Have a suggestion for the Armor Knowledge Base?
Send a message to email@example.com.
This topic applies to Armor Complete and Armor Anywhere users.
You can use this document to learn about the basic, high-level steps needed to send additional log types to Armor, also known as remote log collection. To send these remote logs, you must obtain Log Relay.
Consider this document as pre-configuration document to verify that you can perform the required steps; additional, detailed instructions are available to help you navigate each step.
At a high level, you must:
- Obtain Log Relay
- Create a remote Log Relay
- Configure a remote Log Relay
Default Log Collection
By default, the Armor Agent collects the following logs for 30 days:
System Event Log
Security Event Log
Supported Remote Log Collection
Currently through Log Relay, Armor supports logs collection from the following remote devices:
- AWS CloudTrail
- AWS GuardDuty
- AWS WAF
- Cisco ASA
- Cisco ISR
For a detailed guide on how to obtain Log Relay, see Obtain Log Relay for Remote Log Collection.