Page Comparison

...

You can use the Log Relay add-on product to securely store file-based application logs with Armor for 30 days or 13 months, based on your log retention plan. 

...

At a high-level, to use Log Relay, you must: 

...

...

...

Host Log Collector's prices are based on a subscription (base) charge and an overage (tiered) charge. 

The monthly subscription charge includes up to 25GB of storage. Additional storage above 25GB will be charged on a tiered level. 

Review the following table to understand the pricing structure:

...

Use the Post Host Log Collector (Activate) API to add Host Log Collector to your account. 

...

POST https://api.armor.com/log-management/log-depot/activate

...

{
  "accountId": 0,
  "modifiedByUserId": 0,
  "modifiedDate": "2017-10-23T16:35:13.540Z",
  "isEnabled": true
}

...

...

1. Contact Armor Support to add a custom file path via a host log collector.

...

Option 1: For Windows users

To use these instructions, you must have powershell admin access.

1. Log into the server instance that contains the Armor agent.
2. Stop the agent with the following command: 
   • spsv armor-agent
3. Run the agent policy command to add log policies. You can use the following commands as an example: 

   • For filelog type, run C:\.armor\opt\armor policy filelog add --path C:\inetpub\logs\web1.log --category web --tags web1,iis

   • For eventlog type, run C:\.armor\opt\armor policy eventlog add --name Application --category app --tags app
   • Category is required. You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web. 
   • Tags are optional. 
4. Sync the agent's policy to the API with the following command:
   • C:\.armor\opt\armor policy filelog sync
     
5. Restart the agent with the following command: 
   • sasv armor-agent
6. (Optional) To review any collected host log files:
   1. In the Armor Management Portal (AMP), on the left-side navigation, click Security. 
   2. Click Log & Data Management. 
   3. Click Search. 
   4. Use the filter function to select Log Relay. 

Option 2: For Linux users

To use these instructions, you must have sudo access. 

...

Review the following example to understand how to send logs to Armor: /opt/armor/armor policy filelog add --path /var/log/dpkg.log --category platform --tags Ubuntu

...

The type (category) of logs.

You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web. 

...

In the Search screen, you can search by tags.

Tags are optional.

1. Log into a server instance that contains the Armor agent. 
2. Stop the agent with the following command: 
   • service armor-agent stop
     
3. Run the agent policy command to add log policies. You can use the following command as example: 
   • /opt/armor/armor policy filelog add --path /var/log/app.log --category app --tags app,app1
     
     • Category is required. You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web. 
     • Tags are optional.
4. Sync the agent's policy to the API with the following command: 
   • /opt/armor/armor policy filelog sync
     
5. Restart the agent with the following command: 
   • service armor-agent start
     
6. (Optional) To review any collected host log files::
   1. In the Armor Management Portal (AMP), on the left-side navigation, click Security. 
   2. Click Log & Data Management. 
   3. Click Search. 
   4. Use the filter function to select Log Relay. 

...

Review the following table to better understand how to interact with the agent via the command line: 

...

...