...
...
...
...
...
Topics Discussed
...
...
...
...
...
...
...
...
...
...
...
...
...
...
Note |
---|
In order to use this document, you must have the Write LogManagement permission assigned to your account. |
You can use the Log Relay add-on product to securely store file-based application logs with Armor for 30 days or 13 months, based on your log retention plan.
Log Relay
...
Collects only single-line log formats.
Does not provide security analysis, parsing, or awareness of log content.
Can store up to 10,000 logs
At a high-level, to use Log Relay, you must:
Order Host Log Collector
Send logs to Armor
Note |
---|
In some cases, the terms Log Depot, Host Log Collector, or Log Relay may be used interchangeably. |
Note |
---|
For pricing information, please contact your account manager. |
Excerpt |
---|
hidden | true |
---|
name | Review-Pricing-Information |
---|
|
Anchor |
---|
| Review-pricing-information |
---|
| Review-pricing-information |
---|
| Review pricing informationHost Log Collector's prices are based on a subscription (base) charge and an overage (tiered) charge. The monthly subscription charge includes up to 25GB of storage. Additional storage above 25GB will be charged on a tiered level. Review the following table to understand the pricing structure: SKU | $/Month | £/Month |
|
---|
LD Base Subscription | $200 | £155 |
|
| $ per GB | £ per GB | Tier Discount | 0GB - 25GB (Included in Base Subscription) | Included (is $8/GB) | Included (is £6.20) | - | 26GB - 50GB | $7.2 | £5.58 | 10% | 51GB - 100GB | $6.56 | £5.08 | 18% | 101GB - 250GB | $6.08 | £4.71 | 24% | 251GB - 500GB | $5.60 | £4.34 | 30% | 501GB - 1000GB | $5.28 | £4.09 | 34% | 1001GB+ | $5.12 | £3.97 | 36% |
|
Anchor |
---|
| Order-host-log-collector |
---|
| Order-host-log-collector |
---|
|
Order Log Relay for Host Log Collection...
Step 1: Add Log Relay
Use the Post Host Log Collector (Activate) API to add Host Log Collector to your account.
Method / Type | POST |
---|
API call / URL | /log-management/log-depot/activate |
---|
Parameters | There are no parameters for this API call. |
---|
Full API call / URL | Code Block |
---|
| POST https://api.armor.com/log-management/log-depot/activate |
|
---|
Sample 200 return | Code Block |
---|
| {
"accountId": 0,
"modifiedByUserId": 0,
"modifiedDate": "2017-10-23T16:35:13.540Z",
"isEnabled": true
} |
|
---|
Note |
---|
To learn more about this API call, see Post Host Log Collector (Activate). Excerpt |
---|
|
|
Insert excerpt |
---|
ESLP:NOT PUBLISHED: Order Log Depot (snippet) | ESLP:NOT PUBLISHED: Order Log Depot (snippet) | nopanel | true |
---|
Anchor |
---|
| Send-logs-to-Armor |
---|
| Send-logs-to-Armor |
---|
|
Step 2: Send Logs to ArmorContact Armor Support to add a custom file path via a host log collector.
Excerpt |
---|
hidden | true |
---|
name | custom-file-path-options |
---|
|
Option 1: For Windows users To use these instructions, you must have powershell admin access. Log into the server instance that contains the Armor agent. Stop the agent with the following command: Run the agent policy command to add log policies. You can use the following commands as an example: For filelog type, run C:\.armor\opt\armor policy filelog add --path C:\inetpub\logs\web1.log --category web --tags web1,iis For eventlog type, run C:\.armor\opt\armor policy eventlog add --name Application --category app --tags app Category is required. You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web. Tags are optional.
Sync the agent's policy to the API with the following command: Restart the agent with the following command: (Optional) To review any collected host log files: In the Armor Management Portal (AMP), on the left-side navigation, click Security. Click Log & Data Management. Click Search. Use the filter function to select Log Relay.
Option 2: For Linux users To use these instructions, you must have sudo access. Note |
---|
Review the following example to understand how to send logs to Armor: /opt/armor/armor policy filelog add --path /var/log/dpkg.log --category platform --tags Ubuntu |
Text | Description |
---|
/opt/armor/armor policy filelog add | Base script | --path /var/log/dpkg.log | The location of the files. | --category platform | The type (category) of logs. You must label your logs based on one of the following categories: app, db, machine-data, platform, user, or web. | --tags Ubuntu | In the Search screen, you can search by tags. Tags are optional. |
Log into a server instance that contains the Armor agent. Stop the agent with the following command: Run the agent policy command to add log policies. You can use the following command as example: Sync the agent's policy to the API with the following command: Restart the agent with the following command: (Optional) To review any collected host log files:: In the Armor Management Portal (AMP), on the left-side navigation, click Security. Click Log & Data Management. Click Search. Use the filter function to select Log Relay.
|
Anchor |
---|
| Review-additional-agent-related-commands |
---|
| Review-additional-agent-related-commands |
---|
|
Review Additional Agent-Related Commands...
Review the following table to better understand how to interact with the agent via the command line:
Command | Description |
---|
armor -h | Displays the agent's help dialog |
armor policy -h | Displays the agent's policy help dialog |
armor policy filelog -h | Displays the agent's policy filelog help dialog |
armor policy filelog add -h | Displays the agent's policy filelog add help dialog |
armor policy filelog --add [path] | Adds a filebeat logging policy with the user-defined path, category, and tag(s). |
armor policy add eventlog [name] | Adds a (Windows) eventlog logging policy with the user-defined path, category, and tag(s). |
armor policy show | Displays command functionality and syntax available at the command line. "show" can be added to any level of command to help drive user input |
armor policy sync | Synchronizes the local Armor CORE Agent with API services to pull down the latest policy version |
Anchor |
---|
| Troubleshoot-Log-Search-section-of-the-Log-Management-screen |
---|
| Troubleshoot-Log-Search-section-of-the-Log-Management-screen |
---|
|
Info |
---|
TroubleshootingIf you do not see any data in the Search section of the Log & Data Management screen, consider that You did not order Log Relay. You did not properly sync Log Relay to collect logs. The selected date range does not contain any data. You do not have permission to view log data. Was this helpful? |