| Excerpt Include |
|---|
| ESLP:Armor Complete users (snippet) |
|---|
| ESLP:Armor Complete users (snippet) |
|---|
| nopanel | true |
|---|
|
| Note |
|---|
In order to use this document, you must have the Write LogManagement permission assigned to your account. |
OverviewYou can use the Log Relay add-on product to securely store file-based application logs with Armor for 30 days or 13 months, based on your log retention plan.
Log Relay:
- Collects only single-line log formats.
- Does not provide security analysis, parsing, or awareness of log content.
- Can store up to 10,000 logs
...
| Excerpt |
|---|
|
| Anchor |
|---|
| Review pricing information |
|---|
| Review pricing information |
|---|
|
Review pricing informationHost Log Collector's prices are based on a subscription (base) charge and an overage (tiered) charge. The monthly subscription charge includes up to 25GB of storage. Additional storage above 25GB will be charged on a tiered level. Review the following table to understand the pricing structure: | SKU | $/Month | £/Month |
|
|---|
| LD Base Subscription | $200 | £155 |
|
| $ per GB | £ per GB | Tier Discount | | 0GB - 25GB (Included in Base Subscription) | Included (is $8/GB) | Included (is £6.20) | - | | 26GB - 50GB | $7.2 | £5.58 | 10% | | 51GB - 100GB | $6.56 | £5.08 | 18% | | 101GB - 250GB | $6.08 | £4.71 | 24% | | 251GB - 500GB | $5.60 | £4.34 | 30% | | 501GB - 1000GB | $5.28 | £4.09 | 34% | | 1001GB+ | $5.12 | £3.97 | 36% |
|
| Anchor |
|---|
| Order host log collector |
|---|
| Order host log collector |
|---|
|
Order Log Relay for ...
Host Log Collection
Step 1: Add Log Relay
Use the Post Host Log Collector (Activate) API to add Host Log Collector to your account.
...
| Excerpt |
|---|
|
| Excerpt Include |
|---|
| ESLP:NOT PUBLISHED: Order Log Depot (snippet) |
|---|
| ESLP:NOT PUBLISHED: Order Log Depot (snippet) |
|---|
| nopanel | true |
|---|
|
|
| Anchor |
|---|
| Send logs to Armor |
|---|
| Send logs to Armor |
|---|
|
Step 2: Send ...
Logs to Armor
Contact Armor Support to add a custom file path via a host log collector.
| Excerpt |
|---|
|
Option 1: For Windows users To use these instructions, you must have powershell admin access. - Log into the server instance that contains the Armor agent.
- Stop the agent with the following command:
- Run the agent policy command to add log policies. You can use the following commands as an example:
- Sync the agent's policy to the API with the following command:
- C:\.armor\opt\armor policy filelog sync
- Restart the agent with the following command:
- (Optional) To review any collected host log files:
- In the Armor Management Portal (AMP), on the left-side navigation, click Security.
- Click Log & Data Management.
- Click Search.
- Use the filter function to select Log Relay.
Option 2: For Linux users To use these instructions, you must have sudo access. | Note |
|---|
Review the following example to understand how to send logs to Armor: /opt/armor/armor policy filelog add --path /var/log/dpkg.log --category platform --tags Ubuntu | Text | Description |
|---|
| /opt/armor/armor policy filelog add | Base script | | --path /var/log/dpkg.log | The location of the files. | | --category platform | The type (category) of logs. You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web. | | --tags Ubuntu | In the Search screen, you can search by tags. Tags are optional. |
|
- Log into a server instance that contains the Armor agent.
- Stop the agent with the following command:
- Run the agent policy command to add log policies. You can use the following command as example:
- /opt/armor/armor policy filelog add --path /var/log/app.log --category app --tags app,app1
- Category is required. You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web.
- Tags are optional.
- Sync the agent's policy to the API with the following command:
- /opt/armor/armor policy filelog sync
- Restart the agent with the following command:
- service armor-agent start
- (Optional) To review any collected host log files::
- In the Armor Management Portal (AMP), on the left-side navigation, click Security.
- Click Log & Data Management.
- Click Search.
- Use the filter function to select Log Relay.
|
...
| Anchor |
|---|
| Review additional agent-related commands |
|---|
| Review additional agent-related commands |
|---|
|
Review ...
Additional Agent-related
...
Commands
Review the following table to better understand how to interact with the agent via the command line:
| Command | Description |
|---|
| armor -h | Displays the agent's help dialog |
| armor policy -h | Displays the agent's policy help dialog |
| armor policy filelog -h | Displays the agent's policy filelog help dialog |
| armor policy filelog add -h | Displays the agent's policy filelog add help dialog |
| armor policy filelog --add [path] | Adds a filebeat logging policy with the user-defined path, category, and tag(s). |
| armor policy add eventlog [name] | Adds a (Windows) eventlog logging policy with the user-defined path, category, and tag(s). |
| armor policy show | Displays command functionality and syntax available at the command line. "show" can be added to any level of command to help drive user input |
| armor policy sync | Synchronizes the local Armor CORE Agent with API services to pull down the latest policy version |
| Anchor |
|---|
| Troubleshoot Log Search section of the Log Management screen |
|---|
| Troubleshoot Log Search section of the Log Management screen |
|---|
|
Troubleshoot Log Search ...
Section of
...
Log Management
...
If you do not see any data in the Search section of the Log & Data Management screen, consider that
...
