Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 26 Next »

This topic only applies to Armor Anywhere users.

Overview

You can use the Log Collector feature to allow your instances to forward logs to the Armor Management Portal (AMP). Within AMP, Armor will securely store, review, and analyze supported log types. 

While Log Collector is available to all Armor Anywhere users, there is a fee associated with sending and storing logs. For pricing information, please contact your Account Manager.



Review requirements

Firewall rules

You must add the following firewall rules: 

Inbound / OutboundService / PurposePortDestination
OutboundLog Collector5443/tcpThe IP address for your instance (log collector)
OutboundArmor's logging service5443/tcp
To learn more about firewall rules, see Requirements for Armor Anywhere

Permissions

You must have the Write Virtual Machine permission included in your account in order to use Log Collector. 

To learn more about permissions, see Roles and permissions (Armor Anywhere)

Supported devices

While Armor will collect and store most log types, currently, Armor will only analyze and correlate logs from FortiWeb and the Imperva WAF. 


Add Log Collector

You can use these instructions to configure (convert) your instance into a log collecting device. 

In order to convert your virtual machine into a log collector, you must have the Write Virtual Machine permission assigned to your account.

To learn more about permissions, see Roles and permissions (Armor Anywhere).

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.
  2. Click Virtual Machines
  3. Locate and hover over the desired virtual machine. 
  4. Click the vertical ellipses. 
  5. Click Convert to Log Collector
  6. Review the product information, and then click Confirm

View collected logs

You can use the Log Collector screen to view and confirm that Armor is receiving your logs. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.
  2. Click Virtual Machines
  3. Locate and select the desired virtual machine. 
    • You will be taken to the Log Collector screen to view the Log Volume graph. 



Remove Log Collector

If you remove the log collector feature from a virtual machine, Armor will still retain the collected logs. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure
  2. Click Virtual Machines
  3. Locate and hover over the desired virtual machine. 
  4. Click the vertical ellipses. 
  5. Click Remove
  6. Click Remove Log Collector Services

Troubleshoot Log Collector 

If you do not see any data in the Log Collector screen, consider that:

  • Your instance is powered off.
    • To review the status of your instance, in the left-side navigation, click Infrastructure, and then click Virtual Machines
    • For more information, see Virtual Machines (Armor Anywhere)
  • You do not have permission to view and configure this screen.
    • You must have the Write Virtual Machine permission enabled. Contact your account administrator to enable these permissions. To learn how to update you permissions, see Roles and permissions (Armor Anywhere).






In this topic



Have a suggestion for the Armor Knowledge Base? Send a message to kb@armor.com.