Page tree

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.
  2. Click Log & Data Management.
  3. Click Log Relay Source.
  4. Click the plus ( + ) sign. 
    • If you do not have any log sources already created, then click Add a New Log Source
  5. Complete the missing fields:
    1. In Endpoint, select the available Armor Endpoint.
    2. In Log Source Type, select Amazon AWS CloudTrail.
    3. In Hostname, enter the system hostname that matches the system for log collection.
      1. The hostname is case-sensitive and must match the exact same letters casing as the logs that are sent into this log source.
    4. In Protocol, based on your selection in Log Source Type, select the available protocol.
    5. In Account Number, enter your AWS account number, including any zero (0) prefix. 
    6. In Region, select the region for your virtual machine.  
  6. Click Save Log Source.
  7. In the Sources screen, refresh the screen until the log source reaches an Online status. 
  8. Access the AWS console.
  9. In AWS console, under Management & Governance, click CloudTrail
  10. In the left-side navigation, click Trails
  11. Click Create Trail
  12. In Trail name, enter a descriptive name for your trail. 
  13. Under Storage location, for Create a new S3 bucket, mark No
  14. In the S3 bucket drop-down menu, select logs.armor.com.
  15. Click Create