Section | ||||||
---|---|---|---|---|---|---|
| ||||||
Section | ||||||
| ||||||
Section | ||||||
| ||||||
Section | ||||||
| ||||||
Section | ||||||
|
Section | ||||||
---|---|---|---|---|---|---|
| ||||||
|
id | 813136129 |
---|
What direction are you going with your cloud? Armor can ingest logs from services within AWS, Azure or Google Cloud Platform. In AWS, Armor can ingest logs from AWS CloudTrail, VPC Flow Logs, AWS WAF, and Amazon GuardDuty. In Azure, Network Security Group and Application Gateway flow logs can be ingested.
ARMOR LOG MANAGEMENT is ready to be configured to collect logs from the services below:
Section | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Note |
---|
To fully use this screen, you must add the following permissions to your account:
|
Anchor | ||||
---|---|---|---|---|
|
You can use the Log & Data Management screen to:
- View storage consumption in the Summary section
- View the status of the logging subagent in the Agent Sourcessection
- View the status and configure existing sources and add new sources in the External Sources section
- For documentation on adding or configuring external sources, click here
- View or change your storage plan in the Log Storage Plans section
By default, Armor collects and retains the following log types for 30 days:
CentOS/RHEL | Ubuntu/Debian | Windows |
---|---|---|
/var/log/secure /var/log/messages /var/log/audit.log /var/log/yum.log | /var/log/auth.log /var/log/syslog | System Event Log Security Event Log |
Using the Armor Management Portal (AMP)
...
Anchor | ||||
---|---|---|---|---|
|
You can use these instructions toreview the logging status of your virtual machines. Specifically, you can verify if your virtual machine is sending logs to Armor.
- In the Armor Management Portal (AMP), in the left-side navigation, click Security.
- Click Log & Data Management.
ClickAgent Sources.
Column | Description |
---|---|
Name | This column displays the name of the virtual machine or instance that contains the Armor agent. You can click a specific virtual machine to access theVirtual Machinesscreen. |
Type | This column displays if the virtual machine or instance has been converted to a log collecting device, also known as LogRelay. |
Last Log Received | This column displays the date and time when Armor last received a log. |
Retention Type | This column displays the length of time that Armor keeps logs. |
Average Size | This column displays the average size of the collected logs. |
Log Status | This column displays the status of the logging subagent.
|
Anchor | ||||
---|---|---|---|---|
|
Plan name | Log retention rate | Description | ||||
---|---|---|---|---|---|---|
Log Management Essentials | 30 days | This plan collects and stores your default log types for 30 days, which you can view in AMP. By default, users are automatically subscribed to this plan.
| ||||
Compliance Professional | 13 months | This plan collects and stores your default log types for 13 months at an additional cost. Logs from the previous 30 days are visible in AMP; however, to view logs older than 30 days, you must send a support ticket.
|
Anchor | ||||
---|---|---|---|---|
|
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
Info |
---|
For more information on log retention plans, see Review log retention plans. |
To learn how to submit a request to Armor Support, see Create a support ticket.
Review the following requirements before submitting your log extraction request to Armor Support.
Review Requirements
Requirement Type | Description |
---|---|
Supported Storage Methods | s3 bucket
Physical hard drive*
*Physical hard drive is for Private Cloud customers only |
Unsupported Storage Methods | Armor does not support the following storage methods:
|
Info | ||||||
---|---|---|---|---|---|---|
If you do not see any data in the Search section or the Sources section of the Log & Data Management screen, consider that:
If you cannot add or update your plan, consider that you do not have permission to update your plans. You must have the following permissions enabled:
|
Was this helpful?
Table of Contents | ||||
---|---|---|---|---|
|
Azure App Gateway
Azure Event Hubs
AWS WAF
AWS GuardDuty
AWS CloudTrail
WHAT IS CLOUD NATIVE?
Cloud Native services take advantage of cloud computing and are built using microservices. The use of microservices decentralizes applications, makes environments more stable and helps to limit the possibility of an application failure.
What direction are you going with your cloud? Armor can ingest logs from services within AWS, Azure or Google Cloud Platform. In AWS, Armor can ingest logs from AWS CloudTrail, VPC Flow Logs, AWS WAF, and Amazon GuardDuty. In Azure, Network Security Group and Application Gateway flow logs can be ingested.
ARMOR LOG MANAGEMENT is ready to be configured to collect logs from the services below: