To fully use this screen, you must add the following permissions to your account:
You can use the Log & Data Management screen to:
By default, Armor collects and retains the following log types for 30 days:
System Event Log
Security Event Log
To learn how to upgrade your default log collection plan, see Review log retention plans.
The Armor Management Portal (AMP) only displays logs from the previous 30 days.
|Date||This column displays the date and time when Armor received the corresponding log.|
|Source||This column displays the name of the virtual machine that generated the log.|
|Message||This column displays the specific log message.|
To better understand how to perform successful searches, consider the following sample log message:2019-04-08T18:46:09Z INFO No non-zero metrics in the last 30s
In a log message, spaces between words indicates a separate search term. For instance, there are no spaces in 2019-04-08T18:46:09Z. As a result, 2019-04-08T18:46:09Z is considered one search term. In this example, to search for dates, you must enter the complete and exact date; you cannot perform searches with partial search terms, such as 2019-04.
You can use these instructions to review the logging status of your virtual machines. Specifically, you can verify if your virtual machine is sending logs to Armor.
This column displays the name of the virtual machine or instance that contains the Armor agent.
You can click a specific virtual machine to access the Virtual Machines screen.
|Type||This column displays if the virtual machine or instance has been converted to a log collecting device, also known as Log Relay.|
|Last Log Received||This column displays the date and time when Armor last received a log.|
This column displays the length of time that Armor keeps logs.
|Average Size||This column displays the average size of the collected logs.|
This column displays the status of the logging subagent.
|Plan name||Log retention rate||Description|
|Log Management Essentials||30 days|
This plan collects and stores your default log types for 30 days, which you can view in AMP.
By default, users are automatically subscribed to this plan.
|Compliance Professional||13 months|
This plan collects and stores your default log types for 13 months at an additional cost.
Logs from the previous 30 days are visible in AMP; however, to view logs older than 30 days, you must send a support ticket.
You can use these instructions to update the default log retention plan for future virtual machines. In short, after you perform this step, any virtual machine you create afterwards will be automatically enrolled in the 13-month log retention plan.
For pricing information, please contact your account manager.
Existing virtual machines will not be upgraded. To upgrade the log retention rate for existing virtual machines, you must update each existing virtual machine individually.
To learn more, see Upgrade log retention for existing virtual machines.
Search section or Sources section
If you do not see any data in the Search section or the Sources section of the Log & Data Management screen, consider that:
Retention Plan section
If you cannot add or update your plan, consider that you do not have permission to update your plans. You must have the following permissions enabled:
To learn how to collect and send additional log types to AMP, see Introduction to Log Relay.