Overview

You can use the Log Depot add-on product to securely store file-based application logs with Armor for up to 13 months.

Within the Armor Management Portal (AMP), you can view logs from the previous 90 days. You can view these logs and overall storage usage in the Log Search section of the Log Management screen.  

Log Depot can help you meet compliance requirements.

For Log Depot, Armor does not provide security analysis, parsing, or awareness of log content.

Log Depot can only collect single-line log formats.

The Log and Event Management subagent will sync and update this screen every 15 minutes. 

Pricing information

Log Depot's prices are based on a subscription (base) charge and an overage (tiered) charge. 

The monthly subscription charge includes up to 25GB of storage. Additional storage above 25GB will be charged on a tiered level. 

Review the following charts to understand the pricing structure. 


SKU$/Month£/Month
Log Depot Base Subscription$200£155

$/GB Within Tier$/Completed Tier£/GB Within Tier£/Completed TierTier Discount
0GB - 25GB (Included in Base Subscription)Included in Base Subscription (is $8/GB)Included in Base Subscription ($200)Included in Base Subscription (is £6.20)Included in Base Subscription (£155)-
26GB - 50GB$7.6$380

£5.85

£294.5010%
51GB - 100GB$7.08$708£5.45£548.7018%
101GB - 250GB$6.48$1,620£4.98£1,255.5024%
251GB - 500GB$6.04$3,020£4.65£2,340.5030%
501GB - 1000GB$5.66$5,660£4.35£4,386.5034%
1001GB+$5.39n/a£3.92n/a36%



Order Log Depot

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
  2. Click Log Management
  3. Click Log Source
  4. Scroll to the bottom of the screen, and then click Activate Log Depot
  5. Review the product information, and then click Purchase
  6. After you begin the purchase process, you can start sending logs to Armor. 

Send logs to Armor


Windows users

To use these instructions, you must have You must have powershell admin access.

  1. Log into a server instance that contains the Armor Anywhere - Security Agent. 
  2. Stop the agent with the following command: 
  3. Run the agent policy command to add log policies. You can use the following command as an example: 
  4. Sync the agent's policy to the API with the following command:
  5. Restart the agent with the following command: 
  6. (Optional) To review any Log Depot files in AMP:
    1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
    2. Click Log Management
    3. Click Log Search

Linux users

To use these instructions, you must have sudo access. 

  1. Log into a server instance that contains the Armor Anywhere - Security Agent. 
  2. Stop the agent with the following command: 
  3. Run the agent policy command to add log policies. You can use the following command as example: 
  4. Sync the agent's policy to the API with the following command: 
  5. Restart the agent with the following command: 
  6. (Optional) To review any Log Depot files in AMP:
    1. In the Armor Management Portal (AMP), on the left-side navigation, click Security
    2. Click Log Management
    3. Click Log Search

Review additional agent-related commands

Troubleshoot Log Search section of the Log Management screen

If you do not see any data in the Log Search section of the Log Management screen, consider that



Read LogSearch

nstructions require sudo access in Linux or a powershell admin prompt in Windows.



The Customer must follow a simple workflow to add a log to Log Depot.

  1. Login to a server instance with the CORE Agent running
  2. Stop the CORE Agent 
    1. In Linux: service armor-agent stop
    2. In Windows: spsv armor-agent
  3. Run the CORE Agent's policy command to add, remove, or review log policies:
    1. Example for Linux: /opt/armor/armor policy filelog add --path /var/log/panopta-agent/* --category app --tags panopta,app1
    2. Example for Windows' filelog: C:\.armor\opt\armor policy filelog add --path C:\inetpub\logs\web1.log --category web --tags web1,iis
    3. See the below section for more functionality
  4. Sync the CORE Agent's policy to the API (or wait the 15 minutes for a policy sync)
    1. Example for Linux: /opt/armor/armor policy filelog sync
    2. Example for Windows' filelog: C:\.armor\opt\armor policy filelog sync
  5. Restart the CORE Agent
    1. In Linux: service armor-agent start
    2. In Windows: sasv armor-agent
  6. Review any Log Depot files within the AMP Log Management page's Log Search section

ARE THESE LINUX OR WINDOWS OR BOTH?

To send logs to Armor, you must use the Core Agent CLI


CATEGORIES ARE REQUIRED, BUT NOT TAGS


The following example is a sample request: /opt/armor/armor policy filelog add --path /var/log/dpkg.log --category platform --tags Ubuntu

TextDescription
/opt/armor/armor policy filelog addThe stadard script to
--path /var/log/dpkg.logThe location of the files
--category platformThe type of logs
--tags UbuntuIn the Log Search screen, you can search by tags.
  1. Run the following command: 


Additional commands

CommandDescription
/opt/armor/armor –helpThis command shows all the avaialble Armor commandsLike all the available Armor commands? yes
/opt/armor/armor policy –help

This command shows all the policy-related commands

This will show you policy filelogs or winlog (or event log)


there are two file tops

/opt/armor/armor policy filelog –help

Shows the policy filelog commands:

  • add     Adds a logfile(s) to be managed.
  • remove  Removes log(s) from being managed.
  • show    Show current logging policies
  • sync    Sync configuration from server.

 /opt/armor/armor policy filelog add –helpShows how to add the file path to Log Depot
/opt/armor/armor policy filelog add --path /var/log/dpkg.log --category platform --tags UbuntuAdds the file /var/log/dpkg.log to Log Depot

this show you spcifcally how to add to log depot

web

app

user

machien data

/opt/armor/armor policy syncManually sync the yml file so that it will start sending the newly added file to Log Depot
cat /etc/filebeat/filebeat.ymlYou can observe the custom file has been added to the yml file here.