In order to use this document, you must have the Write LogManagement permission assigned to your account.
You can use the Log Relay add-on product to securely store file-based application logs with Armor for 30 days or 13 months, based on your log retention plan.
You can send the following log types:
- File-based logs
- CloudTrail logs
- Azure Monitor logs
- Collects only single-line log formats.
- Does not provide security analysis, parsing, or awareness of log content.
- Can store up to 10,000 logs
At a high-level, to use Log Relay, you must:
- Order Host Log
- In the Armor Management Portal (AMP), on the left-side navigation, click Security.
- Click Log Management.
- Click Activate Log Depot.
- Review the product information, and then click Purchase.
- (Optional) To deactivate, submit a support ticket.
- Do you have to wait for Support to confirm or does it "start" right away?
Global Log Search
You can filter by linux-logs, wineentlog, linux-log, and log-depot.
- Send logs to Armor
In some cases, the terms Log Depot, Host Log Collector, or Log Relay may be used interchangeably.
For pricing information, please contact your account manager.
Host Log Collector's prices are based on a subscription (base) charge and an overage (tiered) charge.
The monthly subscription charge includes up to 25GB of storage. Additional storage above 25GB will be charged on a tiered level.
Review the following table to understand the pricing structure:
Step 1: Add Log Relay
Use the Post Host Log Collector (Activate) API to add Host Log Collector to your account.
|Method / Type||POST|
|API call / URL||/log-management/log-depot/activate|
|Parameters||There are no parameters for this API call.|
|Full API call / URL|
|Sample 200 return|
|To learn more about this API call, see Post Host Log Collector (Activate).|
Contact Armor Support to add a custom file path via a host log collector.
Option 1: For Windows users
To use these instructions, you must have powershell admin access.
Troubleshooting Global Log Search screen
Send and store your logs
GET COMMAND LINE TO SEND AND STORE LOGS FROM JOSHUA
DO NOT INCLUDE PRICING INFORMATION
After you have received confirmation from Armor Support, you can send your logs via the command line.
Add link to Log Depot in Log Management service description. Service Description: Log and Event Management
Add this to the Service Description: Log and Event Management
Additionally, you can also send file-based logs, CloudTrail logs, and Azure Monitore logs to Armor for a 13-month storage.
in the Log Management screen, click On.
GFLOBAL LOG SEARCH in amp
SUE THE COMMAND LINE TO SORT HTE LOGS AND SEND TO armor
Option 2: For Linux users
To use these instructions, you must have sudo access.
Provide a feature, at an extra charge, for customers to send any file-based, Cloud Trail, or Azure Monitor log they want to Armor for 13 months storage. This project does not include any kind of security analysis, parsing, or any awareness of log content, but it does include displaying the log in AMP. Log types include file-based application logs, Azure Monitor logs, and CloudTrail logs. This project does not impact how we currently analyze OS security logs.
Review the following table to better understand how to interact with the agent via the command line:
|armor -h||Displays the agent's help dialog|
|armor policy -h||Displays the agent's policy help dialog|
|armor policy filelog -h||Displays the agent's policy filelog help dialog|
|armor policy filelog add -h||Displays the agent's policy filelog add help dialog|
|armor policy filelog --add [path]||Adds a filebeat logging policy with the user-defined path, category, and tag(s).|
|armor policy add eventlog [name]||Adds a (Windows) eventlog logging policy with the user-defined path, category, and tag(s).|
|armor policy show||Displays command functionality and syntax available at the command line. "show" can be added to any level of command to help drive user input|
|armor policy sync||Synchronizes the local Armor CORE Agent with API services to pull down the latest policy version|
If you do not see any data in the Search section of the Log & Data Management screen, consider that
Was this helpful?