In order to use this feature, you must have the Write LogManagement permission assigned to your account.
You can use the Host Log Collector add-on product to securely store file-based application logs with Armor for 30 days or 13 months, based on your log retention plan.
Host Log Collector:
- Collects only single-line log formats.
- Does not provide security analysis, parsing, or awareness of log content.
- Can store up to 10,000 logs
- Can collect CloudTrail logs from AWS.
- For more information, see Collect and view CloudTrail logs in AMP.
At a high-level, to use Host Log Collector, you must:
- Order Host Log Collector
- Send logs to Armor
In some cases, the term Log Depot or Log Relay may be used instead of Host Log Collector.
For pricing information, please contact your account manager.
Order host log collector
Step 1: Add Host Log Collector
Use the Post Host Log Collector (Activate) API to add Host Log Collector to your account.
|Method / Type||POST|
|API call / URL||/log-management/log-depot/activate|
|Parameters||There are no parameters for this API call.|
|Full API call / URL|
|Sample 200 return|
Step 2: Send logs to Armor
Contact Armor Support to add a custom file path via a host log collector.
Review additional agent-related commands
Review the following table to better understand how to interact with the agent via the command line:
|armor -h||Displays the agent's help dialog|
|armor policy -h||Displays the agent's policy help dialog|
|armor policy filelog -h||Displays the agent's policy filelog help dialog|
|armor policy filelog add -h||Displays the agent's policy filelog add help dialog|
|armor policy filelog --add [path]||Adds a filebeat logging policy with the user-defined path, category, and tag(s).|
|armor policy add eventlog [name]||Adds a (Windows) eventlog logging policy with the user-defined path, category, and tag(s).|
|armor policy show||Displays command functionality and syntax available at the command line. "show" can be added to any level of command to help drive user input|
|armor policy sync||Synchronizes the local Armor CORE Agent with API services to pull down the latest policy version|
Troubleshoot Log Search section of the Log Management screen
If you do not see any data in the Search section of the Log & Data Management screen, consider that
- You did not order the Host Log Collector add-on product.
- You did not properly sync Host Log Collector to collect your log files.
- The selected date range does not contain any data.
- You do not have permission to view log data.