Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

id229905118

...

id229905130

...

background-color$lightGrayColor
id229905116

Topics Discussed

Table of Contents
maxLevel3
minLevel3

...

id229905119

You can use this document to learn about the specific, high-level steps needed to obtain Log Relay, and send additional log types to Armor's Security Information & Event Management (SIEM).

-includetrue
Excerpt
ESLP:Permissions for Log Relay and Remote Log Collection (snippet)ESLP:Permissions for Log Relay and Remote Log Collection (snippet)nopanel
nameRemote Log Collection Permissions
Note

To obtain Log Relay and to configure your account for remote log collection, you must have the following AMP permissions added to your account: 

  • Write Virtual Machine

  • Delete Log Management

  • Read Log Endpoints

  • Read Log Relays

  • Write Log Relays

  • Delete Log Relays

Note

Before you begin:

For Armor

's private cloud

Enterprise Cloud users, you must already have a virtual machine in your account

For Armor Anywhere users, you must already have downloaded and installed the Armor Agent.

Note

For introductory information on Log Relay, see Introduction to Log Relay.

Review Requirements

...

Insert excerpt

...

Introduction to Log Relay

...

Introduction to Log Relay

...

nameReview Requirements
nopaneltrue


Anchor
obtain-log-relay
obtain-log-relay
Obtain Log Relay

...

Note

When you convert a virtual machine into a Log Relay device, your virtual machine / device will still contain the default Armor Agent components, such as FIM, Malware, Patching, etc.

Expand
titleOption 1: For Armor Anywhere Users
  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.

  2. Click Virtual Machines.

  3. Locate and hover over the desired virtual machine.

  4. Click the vertical ellipses.

  5. Click Convert to Log Relay.

    Image Modified

  6. Review pricing information, and then click Convert VM to Log Relay.
    Image Modified

  7. Under Type, the virtual machine will be labeled as Log Relay. (By default, the Armor agent will update the virtual machine within 15 minutes.)
    Image Modified

Expand
titleOption 2: For Armor Complete Users
  1. Use the PUT Assign Log Collector API call to add Log Relay to your account.

    Note

    In some cases, the terms Log Depot, Host Log Collector, or Log Relay may be used interchangeably.

...

METHOD /

...

TYPE

PUT

API

...

CALL / URL

/vms/core/{coreInstanceId}/

...

profile 

...

PARAMETERS

You must enter your virtual machine's coreInstanceId.

Note

To locate this ID, in AMP, access the Virtual Machine screen, click the desired virtual machine to expand, and then copy the Agent ID. The Agent ID is a combination of numbers and letters. 

...

Image Added

...

FULL API

...

CALL / URL

Code Block

...

PUT https://api.armor.com//vms/core/1gfh39d-hdd78-dhd73-434/

...

profil
  1. Contact Armor Support to add a custom file path via a host log collector.


After you have converted your virtual machine into a Log Relay device, see Create and Configure Remote Log Sources to learn how to create and configure a remote log source.

Info

Troubleshooting

In general, if you are having issues adding Log Relay to a remote log device, consider that:

You need to update your permissions in AMP.

  • In AMP, you must have the following permissions added to your account:

    • Write Virtual Machine

    • Delete Log Management

    • Read Log Endpoints

    • Read Log Relays

    • Write Log Relays

    • Delete Log Relays

Note

To add the above-mentioned AMP permissions to your account, see Roles and Permissions.

...