Page tree

In This Space

Requirement TypeProduct CompatibilityDescription

Supported Devices 

  • Armor Complete
  • Armor Anywhere

You can only convert Linux machines that are in an OK state.

To learn more about the health status of a virtual machine, see Health Overview Dashboard or ANYWHERE Health Overview Dashboard


Additionally, Log Relay supports devices that do not have the Armor Anywhere agent, such as WAFs or next-generation firewalls. 

Pricing Information

  • Armor Complete

  • Armor Anywhere

While log collection is available to all users, there is a cost associated with sending and storing logs.

For pricing information, please contact your Account Manager. 

Permissions 

  • Armor Complete

  • Armor Anywhere

In order to use Log Relay, you must have the following permissions included in your account: 

  • Write Virtual Machine
  • Delete Log Management
  • Read Log Endpoints
  • Read Log Relays
  • Write Log Relays
  • Delete Log Relays
To learn more about permissions, see Roles and Permissions.

Log Retention Plan 

  • Armor Complete

  • Armor Anywhere

Armor Complete virtual machines that are converted to a log relay device will be automatically enrolled in the Compliance Professional plan.

This plan:

  • Collects and stores your logs for 13 months at an additional cost.
  • Provides certain HIPAA and PCI compliance.

For pricing information, please contact your Account Manager.


Armor Anywhere agents that are converted to a log relay device will retain the default Log Management Essentials plan subscription. This plan collects and stores your logs for 30 days.

Firewall Rules

  • Armor Anywhere

Armor Anywhere users must add the following generic firewall rules: 

Inbound / OutboundService / PurposePortDestination 
InboundLog Relay (Logstash)
  • 5140/udp
  • 5141/tcp
The IP address for your virtual machine
OutboundArmor's logging service (ELK)
  • 5443/tcp
  • 5400-5600/tcp (Reserved)
    • Armor reserves the right to utilize this port range for future expansion or service changes.

1c.log.armor.com

  • These endpoints are served by the Amazon Elastic Load Balancers. As a result, the actual endpoints will vary dynamically across Amazon's IP ranges.

The above-mentioned ports do not provide security analytics. To receive security analytics for logs from supported remote log devices, you must add additional firewall rules; these additional ports are described in the configuration documents listed in Step 4: Configure a remote log source (remote Log Relay).

For non-supported remote log sources, collected logs will not receive any security analytics. 

To learn more about firewall rules, see Requirements for Armor Anywhere

  • No labels

This page has no comments.