You can use the Log Depot add-on product to securely store file-based application logs with Armor for up to 13 months. Log Depot can only collect single-line log formats.
Within the Armor Management Portal (AMP), you can view logs from the previous 90 days. You can view these logs and overall storage usage in the Log Search section of the Log Management screen.
At a high-level, there are two steps to use Log Depot:
- Order Log Depot
- Send logs to Armor
You can use Log Depot to collect CloudTrail logs from AWS.
For more information, see test 1.
Log Depot does not provide security analysis, parsing, or awareness of log content.
You can only store up to 10,000 logs, regardless if you do not reach the 90-day limit.
The Log and Event Management subagent will sync and update this screen every 15 minutes.
To learn more about this subagent, see Service Description: Log and Event Management.