Page tree


Knowledge Base



Feedback


Have a suggestion for the Armor Knowledge Base?

Send a message to
kb@armor.com.









This topic applies to Armor Complete and Armor Anywhere users. 

Overview

You can use this document to learn about the basic, high-level steps needed to send additional log types to Armor, also known as remote log collection. To send these remote logs, you must obtain Log Relay

Consider this document as pre-configuration document to verify that you can perform the required steps; additional, detailed instructions are available to help you navigate each step. 

At a high level, you must: 

  • Obtain Log Relay
  • Create a remote Log Relay
  • Configure a remote Log Relay

Default Log Collection

By default, the Armor Agent collects the following logs for 30 days: 

CentOS/RHELUbuntu/DebianWindows

/var/log/secure

/var/log/messages

/var/log/audit.log

/var/log/audit/audit.log

/var/log/yum.log

/var/log/auth.log

/var/log/syslog

System Event Log

Security Event Log

Supported Remote Log Collection

Currently through Log Relay, Armor supports logs collection from the following remote devices: 

  • AWS CloudTrail
  • AWS GuardDuty
  • AWS WAF
  • Cisco ASA
  • Cisco ISR 
  • Juniper

Additional Documentation

For a detailed guide on how to obtain Log Relay, see Obtain Log Relay for Remote Log Collection.