Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Log into a server instance that contains the Armor Anywhere - Security Agent. 
  2. Stop the agent with the following command: 
    • spsv armor-agent
  3. Run the agent policy command to add log policies. You can use the following commands as an example: 
    • For filelog type, run C:\.armor\opt\armor policy filelog add --path C:\inetpub\logs\web1.log --category web --tags web1,iis

    • For eventlog type, run C:\.armor\opt\armor policy eventlog add --name Application --category app --tags app
    • Category is required. You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web. 
    • Tags are optional. 
  4. Sync the agent's policy to the API with the following command:
    • C:\.armor\opt\armor policy filelog sync
  5. Restart the agent with the following command: 
    • sasv armor-agent
  6. (Optional) To review any Host Log Collector files in AMP:
    1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
    2. Click Log & Data Management
    3. Click Log Search

...

Option 2: For Linux users

...

Note

Review the following example to understand how to send logs to Armor: /opt/armor/armor policy filelog add --path /var/log/dpkg.log --category platform --tags Ubuntu

TextDescription
/opt/armor/armor policy filelog addBase script
--path /var/log/dpkg.logThe location of the files.
--category platform

The type (category) of logs.

You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web. 

--tags Ubuntu

In the Log Search screen, you can search by tags.

Tags are optional.

  1. Log into a server instance that contains the Armor Anywhere - Security Agent. 
  2. Stop the agent with the following command: 
    • service armor-agent stop
  3. Run the agent policy command to add log policies. You can use the following command as example: 
    • /opt/armor/armor policy filelog add --path /var/log/app.log --category app --tags app,app1
      • Category is required. You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web. 
      • Tags are optional.
  4. Sync the agent's policy to the API with the following command: 
    • /opt/armor/armor policy filelog sync
  5. Restart the agent with the following command: 
    • service armor-agent start
  6. (Optional) To review any Host Log Collector files in AMP:
    1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
    2. Click Log & Data Management
    3. Click Log Search

...

Anchor
Review additional agent-related commands
Review additional agent-related commands
Review additional agent-related commands

...

If you do not see any data in the Log Search section of the Log & Data Management screen, consider that

  • You did not order the Host Log Collector add-on product. 
  • You did not properly sync Host Log Collector to collect your log files. 
  • The selected date range does not contain any data.
  • You do not have permission to view log data.