Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »


Armor Knowledge Base


Feedback

Have a suggestion for the Armor Knowledge Base?

Send a message to kb@armor.com.









Overview

Error rendering macro 'excerpt-include'

No link could be created for 'Armor Anywhere users (snippet)'.

You can use the Log Depot add-on product to store file-based application logs for 13 months. 

You can send the following log types:

  • File-based logs
  • CloudTrail logs
  • Azure Monitor logs
     

For this add-on product, Armor does not provide security analytics, parsing, or awareness of log content.

The Log and Event Management subagent twill sync and update this screen every 15 minutes. 

Order Log Depot

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
  2. Click Log Management
  3. Click Activate Log Depot
  4. Review the product information, and then click Purchase
  5. (Optional) To deactivate, submit a support ticket. 
    1. Do you have to wait for Support to confirm or does it "start" right away? 

Global Log Search

You can filter by linux-logs, wineentlog, linux-log, and log-depot.

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
  2. Click Global Log Search. 

Troubleshooting Global Log Search screen

Send and store your logs

GET COMMAND LINE TO SEND AND STORE LOGS FROM JOSHUA

DO NOT INCLUDE PRICING INFORMATION

After you have received confirmation from Armor Support, you can send your logs via the command line. 

https://kb.firehost.co/display/AA/Log+Depot+Service+Description


Add link to Log Depot in Log Management service description. Service Description: Log and Event Management

Add this to the Service Description: Log and Event Management

Additionally, you can also send file-based logs, CloudTrail logs, and Azure Monitore logs to Armor for a 13-month storage.

in the Log Management screen, click On. 

GFLOBAL LOG SEARCH in amp

SUE THE COMMAND LINE TO SORT HTE LOGS AND SEND TO armor

and then 

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
  2. Click Log Management
  3. Click Activate Log Depot
  4. Review the product information, and then click Purchase
  5. (Optional) To deactivate, submit a support ticket. 


Provide a feature, at an extra charge, for customers to send any file-based, Cloud Trail, or Azure Monitor log they want to Armor for 13 months storage. This project does not include any kind of security analysis, parsing, or any awareness of log content, but it does include displaying the log in AMP. Log types include file-based application logs, Azure Monitor logs, and CloudTrail logs. This project does not impact how we currently analyze OS security logs.


https://kb.firehost.co/display/AA/Log+Depot+Positioning


https://kb.firehost.co/display/AA/Log+Depot