Knowledge Base
Page tree

Home > Armor Anywhere - Product User Guide > Create a remote log source - beta feature for Armor Anywhere

This topic only applies to Armor Anywhere users.

To fully use this screen, you must add the following permissions to your account:

  • Delete Log Management
  • Read Log Endpoints

This is a beta feature and is not available to all users.

Overview

You can use this document to add a remote log collector to a remote device (log source). 

This is a beta feature and is not available to all users.

To learn more, see: 












Step 1: Review compatible log source types and ciphers

Compatible log source types

 Click here to expand...

Although the following log types are available in AMP, not every log type will be subjected to Armor's full security process.

Syslog collection is a separate service. As a result, Syslog collection is shared responsibility between you and Armor. Syslog collection may be subject to additional costs. 

Log Source TypeProtocol
3Com 8800 Series Switch

Syslog

TLS Syslog

APC UPS

Syslog

TLS Syslog

Amazon AWS CloudTrailAmazon AWS S3 REST API
Ambiron TrustWave ipAngel Intrusion Prevention System (IPS)

Syslog

TLS Syslog

Apache HTTP Server

Syslog

TLS Syslog

Application Security DbProtect

Syslog

TLS Syslog

Arbor Networks Peakflow SP

Syslog

TLS Syslog

Arpeggio SIFT-IT

Syslog

TLS Syslog

Array Networks SSL VPN Access Gateways

Syslog

TLS Syslog

Aruba ClearPass Policy Manager

Syslog

TLS Syslog

Aruba Introspect

Syslog

TLS Syslog

Aruba Mobility Controller

Syslog

TLS Syslog

Avaya VPN Gateway

Syslog

TLS Syslog

Barracuda Spam & Virus Firewall

Syslog

TLS Syslog

Barracuda Web Application Firewall

Syslog

TLS Syslog

Barracuda Web Filter

Syslog

TLS Syslog

BeyondTrust PowerBroker

Syslog

TLS Syslog

Bit9 Security Platform

Syslog

TLS Syslog

Blue Coat SG Appliance

Syslog

TLS Syslog

BlueCat Networks Adonis

Syslog

TLS Syslog

Bridgewater Systems AAA Service Controller

Syslog

TLS Syslog

Brocade FabricOS

Syslog

TLS Syslog

CA ACF2

Syslog

TLS Syslog

CA SiteMinder

Syslog

TLS Syslog

CA Top Secret

Syslog

TLS Syslog

CRYPTOCard CRYPTOShield

Syslogs

TLS Syslog

Carbon Black

Syslog

TLS Syslog

Carbon Black Protection

Syslog

TLS Syslog

Centrify Infrastructure Services

Syslog

TLS Syslog

Check Point

Syslog

TLS Syslog

Cilasoft QJRN/400

Syslog

TLS Syslog

Cisco 12000 Series Routers

Syslog

TLS Syslog

Cisco 6500 Series Switches

Syslog

TLS Syslog

Cisco 7600 Series Routers

Syslog

TLS Syslog

Cisco ACE Firewall

Syslog

TLS Syslog

Cisco ACS

Syslog

TLS Syslog

Cisco Adaptive Security Appliance (ASA)

Syslog

TLS Syslog

Cisco Aironet

Syslog

TLS Syslog

Cisco CSA

Syslog

TLS Syslog

Cisco Call Manager

Syslog

TLS Syslog

Cisco Carrier Routing System

Syslog

TLS Syslog

Cisco CatOS for Catalyst Switches

Syslog

TLS Syslog

Cisco Cloud Web SecurityAmazon AWS S3 REST API
Cisco Firewall Services Module (FWSM)

Syslog

TLS Syslog

Cisco IOS

Syslog

TLS Syslog

Cisco Integrated Services Router

Syslog

TLS Syslog

Cisco IronPort

Syslog

TLS Syslog

Cisco Meraki

Syslog

TLS Syslog

Cisco NAC Appliance

Syslog

TLS Syslog

Cisco Nexus

Syslog

TLS Syslog

Cisco PIX Firewall

Syslog

TLS Syslog

Cisco Stealthwatch

Syslog

TLS Syslog

Cisco VPN 3000 Series Concentrator

Syslog

TLS Syslog

Cisco Wireless LAN Controllers

Syslog

TLS Syslog

Cisco Wireless Services Module (WiSM)

Syslog

TLS Syslog

Citrix Access Gateway

Syslog

TLS Syslog

Citrix NetScaler

Syslog

TLS Syslog

CloudLock Cloud Security Fabric

Syslog

TLS Syslog

CloudPassage Halo

Syslog

TLS Syslog

Cloudera Navigator

Syslog

TLS Syslog

Configurable Authentication message filter

Syslog

TLS Syslog

Configurable Firewall Filter

Syslog

TLS Syslog

CorreLog Agent for IBM zOS

Syslog

TLS Syslog

CrowdStrike Falcon Host

Syslog

TLS Syslog

Cyber-Ark Vault

Syslog

TLS Syslog

CyberArk Privileged Threat Analytics

Syslog

TLS Syslog

CyberGuard TSP Firewall/VPN

Syslog

TLS Syslog

DCN DCS/DCRS Series

Syslog

TLS Syslog

DG Technology MEAS

Syslog

TLS Syslog

Damballa Failsafe

Syslog

TLS Syslog

EMC VMWare

Syslog

TLS Syslog

ESET Remote Administrator

Syslog

TLS Syslog

Enterprise-IT-Security.com SF-Sherlock

Syslog

TLS Syslog

Epic SIEM

Syslog

TLS Syslog

Exabeam

Syslog

TLS Syslog

Extreme 800-Series Switch

Syslog

TLS Syslog

Extreme A2-Series

Syslog

TLS Syslog

Extreme A4-Series

Syslog

TLS Syslog

Extreme B2-Series

Syslog

TLS Syslog

Extreme B3-Series

Syslog

TLS Syslog

Extreme B5-Series

Syslog

TLS Syslog

Extreme C2-Series

Syslog

TLS Syslog

Extreme C3-Series

Syslog

TLS Syslog

Extreme C5-Series

Syslog

TLS Syslog

Extreme D2-Series

Syslog

TLS Syslog

Extreme Dragon Network IPS

Syslog

TLS Syslog

Extreme G3-Series

Syslog

TLS Syslog

Extreme HiGuard

Syslog

TLS Syslog

Extreme HiPath

Syslog

TLS Syslog

Extreme I3-Series

Syslog

TLS Syslog

Extreme Matrix E1 Switch

Syslog

TLS Syslog

Extreme Matrix K/N/S Series Switch

Syslog

TLS Syslog

Extreme NAC

Syslog

TLS Syslog

Extreme NetsightASM

Syslog

TLS Syslog

Extreme Networks ExtremeWare Operating System (OS)

Syslog

TLS Syslog

Extreme Stackable and Standalone Switches

Syslog

TLS Syslog

Extreme XSR Security Routers

Syslog

TLS Syslog

F5 Networks BIG-IP AFM

Syslog

TLS Syslog

F5 Networks BIG-IP APM

Syslog

TLS Syslog

F5 Networks BIG-IP ASM

Syslog

TLS Syslog

F5 Networks BIG-IP LTM

Syslog

TLS Syslog

F5 Networks FirePass

Syslog

TLS Syslog

Fair Warning

Syslog

TLS Syslog

Fidelis XPS

Syslog

TLS Syslog

FireEye

Syslog

TLS Syslog

Forcepoint Sidewinder

Syslog

TLS Syslog

Forcepoint V Series

Syslog

TLS Syslog

ForeScout CounterACT

Syslog

TLS Syslog

Fortinet FortiGate Security Gateway

Syslog

TLS Syslog

Foundry Fastiron

Syslog

TLS Syslog

FreeRADIUS

Syslog

TLS Syslog

Great Bay Beacon

Syslog

TLS Syslog

H3C Comware Platform

Syslog

TLS Syslog

H3C IP Security Devices

Syslog

TLS Syslog

H3C Routers

Syslog

TLS Syslog

H3C Switches

Syslog

TLS Syslog

H3C Wireless LAN Devices

Syslog

TLS Syslog

HBGary Active Defense

Syslog

TLS Syslog

HP Network Automation

Syslog

TLS Syslog

HP ProCurve

Syslog

TLS Syslog

Hewlett Packard UniX

Syslog

TLS Syslog

Honeycomb Lexicon File Integrity Monitor

Syslog

TLS Syslog

Huawei AR Series Router

Syslog

TLS Syslog

Huawei S Series Switch

Syslog

TLS Syslog

HyTrust CloudControl

Syslog

TLS Syslog

IBM AIX Audit

Syslog

TLS Syslog

IBM AIX Server

Syslog

TLS Syslog

IBM Bluemix Platform

Syslog

TLS Syslog

IBM CICS

Syslog

TLS Syslog

IBM DB2

Syslog

TLS Syslog

IBM DataPower

Syslog

TLS Syslog

IBM Federated Directory Server

Syslog

TLS Syslog

IBM Guardium

Syslog

TLS Syslog

IBM IMS

Syslog

TLS Syslog

IBM QRadar Network Security XGS

Syslog

TLS Syslog

IBM QRadar Packet Capture

Syslog

TLS Syslog

IBM Resource Access Control Facility (RACF)

Syslog

TLS Syslog

IBM SAN Volume Controller

Syslog

TLS Syslog

IBM Security Access Manager for Enterprise Single Sign-On

Syslog

TLS Syslog

IBM Security Access Manager for Mobile

Syslog

TLS Syslog

IBM Security Directory Server

Syslog

TLS Syslog

IBM Security Network IPS (GX)

Syslog

TLS Syslog

IBM Security Trusteer Apex Advanced Malware Protection

Syslog

TLS Syslog

IBM Tivoli Access Manager for e-business

Syslog

TLS Syslog

IBM WebSphere Application Server

Syslog

TLS Syslog

IBM i

Syslog

TLS Syslog

IBM z/OS

Syslog

TLS Syslog

IBM zSecure Alert

Syslog

TLS Syslog

ISC BIND

Syslog

TLS Syslog

Illumio Adaptive Security Platform

Syslog

TLS Syslog

Imperva Incapsula

Syslog

TLS Syslog

Imperva SecureSphere

Syslog

TLS Syslog

Infoblox NIOS

Syslog

TLS Syslog

Itron Smart Meter

Syslog

TLS Syslog

Juniper DX Application Acceleration Platform

Syslog

TLS Syslog

Juniper EX-Series Ethernet Switch

Syslog

TLS Syslog

Juniper Junos OS Platform

Syslog

TLS Syslog

Juniper Junos WebApp Secure

Syslog

TLS Syslog

Juniper M Series Multiservice Edge Routing

Syslog

TLS Syslog

Juniper MX Series Ethernet Services Router

Syslog

TLS Syslog

Juniper Networks Firewall and VPN

Syslog

TLS Syslog

Juniper Networks Infranet Controller

Syslog

TLS Syslog

Juniper Networks Intrusion Detection and Prevention (IDP)

Syslog

TLS Syslog

Juniper Networks Network and Security Manager

Syslog

TLS Syslog

Juniper SRX Series Services Gateway

Syslog

TLS Syslog

Juniper Steel-Belted Radius

Syslog

TLS Syslog

Juniper T Series Core Platform

Syslog

TLS Syslog

Juniper WirelessLAN

Syslog

TLS Syslog

Juniper vGW

Syslog

TLS Syslog

Kaspersky Security Center

Syslog

TLS Syslog

Kaspersky Threat Feed Service

Syslog

TLS Syslog

Lastline Enterprise

Syslog

TLS Syslog

Lieberman Random Password Manager

Syslog

TLS Syslog

LightCyber Magna

Syslog

TLS Syslog

Linux DHCP Server

Syslog

TLS Syslog

Linux OS

Syslog

TLS Syslog

Linux iptables Firewall

Syslog

TLS Syslog

Mac OS X

Syslog

TLS Syslog

McAfee Network Security Platform

Syslog

TLS Syslog

McAfee Web Gateway

Syslog

TLS Syslog

Metainfo MetaIP

Syslog

TLS Syslog

Microsoft Azure

Syslog

TLS Syslog

Microsoft DHCP Server

Syslog

TLS Syslog

Microsoft DNS Debug

Syslog

TLS Syslog

Microsoft Exchange Server

Syslog

TLS Syslog

Microsoft Hyper-V

Syslog

TLS Syslog

Microsoft IAS Server

Syslog

TLS Syslog

Microsoft IIS

Syslog

TLS Syslog

Microsoft ISA

Syslog

TLS Syslog

Microsoft SQL Server

Syslog

TLS Syslog

Microsoft SharePoint

Syslog

TLS Syslog

Microsoft Windows Security Event Log

Syslog

TLS Syslog

Motorola SymbolAP

Syslog

TLS Syslog

NCC Group DDos Secure

Syslog

TLS Syslog

Name Value Pair

Syslog

TLS Syslog

NetApp Data ONTAP

Syslog

TLS Syslog

Niksun 2005 v3.5

Syslog

TLS Syslog

Nominum Vantio

Syslog

TLS Syslog

Nortel Application Switch

Syslog

TLS Syslog

Nortel Contivity VPN Switch

Syslog

TLS Syslog

Nortel Ethernet Routing Switch 2500/4500/5500

Syslog

TLS Syslog

Nortel Ethernet Routing Switch 8300/8600

Syslog

TLS Syslog

Nortel Multiprotocol Router

Syslog

TLS Syslog

Nortel Secure Network Access Switch (SNAS)

Syslog

TLS Syslog

Nortel Secure Router

Syslog

TLS Syslog

Nortel Switched Firewall 5100

Syslog

TLS Syslog

Nortel Switched Firewall 6000

Syslog

TLS Syslog

Nortel Threat Protection System (TPS) Intrusion Sensor

Syslog

TLS Syslog

Nortel VPN Gateway

Syslog

TLS Syslog

Novell eDirectory

Syslog

TLS Syslog

OSSEC

Syslog

TLS Syslog

Onapsis Inc Onapsis Security Platform

Syslog

TLS Syslog

OpenBSD OS

Syslog

TLS Syslog

Oracle Acme Packet SBC

Syslog

TLS Syslog

Oracle Database Listener

Syslog

TLS Syslog

Oracle RDBMS Audit Record

Syslog

TLS Syslog

Oracle RDBMS OS Audit Record

Syslog

TLS Syslog

Palo Alto Endpoint Security Manager

Syslog

TLS Syslog

Palo Alto PA Series

Syslog

TLS Syslog

PostFix MailTransferAgent

Syslog

TLS Syslog

ProFTPD Server

Syslog

TLS Syslog

Proofpoint Enterprise Protection/Enterprise Privacy

Syslog

TLS Syslog

Pulse Secure Pulse Connect Secure

Syslog

TLS Syslog

RSA Authentication Manager

Syslog

TLS Syslog

Radware AppWall

Syslog

TLS Syslog

Radware DefensePro

Syslog

TLS Syslog

Redback ASE

Syslog

TLS Syslog

SSH CryptoAuditor

Syslog

TLS Syslog

STEALTHbits StealthINTERCEPT

Syslog

TLS Syslog

STEALTHbits StealthINTERCEPT Alerts

Syslog

TLS Syslog

STEALTHbits StealthINTERCEPT Analytics

Syslog

TLS Syslog

SafeNet DataSecure/KeySecure

Syslog

TLS Syslog

Samhain HIDS

Syslog

TLS Syslog

Sentrigo Hedgehog

Syslog

TLS Syslog

Skyhigh Networks Cloud Security Platform

Syslog

TLS Syslog

Snort Open Source IDS

Syslog

TLS Syslog

Solaris BSM

Syslog

TLS Syslog

Solaris Operating System Authentication Messages

Syslog

TLS Syslog

Solaris Operating System DHCP Logs

Syslog

TLS Syslog

Solaris Operating System Sendmail Logs

Syslog

TLS Syslog

SonicWALL SonicOS

Syslog

TLS Syslog

Sophos Astaro Security Gateway

Syslog

TLS Syslog

Sophos Web Security Appliance

Syslog

TLS Syslog

Squid Web Proxy

Syslog

TLS Syslog

Starent Networks Home Agent (HA)

Syslog

TLS Syslog

Stonesoft Management Center

Syslog

TLS Syslog

Symantec DLP

Syslog

TLS Syslog

Symantec Encryption Management Server

Syslog

TLS Syslog

Symantec Endpoint Protection

Syslog

TLS Syslog

Symantec Gateway Security (SGS) Appliance

Syslog

TLS Syslog

ThreatGRID Malware Threat Intelligence Platform

Syslog

TLS Syslog

TippingPoint Intrusion Prevention System (IPS)

Syslog

TLS Syslog

TippingPoint X Series Appliances

Syslog

TLS Syslog

Top Layer IPS

Syslog

TLS Syslog

Trend InterScan VirusWall

Syslog

TLS Syslog

Trend Micro Deep Discovery Analyzer

Syslog

TLS Syslog

Trend Micro Deep Discovery Email Inspector

Syslog

TLS Syslog

Trend Micro Deep Discovery Inspector

Syslog

TLS Syslog

Trend Micro Deep Security

Syslog

TLS Syslog

Tripwire Enterprise

Syslog

TLS Syslog

Tropos Control

Syslog

TLS Syslog

Universal CEF

Syslog

TLS Syslog

Universal LEEF

Syslog

TLS Syslog

VMware vCenter

Syslog

TLS Syslog

VMware vShield

Syslog

TLS Syslog

Vectra Networks Vectra

Syslog

TLS Syslog

Venustech Venusense Firewall

Syslog

TLS Syslog

Venustech Venusense Network Intrusion Prevention System

Syslog

TLS Syslog

Venustech Venusense Security Platform

Syslog

TLS Syslog

Venustech Venusense Unified Threat Management

Syslog

TLS Syslog

Verdasys Digital Guardian

Syslog

TLS Syslog

Vericept Content 360

Syslog

TLS Syslog

Vormetric Data Security

Syslog

TLS Syslog

WatchGuard Fireware OS

Syslog

TLS Syslog

Zscaler Nss

Syslog

TLS Syslog

genua genugate

Syslog

TLS Syslog

iT-CUBE agileSI

Syslog

TLS Syslog

Supported ciphers

  • TLS_RSA_WITH_AES_128_CBC_SHA
    • This is the mandatory cipher.
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Step 2: Configure your log source



Step 3: Create a remote log source in AMP

There are three options: 

  • Create a remote log source for a non-AWS environment
  • Create a remote log source for an AWS environment
  • Create a remote log source to collect Windows logs

Option 1: Create a remote log source for a non-AWS environment 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.
  2. Click Log & Data Management.
  3. Click Log Relay Source.
  4. Click the plus ( + ) sign. 
    • If you do not have any log sources already created, then click Add a New Log Source
  5. Complete the missing fields:
    1. In Endpoint, select the available Armor Endpoint.  
    2. In Log Source Type, select the type of log source. 
    3. In Hostname, enter the system hostname that matches the system for log collection.
      1. The hostname is case-sensitive and must match the exact same letters casing as the logs that are sent into this log source.
    4. In Protocol, based on your selection in Log Source Type, select the available protocol.
  6. Click Save Log Source.

Option 2: Create a remote log source for an AWS environment

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.
  2. Click Log & Data Management.
  3. Click Log Relay Source.
  4. Click the plus ( + ) sign. 
    • If you do not have any log sources already created, then click Add a New Log Source
  5. Complete the missing fields:
    1. In Endpoint, select the available Armor Endpoint.
    2. In Log Source Type, select Amazon AWS CloudTrail.
    3. In Hostname, enter the system hostname that matches the system for log collection.
      1. The hostname is case-sensitive and must match the exact same letters casing as the logs that are sent into this log source.
    4. In Protocol, based on your selection in Log Source Type, select the available protocol.
    5. In Account Number, enter your AWS account number, including any zero (0) prefix. 
    6. In Region, select the region for your virtual machine.  
  6. Click Save Log Source.
  7. In the Sources screen, refresh the screen until the log source reaches an Online status. 
  8. Access the AWS console.
  9. In AWS console, under Management & Governance, click CloudTrail
  10. In the left-side navigation, click Trails
  11. Click Create Trail
  12. In Trail name, enter a descriptive name for your trail. 
  13. Under Storage location, for Create a new S3 bucket, mark No
  14. In the S3 bucket drop-down menu, select logs.armor.com.
  15. Click Create

Option 3: Create a remote log source to collect Windows logs

Armor does not support the managed deployment of the WinCollect platform. Armor Support will not deliver any registrations keys to use with the WinCollect agents. As a result, you can use the following instructions as basic guidance.

Armor officially supports Windows instances through one Wincollect agent per instance of Windows.   

Although WinCollect supports event collection from multiple sources, the Armor API will still require a log source to be created per Windows system. 

  1. Download and install the agent.
    • In this step, two files will be added to your local machine, including the WinCollect Stanadlone Patch installer. This GUI installer can be used to directly configured the WinCollect instance, as well as pull logs from other Windows system. (This process is not supported by Armor.)
  2. In the Armor Management Portal (AMP), in the left-side navigation, click Security.
  3. Click Log & Data Management.
  4. Click Log Relay Source.
  5. Click the plus ( + ) sign. 
    • If you do not have any log sources already created, then click Add a New Log Source
  6. Complete the missing fields:
    1. In Endpoint, select the available Armor Endpoint.
    2. In Log Source Type, select Microsoft Windows Security Event Log
    3. In Hostname, enter the system hostname that matches the system for log collection.
      1. The hostname is case-sensitive and must match the exact same letters casing as the logs that are sent into this log source.
    4. In Protocol, based on your selection in Log Source Type, select the available protocol.
  7. Click Save Log Source.
  8. In the Sources screen, refresh the screen until the log source reaches an Online status. 
  9. In your local machine, launch the WinCollect Configuration Utility GUI. 
  10. In the left-side window, next to Destinations, click the ( + ) icon. 
  11. Click Syslog TCP
  12. In the top, right menu, click Add New Destination
  13. Enter a descriptive name, such as Armor Defense Inc TLS, and then click Ok
    • The properties screen will appear. 
  14. Enter the fully qualified domain name (FQDN) for the event collector. 
  15. Enter the port that was allocated for your Windows Event Log source. 
  16. Configure a throttle limit, such as 500 EPS.
  17. Click Deploy Changes to save. 
  18. In the left-side window, under Devices, right-click Microsoft Windows Event Log
  19. Click Add New Device
  20. Enter a descriptive name for your log source, such as the system name of your Windows host. 
  21. In Device Address, enter the local system hostname for the logs to be collected. 
  22. In Security, mark the box. 
  23. (Optional) For a DNS Active Directory or File Replication server, make the corresponding box. 
  24. In Destinations, click Add
  25. Select the name of destination you previously created, and then click Ok
  26. In the top, right menu, click Deploy Changes


To use the command prompt:

  1. Gather the following information:
    • Hostname
    • Armor Collector FQDN
    • Armor Log Source Port
    • Windows Services Hosted by System
      • Active Directory Collector
      • DNS Server
      • File Replication Service
  2. Download and install the agent.
  3. Right-click the WinCollect agent installation file, and then select Run as administrator.
  4. Enter the following information into your command prompt:
    • wincollect-<version_number>.x86.exe /s /v"/qn INSTALLDIR=\"C:\Program Files \IBM\WinCollect\" HEARTBEAT_INTERVAL=6000 LOG_SOURCE_AUTO_CREATION_ENABLED= True LOG_SOURCE_AUTO_CREATION_PARAMETERS=""Component1.AgentDevice= DeviceWindowsLog&Component1.Action=create&Component1.LogSourceName= <hostname>&Component1.LogSourceIdentifier= <Armor_Collector_FQDN>&Component1.Dest.Name=QRadar&Component1 .Dest.Hostname=<Armor_Collector_FQDN>&Component1.Dest.Port= <armor_port>&Component1.Dest.Protocol=TCP&Component1.Log.Security=true&Component1 .Log.System=true&Component1.Log.Application=false &Component1.Log.DNS+Server=false&Component1.Log.File+Replication+ Service=false&Component1.Log.Directory+Service=false&Component1. RemoteMachinePollInterval=3000&Component1.EventRateTuningProfile=High+ Event+Rate+Server&Component1.MinLogs ToProcessPerPass=1250&Component1.MaxLogsToProcessPerPass=1875"""

View existing remote log sources

You can use these instructions to view existing remote log sources. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Log & Data Management.

  3. Click Sources.

Column

Description

Hostname

This column displays the hostname that was created in AMP.

Type

This column displays the log source type, such as Amazon AWS CloudTrail.

State

This column displays if the log source is in a Pending or Online status.

Endpoint

This column displays the corresponding endpoint for the log source.

Protocol/Port

This column displays the protocol, such as TLS Syslog or Syslog.

Last Event

This column displays the last log message that Armor received. There may be a five-minute delay between when Armor receives this information versus when this information is displayed in AMP.

View existing endpoints

You can use these instructions to view existing endpoints.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.
  2. Click Log & Data Management.
  3. Click Endpoint.
ColumnDescription
HostnameThis column displays the hostname that was created in AMP.
State

This column displays the possible states of an endpoint, which can be:

  • Pending
  • Online
  • Error
  • Deleted
Public IPThis column displays the public IP address that corresponds to the endpoint.
Private IPThis column displays the private IP address that corresponds to the endpoint.
Software Version

This column displays the version of the software installed on the endpoint.


Last EventThis column displays the last log message that Armor received. There may be a five-minute delay between when Armor receives this information versus when this information is displayed in AMP.