...