Page tree

This topic only applies to Armor Anywhere users.

To fully use this screen, you must add the following permissions to your account:

  • Read LogManagement
  • Write LogManagement
  • Read Log Management Plan Selection
  • Write Log Management Plan Selection

Overview

You can use the Log & Data Management screen to:

  • View collected logs in the Search section
  • View the status of the logging subagent in the Sources section

By default, Armor collects and retains the following log types for 30 days:

CentOS/RHEL
Ubuntu/Debian
Windows

/var/log/secure

/var/log/messages

/var/log/audit.log

/var/log/audit/audit.log

/var/log/yum.log

/var/log/auth.log

/var/log/syslog

System Event Log

Security Event Log


Review default log retention plans

Plan nameLog retention rateDescription
Log Management Essentials30 days

This plan collects and stores your default log types for 30 days, which you can view in AMP.

By default, users are automatically subscribed to this plan.

To make sure that you do not pass the default log collection limit, Armor recommends that you review the:

  • Daily Log Storage Usage graph in the Summary section
  • Total Log Storage graph in the Retention Plan section
Compliance Professional13 months

This plan collects and stores your default log types for 13 months at an additional cost.

Logs from the previous 30 days are visible in AMP; however, to view logs older than 30 days, you must send a support ticket.

For existing virtual machines:

After you select this plan, existing virtual machines will not be automatically enrolled in this plan; you must update each virtual machine separately.

To learn more, see Upgrade log retention for existing virtual machines.

For future virtual machines:

After you select this plan, new virtual machines will be automatically enrolled in this plan.

To learn more, see Upgrade log retention for new virtual machines.


Upgrade default log retention for existing virtual machines

You can use these instructions to upgrade the default log retention rate for an existing virtual machine.  

In order to add and update your plan, you must have the following permissions assigned to your account: 

  • Read Log Management Plan Selection
  • Write Log Management Plan Selection
  • Read LogManagement 
  • Write LogManagement 
  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security
  2. Click Log & Data Management
  3. Click Sources
  4. Locate and hover over the desired virtual machine. 
  5. Click the vertical ellipses. 
  6. Select Upgrade Plan
  7. Review the pricing information, and then select Upgrade Local Storage Plan
  8. (Optional) Repeat these steps for additional existing virtual machines. 


Upgrade default log retention for new virtual machines 

You can use these instructions to update the default log retention plan for future virtual machines. In short, after you perform this step, any virtual machine you create afterwards will be automatically enrolled in the 13-month log retention plan. 

For pricing information, please contact your account manager.

Existing virtual machines will not be upgraded. To upgrade the log retention rate for existing virtual machines, you must update each existing virtual machine individually.

To learn more, see Upgrade log retention for existing virtual machines.

In order to add and update your plan, you must have the following permissions assigned to your account: 

  • Read Log Management Plan Selection
  • Write Log Management Plan Selection
  • Read LogManagement 
  • Write LogManagement 
  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security
  2. Click Log & Data Management
  3. Click Retention Plan
  4. For Compliance Professional, click Choose This
  5. Review the product information, and then click Select Plan.  
    • Now when you create a virtual machine, the machine will be automatically enrolled in this updated log retention plan. 
    • To learn how to create a virtual machine, see Virtual Machines.


Related documentation

To enhance the default Log and Data Management services, you can: