...
...
...
...
...
...
...
...
...
| Section |
|---|
| background-color | $lightGrayColor |
|---|
| id | 229905116 |
|---|
|
Topics Discussed |
...
You can use this document to learn about the specific, high-level steps needed to obtain Log Relay, and send additional log types to Armor's Security Information & Event Management (SIEM).
| Insert excerpt |
|---|
| ESLP:Permissions for Log Relay and Remote Log Collection (snippet) |
|---|
| ESLP:Permissions for Log Relay and Remote Log Collection (snippet) |
|---|
| nopanel | true |
|---|
|
| Note |
|---|
Before you begin: For Armor's private cloud users, you must already have a virtual machine in your account For Armor Anywhere users, you must already have downloaded and installed the Armor Agent. |
| Note |
|---|
For introductory information on Log Relay, see Introduction to Log Relay. |
Review Requirements
...
| Insert excerpt |
|---|
| ESLP:Log Relay Requirements (snippet) |
|---|
| ESLP:Log Relay Requirements (snippet) |
|---|
| nopanel | true |
|---|
|
| Anchor |
|---|
| obtain log relay |
|---|
| obtain log relay |
|---|
|
Obtain Log Relay
...
| Note |
|---|
When you convert a virtual machine into a Log Relay device, your virtual machine / device will still contain the default Armor Agent components, such as FIM, Malware, Patching, etc. |
| Expand |
|---|
| title | Option 1: For Armor Anywhere Users |
|---|
|
- In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.
- Click Virtual Machines.
- Locate and hover over the desired virtual machine.
- Click the vertical ellipses.
- Click Convert to Log Relay.
 Image Modified
- Review pricing information, and then click Convert VM to Log Relay.
 Image Modified - You will be redirected to the Virtual Machines screen.
- Under Type, the virtual machine will be labeled as Log Relay. (By default, the Armor agent will update the virtual machine within 15 minutes.)
 Image Modified
|
| Expand |
|---|
| title | Option 2: For Armor Complete Users |
|---|
|
Use the PUT Assign Log Collector API call to add Log Relay to your account. | Note |
|---|
In some cases, the terms Log Depot, Host Log Collector, or Log Relay may be used interchangeably. |
| Method / Type | PUT |
|---|
| API Call / URL | /vms/core/{coreInstanceId}/profile |
|---|
| Parameters | You must enter your virtual machine's coreInstanceId. | Note |
|---|
To locate this ID, in AMP, access the Virtual Machine screen, click the desired virtual machine to expand, and then copy the Agent ID. The Agent ID is a combination of numbers and letters.  Image Modified |
|
|---|
| Full API Call / URL | | Code Block |
|---|
| PUT https://api.armor.com//vms/core/1gfh39d-hdd78-dhd73-434/profile |
|
|---|
- Contact Armor Support to add a custom file path via a host log collector.
|
After you have converted your virtual machine into a Log Relay device, see Create and Configure Remote Log Sources to learn how to create and configure a remote log source.
| Info |
|---|
TroubleshootingIn general, if you are having issues adding Log Relay to a remote log device, consider that: You need to update your permissions in AMP. - In AMP, you must have the following permissions added to your account:
- Write Virtual Machine
- Delete Log Management
- Read Log Endpoints
- Read Log Relays
- Write Log Relays
Delete Log Relays
|
| Note |
|---|
To add the above-mentioned AMP permissions to your account, see Roles and Permissions. |
Was this helpful?
Topics Discussed
