|Home > Armor Anywhere - Product User Guide > Log Collector Service|
You can use the Log Collector feature to allow your instances to forward logs to the Armor Management Portal (AMP). Within AMP, Armor will securely store, review, and analyze supported log types.
While Log Collector is available to all Armor Anywhere users, there is a fee associated with sending and storing logs. For pricing information, please contact your Account Manager.
You must add the following firewall rules:
|Inbound / Outbound||Service / Purpose||Port||Destination|
|Outbound||Log Collector||5443/tcp||The IP address for your instance (log collector)|
|Outbound||Armor's logging service||5443/tcp|
|To learn more about firewall rules, see Requirements for Armor Anywhere.|
You must have the Write Virtual Machine permission included in your account in order to use Log Collector.
|To learn more about permissions, see Roles and permissions (Armor Anywhere).|
While Armor will collect and store most log types, currently, Armor will only analyze and correlate logs from FortiWeb and the Imperva WAF.
You can use these instructions to configure (convert) your instance into a log collecting device.
In order to convert your virtual machine into a log collector, you must have the Write Virtual Machine permission assigned to your account.
To learn more about permissions, see Roles and permissions (Armor Anywhere).
You can use the Log Collector screen to view and confirm that Armor is receiving your logs.
Review collected log data
The Log Volume graph displays the amount of logs that Armor is receiving.
If you remove the log collector feature from a virtual machine, Armor will still retain the collected logs.
If you do not see any data in the Log Collector screen, consider that: