Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Only collects single-line log formats.
  • Does not provide security analysis, parsing, or awareness of log content. 
  • Can store up to 10,000 logs, regardless if you do not reach the 90-day limit.
  • Can collect CloudTrail logs from AWS. 
Excerpt
hiddentrue
Note

The Log and Event Management subagent will sync and update this screen every 15 minutes. 

To learn more about this subagent, see Service Description: Log and Event Management.

At a high-level, to use Host Log Collector, you must: 

  • Order Host Log Collector
  • Send logs to Armor
Note

In some cases, the term Log Depot may be used instead of Host Log Collector.


...

Anchor
Review pricing information
Review pricing information
Review pricing information

...

  1. Log into a server instance that contains the Armor Anywhere - Security Agent. 
  2. Stop the agent with the following command: 
    • spsv armor-agent
  3. Run the agent policy command to add log policies. You can use the following commands as an example: 
    • For filelog type, run C:\.armor\opt\armor policy filelog add --path C:\inetpub\logs\web1.log --category web --tags web1,iis

    • For eventlog type, run C:\.armor\opt\armor policy eventlog add --name Application --category app --tags app
    • Category is required. You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web. 
    • Tags are optional. 
  4. Sync the agent's policy to the API with the following command:
    • C:\.armor\opt\armor policy filelog sync
  5. Restart the agent with the following command: 
    • sasv armor-agent
  6. (Optional) To review any Host Log Collector files in AMP:
    1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
    2. Click Log & Data Management
    3. Click Search
    4. Use the filter function to select Log Depot

...

Option 2: For Linux users

...

  1. Log into a server instance that contains the Armor Anywhere - Security Agent. 
  2. Stop the agent with the following command: 
    • service armor-agent stop
  3. Run the agent policy command to add log policies. You can use the following command as example: 
    • /opt/armor/armor policy filelog add --path /var/log/app.log --category app --tags app,app1
      • Category is required. You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web. 
      • Tags are optional.
  4. Sync the agent's policy to the API with the following command: 
    • /opt/armor/armor policy filelog sync
  5. Restart the agent with the following command: 
    • service armor-agent start
  6. (Optional) To review any Host Log Collector files in AMP:
    1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
    2. Click Log & Data Management
    3. Click Search
    4. Use the filter function to select Log Depot

...

Anchor
Review additional agent-related commands
Review additional agent-related commands
Review additional agent-related commands

...