| Insert excerpt |
|---|
| ESLP:Armor Complete users (snippet) |
|---|
| ESLP:Armor Complete users (snippet) |
|---|
| nopanel | true |
|---|
|
| Note |
|---|
In order to use this document, you must have the Write LogManagement permission assigned to your account. |
You can use the Log Relay add-on product to securely store file-based application logs with Armor for 30 days or 13 months, based on your log retention plan.
Log Relay
...
- Collects only single-line log formats.
- Does not provide security analysis, parsing, or awareness of log content.
- Can store up to 10,000 logs
...
| Method / Type | POST |
|---|
| API call / URL | /log-management/log-depot/activate |
|---|
| Parameters | There are no parameters for this API call. |
|---|
| Full API call / URL | | Code Block |
|---|
| POST https://api.armor.com/log-management/log-depot/activate |
|
|---|
| Sample 200 return | | Code Block |
|---|
| {
"accountId": 0,
"modifiedByUserId": 0,
"modifiedDate": "2017-10-23T16:35:13.540Z",
"isEnabled": true
} |
|
|---|
...
| Excerpt |
|---|
|
Option 1: For Windows users To use these instructions, you must have powershell admin access. - Log into the server instance that contains the Armor agent.
- Stop the agent with the following command:
- Run the agent policy command to add log policies. You can use the following commands as an example:
- Sync the agent's policy to the API with the following command:
- C:\.armor\opt\armor policy filelog sync
- Restart the agent with the following command:
- (Optional) To review any collected host log files:
- In the Armor Management Portal (AMP), on the left-side navigation, click Security.
- Click Log & Data Management.
- Click Search.
- Use the filter function to select Log Relay.
Option 2: For Linux users To use these instructions, you must have sudo access. | Note |
|---|
Review the following example to understand how to send logs to Armor: /opt/armor/armor policy filelog add --path /var/log/dpkg.log --category platform --tags Ubuntu | Text | Description |
|---|
| /opt/armor/armor policy filelog add | Base script | | --path /var/log/dpkg.log | The location of the files. | | --category platform | The type (category) of logs. You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web. | | --tags Ubuntu | In the Search screen, you can search by tags. Tags are optional. |
|
- Log into a server instance that contains the Armor agent.
- Stop the agent with the following command:
- Run the agent policy command to add log policies. You can use the following command as example:
- /opt/armor/armor policy filelog add --path /var/log/app.log --category app --tags app,app1
- Category is required. You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web.
- Tags are optional.
- Sync the agent's policy to the API with the following command:
- /opt/armor/armor policy filelog sync
- Restart the agent with the following command:
- service armor-agent start
- (Optional) To review any collected host log files::
- In the Armor Management Portal (AMP), on the left-side navigation, click Security.
- Click Log & Data Management.
- Click Search.
- Use the filter function to select Log Relay.
|
| Anchor |
|---|
| Review additional agent-related commands |
|---|
| Review additional agent-related commands |
|---|
|
Review Additional Agent-...
Related Commands
...
Review the following table to better understand how to interact with the agent via the command line:
...