Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
The Log and Event Management subagent will sync and update this screen every 15 minutes. 

...

Pricing information

The base price for Log Depot is $200, which includes 25MB of log storage per month. Once you go over 25MB, you Log Depot's prices are based on a subscription (base) charge and an overage (tiered) charge. 

The monthly subscription charge includes up to 25GB of storage. Additional storage above 25GB will be charged on a usage-based tiered level. 

For detailed pricing information, contact your Armor Account Manager. 

Review the following charts to understand the pricing structure. 


SKU$/Month£/Month
Log Depot Base Subscription$200£155

$/GB Within Tier$/Completed Tier£/GB Within Tier£/Completed TierTier Discount
0GB - 25GB (Included in Base Subscription)Included in Base Subscription (is $8/GB)Included in Base Subscription ($200)Included in Base Subscription (is £6.20)Included in Base Subscription (£155)-
26GB - 50GB$7.6$380

£5.85

£294.5010%
51GB - 100GB$7.08$708£5.45£548.7018%
101GB - 250GB$6.48$1,620£4.98£1,255.5024%
251GB - 500GB$6.04$3,020£4.65£2,340.5030%
501GB - 1000GB$5.66$5,660£4.35£4,386.5034%
1001GB+$5.39n/a£3.92n/a36%


...

Order Log Depot

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
  2. Click Log ManagementClick 
  3. Click Log Source
  4. Scroll to the bottom of the screen, and then click Activate Log Depot
  5. Review the product information, and then click Purchase
  6. After you begin the purchase process, you can start sending logs to Armor. 

...

Send logs to Armor

...

Windows users

To use these instructions, you must have You must have powershell admin access.

  1. Log into a server instance that contains the Armor Anywhere - Security Agent. 
  2. Stop the agent : spsv armor-agent

Linux users

  1. with the following command: 
    • spsv armor-agent
  2. Run the agent policy command to add log policies. You can use the following command as an example: 
    • C:\.armor\opt\armor policy filelog add --path C:\inetpub\logs\web1.log --category web --tags web1,iis
    • Category is required. You must enter one of the following categories: app, db, machine-data, platform, user, or web. 
    • Tags are optional 
  3. Sync the agent's policy to the API with the following command:
    • C:\.armor\opt\armor policy filelog sync
  4. Restart the agent with the following command: 
    • sasv armor-agent
  5. (Optional) To review any Log Depot files in AMP:
    1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
    2. Click Log Management
    3. Click Log Search

...

Linux users

To use these instructions, you must have sudo access. 

  1. Log into a server instance that contains the Armor Anywhere - Security Agent. 
  2. Stop the agent : spsv with the following command: 
    • service armor-agent stop
  3. Run the agent policy command to add log policies. You can use the following command as example: 
    • /opt/armor/armor policy filelog add --path /var/log/panopta-agent/* --category app --tags panopta,app1
      • Category is required. You must label your logs enter one of the following categories: app, db, machine-data, platform, user, or web. 
      • Tags are optional.
  4. Sync the agent's policy to the API with the following command: 
    • /opt/armor/armor policy filelog sync
  5. Restart the agent with the following command: 
    • service armor-agent start
  6. (Optional) To review any Log Depot files in AMP:
    1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
    2. Click Log Management
    3. Click Log Search

...

Review additional agent-related commands

Troubleshoot Log Search section of the Log Management screen

If you do not see any data in the Log Search section of the Log Management screen, consider that

  • You did not order the Log Depot add-on product. 
    • To learn how to order Log Depot, see 
  • You did not properly sync Log Depot to collect your log files. 
    • To learn how send logs to Armor, see 
  • The selected date range does not contain any data.
    • Select a difference date range. 
  • You do not have permission to view log data.
    • You must have the Read LogSearch permission enabled to view log data. Contact your account administrator to enable this permission. To learn how to update you permissions, see Roles and Permissions



Read LogSearch

nstructions require sudo access in Linux or a powershell admin prompt in Windows.



The Customer must follow a simple workflow to add a log to Log Depot.

...

CommandDescription
/opt/armor/armor –helpThis command shows all the avaialble Armor commandsLike all the available Armor commands? yes
/opt/armor/armor policy –help

This command shows all the policy-related commands

This will show you policy filelogs or winlog (or event log)


there are two file tops

/opt/armor/armor policy filelog –help

Shows the policy filelog commands:

  • add     Adds a logfile(s) to be managed.
  • remove  Removes log(s) from being managed.
  • show    Show current logging policies
  • sync    Sync configuration from server.

 /opt/armor/armor policy filelog add –helpShows how to add the file path to Log Depot
/opt/armor/armor policy filelog add --path /var/log/dpkg.log --category platform --tags UbuntuAdds the file /var/log/dpkg.log to Log Depot

this show you spcifcally how to add to log depot

web

app

user

machien data

/opt/armor/armor policy syncManually sync the yml file so that it will start sending the newly added file to Log Depot
cat /etc/filebeat/filebeat.ymlYou can observe the custom file has been added to the yml file here.

View logs in AMP

You can filter by linux-logs, wineentlog, linux-log, and log-depot.

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
  2. Click Log Management
  3. Click Log Search. 

You can customize the type of logs. 

Icomplicance requirements

customer-define OS logs

this product combines: core agent, api, amp and plicy mangemtn in amp

cloud logs from aws and azure

store all logs for 13 monts (not 90)

you can enable and ivew logs in amp

and customer can configure

configure and upload logs via CORE Agent equipped  - cli

configure customer logs on OS

in the marketplace? NO

what are the new APIs?

does the global log search

you can use this scren to see how much storage you have used? 

sysadmn=

  1. they will access their core protect
  2. armor policy add0file beat and then the path of their file, and then a descriptive name 
  3. wiats for armor response
  4. agent sends to amp / api a request to generate a new. . YML configuration
  5. Core agetn recives new file yml with user configuration
  6. beats ageant  and restards new log data

you can can send us 25/gb/month throughout as part of the base price. anything more is an extra price. 

does sending new, updated data

Plain text file, can also be a log, 

Log Depot allows you to store custom file logs, such as environment logs. 

You can send

  • File-based logs
  • CloudTrail logs
  • Azure Monitor logs
     
Note

For this add-on product, Armor does not provide security analytics, parsing, or awareness of log content.

Note
The Log and Event Management subagent twill sync and update this screen every 15 minutes. 

Order Log Depot

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
  2. Click Log Management
  3. Click Activate Log Depot
  4. Review the product information, and then click Purchase
  5. (Optional) To deactivate, submit a support ticket. 
    1. Do you have to wait for Support to confirm or does it "start" right away? 

Global Log Search

You can filter by linux-logs, wineentlog, linux-log, and log-depot.

...

Troubleshooting Global Log Search screen

...

This command shows all the policy-related commands

This will show you policy filelogs or winlog (or event log)

there are two file tops

...

Shows the policy filelog commands:

  • add     Adds a logfile(s) to be managed.
  • remove  Removes log(s) from being managed.
  • show    Show current logging policies
  • sync    Sync configuration from server.

...

this show you spcifcally how to add to log depot

web

app

user

machien data

...

To add a filelog

  1. Enter the following command:    /opt/armor/armor policy filelog add 

GET COMMAND LINE TO SEND AND STORE LOGS FROM JOSHUA

DO NOT INCLUDE PRICING INFORMATION

After you have received confirmation from Armor Support, you can send your logs via the command line. 

https://kb.firehost.co/display/AA/Log+Depot+Service+Description

Add link to Log Depot in Log Management service description. Service Description: Log and Event Management

Add this to the Service Description: Log and Event Management

Additionally, you can also send file-based logs, CloudTrail logs, and Azure Monitore logs to Armor for a 13-month storage.

in the Log Management screen, click On. 

GFLOBAL LOG SEARCH in amp

SUE THE COMMAND LINE TO SORT HTE LOGS AND SEND TO armor

and then 

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
  2. Click Log Management
  3. Click Activate Log Depot
  4. Review the product information, and then click Purchase
  5. (Optional) To deactivate, submit a support ticket. 

Provide a feature, at an extra charge, for customers to send any file-based, Cloud Trail, or Azure Monitor log they want to Armor for 13 months storage. This project does not include any kind of security analysis, parsing, or any awareness of log content, but it does include displaying the log in AMP. Log types include file-based application logs, Azure Monitor logs, and CloudTrail logs. This project does not impact how we currently analyze OS security logs.

https://kb.firehost.co/display/AA/Log+Depot+Positioning

https://kb.firehost.co/display/AA/Log+Depot








...