Content Comparison

...

Armor Agent - Collecting Linux and Windows Standard Logs

Use the following commands to manage the Logging service - Filebeat and Winlogbeat (for Windows only). 

Install Logging:

Windows: C:\.armor\opt\armor.exe logging install
Linux: /opt/armor/armor logging install

Uninstall Logging:

Windows: C:\.armor\opt\armor.exe logging uninstall
Linux: /opt/armor/armor logging uninstall 

Logging Help

Windows: C:\.armor\opt\armor.exe logging help
Linux: /opt/armor/armor logging help

...

...

/opt/armor/armor logging add-file-paths <paths to file locations>           

...

 /opt/armor/armor logging remove-file-paths <paths to file locations>       

...

/opt/armor/armor logging describe-file-paths         

...

/opt/armor/armor logging sync-file-paths  

...

Add new paths to filebeat config

C:\.armor\opt\armor.exe logging add-file-paths <paths to file locations>

Remove paths from filebeat config

C:\.armor\opt\armor.exe logging remove-file-paths <paths to file locations> 

List added config paths

C:\.armor\opt\armor.exe logging describe-file-paths         

Sync filebeat config

C:\.armor\opt\armor.exe logging sync-file-paths  

Add winlogbeat event logs

C:\.armor\opt\armor.exe logging add-event-logs <add events>

Remove winlogbeat event logs

 C:\.armor\opt\armor.exe logging remove-event-logs <add events>

List Event logs

C:\.armor\opt\armor.exe logging describe-event-logs 

Sync event logs

C:\.armor\opt\armor.exe logging sync-event-logs

...

Command Usage:

armor logging command [arguments...]

The following arguments are possible parameters for the Logging CLI feature. This allows customers to manage filebeat modules on Virtual Machines.

...

• iis-enable
• apache-enable
• nginx-enable

...

Enables filebeat IIS/apache/nginx.  When run, module yml file will change from disabled state to enable state.

...

• iis-disable
• apache- disable
• nginx- disable

...

Disables Filebeat IIS/apache/nginx.  When run the module yml file will change from enable state to disable mode.

...

• iis-add-access-paths
• apache-add-access-paths
• nginx-add-access-paths

...

• iis-remove-access-paths 
• apache-remove-access-paths
• nginx-remove-access-paths

...

path1, path2, path3

...

Removes the argument paths in module yml file under the 'access_paths' section.

...

• iis-add-error-paths
• apache-add-error-paths
• nginx-add-error-paths

...

path1, path2, path3

...

Includes the argument paths in module yml file under the 'error_paths' section.

...

• iis-remove-error-paths
• apache-remove-error-paths
• nginx-remove-error-paths

...

path1, path2, path3

...

Removes the argument paths in module yml file under the 'error_paths' section. Removes the argument paths in module yml file under the 'error_paths' section.

...

• iis-sync-config
• apache-sync-config
• nginx-sync-config

...

• iis-describe-config
• apache-describe-config
• nginx-describe-config

...

The command displays current access & error paths which are configured in module yml file.

Users can add as many paths in a single command as needed by must be comma-separated.

• Linux example (multiple/one path):

  • /opt/armor/armor logging add-file-paths "/var/log/thing,/var/log/stuff/log,/path/to/log"

  • /opt/armor/armor logging add-file-paths /var/log/thing

• Windows example (multiple/one path):

  • C:\.armor\opt\armor.exe logging add-file-paths "C:\var\log\thing,D:\path\to\log"

  • C:\.armor\opt\armor.exe logging add-file-paths C:\var\log\thing

Examples: Below is example usage for logging apache and similarly for iis and ngix module.

Command Usage:

...