Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 45 Next »

This topic only applies to Armor Management Portal (AMP) users.  

Overview

Instead of logging into your virtual machine, you can use the Log Management screen to review information about the Armor Agent, such as log status and event types. You can use this screen for every system protected by Armor to:

  • Investigate security events flagged by Armor
  • Troubleshoot performance issues
  • Search for end-user activity

This screen only contains information about virtual machines that have been fully provisioned with the Armor Agent with the log management service enabled.  

By default, the Armor Management Portal (AMP) retains log status and details for the previous 90 days. To review logs older than 90 days, see Configure log retention plan.

View log status and details

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security
  2. Click Log Management
  3. Locate the desired virtual machine, and then click the corresponding gear icon. 
  4. Select Details
  5. (Optional) Use the filter function to customize the data displayed. 
    • Above the graph, you can search by Date Range.
    • Above the table, you can search by Event Type and Size. 
    • Above the table, you can also enter specific search parameters, and then click the magnifying glass icon to filter the results.

Upgrade log retention plan

By default, logs are retained for 90 days. You can increase log retention rate to 13 months. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security
  2. Click Log Management
  3. Locate the desired virtual machine. 
  4. Click the corresponding gear icon, and then select Upgrade Plan.
  5. Review the pricing information, and then click Purchase.
  6. Click Close.  
  7. (Optional) To cancel the upgrade, you must submit a Support Ticket. 
  8. To see logs beyond 90 days, submit a Support Ticket and request to view the specific logs. 

Export log service status

You can export logs to analyze the offline or to provide to an auditor. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security
  2. Click Log Management
  3. (Optional) Use the filter function to customize the data displayed. 
  4. Under the table, click CSV.
  5. You have the option to export all data (All) or only the data that appears on the current screen (Current Set). 
Data TypeData Detail
Vm NameThis data shows the name of the Armor Agent.
Last Log DateThis data shows the last date that Armor received logs. A blank entry indicates that the action has never taken place.
Vm ProviderThis data shows if you are an Anywhere or Complete user. If Armor cannot determine your specific environment, such as AWS or Azure, then by default, this entry will say Anywhere.
Vm Location

This data shows the virtual data center that hosts your data.

RetentionThis data shows how long the logs are stored in the Armor user interface.
Average SizeThis data shows the average log size.
Agent Status

This data shows the status of your Armor Agent.

Online - This status means the Armor Agent is active and has sent logs within the last hour.

Warning - This status means the previous 24-hour log volume has exceeded the 7-day moving average by 10% or more.

Critical - This status means the Armor Agent has not sent logs within the last hour.

Offline - This status means that the Armor Agent, and possibly the virtual machine, is offline.



 Troubleshoot Log Management screen 

Log Management screen

If you do not see any data in the Log Management screen, consider that

  • The selected date range does not contain any data.
    • Select a difference date range. 
  • You do not have permission to view log data.
    • You must have the Read LogManagement permission enabled to view log data. Contact your account administrator to enable this permission. To learn how to update you permissions, see Log Management

Log Management Details screen

If you do not see any data in the Log Management Details screen, consider that

  • The virtual machine or server may be powered off. 
    • To power on: 
    1. In the left-side navigation, click Virtual Machines.
    2. Locate the virtual machine or server, and then click the corresponding gear icon.
    3. Click Power On.
    4. Click OK.
  • You do not have permission to view log data.
    • You must have the Read LogManagement permission enabled to view log data. Contact your account administrator to enable this permission. To learn how to update you permissions, see Log Management

 

 




In this topic



Have a suggestion for the Armor Knowledge Base? Send a message to kb@armor.com.