Topics Discussed
Table of Contents | ||||
---|---|---|---|---|
|
You can use this document to learn how to create and configure a remote Log Relay device.
Note |
---|
To obtain Log Relay and to configure your account for remote log collection, you must have the following AMP permissions added to your account:
|
Note |
---|
Before you begin, you must first convert a virtual machine into a Log Relay device. To learn more, see Obtain Log Relay for Remote Log Collection. For introductory information on Log Relay, see Introduction to Log Relay. |
Create and Configure a Remote Log Source
Based on your specific log type, review the following options to create and configure a remote log source:
Log type | Additional information | Detailed instructions |
AWS CloudTrail | For this log type, you must be able to:
| |
AWS GuardDuty | For this log type, you must be able to:
| |
AWS VPC Flow Logs | For this log type, you must be able to:
| |
AWS WAF | For this log type, you must be able to:
| |
Check Point | For this log type you must be able to:
| |
Cisco ASA | For this log type, you must be able to:
| |
Cisco ISR | For this log type, you must be able to:
| |
Juniper | For this log type, you must be able to:
| |
Fortinet FortiGate | For this log type, you must be able to:
| |
Imperva Incapsula | For this log type, you must be able to:
| |
Palo Alto Firewall | For this log type, you must be able to:
| |
SonicWall | For this log type, you must be able to:
| |
Cylance | For this log type:
| |
Storage Only | For this log type, you must be able to:
|
Warning |
---|
Troubleshooting In general, if you are having issues adding Log Relay to a remote log device, consider that: You need to update your permissions in AMP.
|
Note |
---|
To add the above-mentioned AMP permissions to your account, see Roles and Permissions. Additional troubleshooting information is located in the specific remote log source documentation. |