Log Depot allows you t
You can use the Log Depot add-on product to send and store file-based application logs with Armor for 13 months. You can customize the type of logs.
customer-define OS logs
this product combines: core agent, api, amp and plicy mangemtn in amp
cloud logs from aws and azure
store all logs for 13 monts (not 90)
you can enable and ivew logs in amp
and customer can configure
configure and upload logs via CORE Agent equipped - cli
configure customer logs on OS
in the marketplace? NO
what are the new APIs?
does the global log search
you can use this scren to see how much storage you have used?
you can can send us 25/gb/month throughout as part of the base price. anything more is an extra price.
does sending new, updated data
Plain text file, can also be a log,
Log Depot allows you to store custom file logs, such as environment logs.
You can send
For this add-on product, Armor does not provide security analytics, parsing, or awareness of log content.
|The Log and Event Management subagent twill sync and update this screen every 15 minutes.|
You can filter by linux-logs, wineentlog, linux-log, and log-depot.
|/opt/armor/armor –help||Shows the Armor commands||Like all the available Armor commands? yes|
|/opt/armor/armor policy –help|
Shows the policy commands
This will show you policy filelogs or winlog (or event log)
there are two file tops
|/opt/armor/armor policy filelog –help|
Shows the policy filelog commands:
|/opt/armor/armor policy filelog add –help||Shows how to add the file path to Log Depot|
|/opt/armor/armor policy filelog add --path /var/log/dpkg.log --category platform --tags Ubuntu||Adds the file /var/log/dpkg.log to Log Depot|
this show you spcifcally how to add to log depot
|/opt/armor/armor policy sync||Manually sync the yml file so that it will start sending the newly added file to Log Depot|
|cat /etc/filebeat/filebeat.yml||You can observe the custom file has been added to the yml file here.|
To add a filelog
GET COMMAND LINE TO SEND AND STORE LOGS FROM JOSHUA
DO NOT INCLUDE PRICING INFORMATION
After you have received confirmation from Armor Support, you can send your logs via the command line.
Add link to Log Depot in Log Management service description. Service Description: Log and Event Management
Add this to the Service Description: Log and Event Management
Additionally, you can also send file-based logs, CloudTrail logs, and Azure Monitore logs to Armor for a 13-month storage.
in the Log Management screen, click On.
GFLOBAL LOG SEARCH in amp
SUE THE COMMAND LINE TO SORT HTE LOGS AND SEND TO armor
Provide a feature, at an extra charge, for customers to send any file-based, Cloud Trail, or Azure Monitor log they want to Armor for 13 months storage. This project does not include any kind of security analysis, parsing, or any awareness of log content, but it does include displaying the log in AMP. Log types include file-based application logs, Azure Monitor logs, and CloudTrail logs. This project does not impact how we currently analyze OS security logs.