You can use the Log & Data Management screen to:
- View collected logs in the Search section
- View the status of the logging subagent in the Sources section
By default, Armor collects and retains the following log types for 30 days:
System Event Log
Security Event Log
View log status and details
Upgrade log retention plan
Export log service status
You can export the logs that are displayed in the Armor Management Portal (AMP) to analyze offline or to provide to an auditor.
This file export will only contain logs from the previous 30 days.
- In the Armor Management Portal (AMP), in the left-side navigation, click Security.
- Click Log & Data Management.
- Click Log Sources.
- (Optional) Use the filter function to customize the data displayed.
- Under the table, click CSV.
- You have the option to export all data (All) or only the data that appears on the current screen (Current Set).
|Data Type||Data Detail|
|Vm Name||This data shows the name of the Armor Agent.|
|Last Log Date||This data shows the last date that Armor received logs. A blank entry indicates that the action has never taken place.|
|Vm Provider||This data shows if you are an Anywhere or Complete user. If Armor cannot determine your specific environment, such as AWS or Azure, then by default, this entry will say Anywhere.|
This data shows the virtual data center that hosts your data.
|Retention||This data shows how long the logs are stored in the Armor user interface.|
|Average Size||This data shows the average log size.|
This data shows the status of your Armor Agent.
Online - This status means the Armor Agent is active and has sent logs within the last hour.
Warning - This status means the previous 24-hour log volume has exceeded the 7-day moving average by 10% or more.
Critical - This status means the Armor Agent has not sent logs within the last hour.
Offline - This status means that the Armor Agent, and possibly the virtual machine, is offline.