Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 3 Next »

Armor Agent - Collecting Linux and Windows Standard Logs

Use the following commands to manage the Logging service - Filebeat and Winlogbeat (for Windows only). 


Install Logging:

Windows: C:\.armor\opt\armor.exe logging install
Linux: /opt/armor/armor logging install


Uninstall Logging:

Windows: C:\.armor\opt\armor.exe logging uninstall
Linux: /opt/armor/armor logging uninstall


Logging Help

Windows: C:\.armor\opt\armor.exe logging help
Linux: /opt/armor/armor logging help
 Filebeat Sync Configuration Commands for Linux

Add new paths to filebeat config

/opt/armor/armor logging add-file-paths <paths to file locations>

Remove paths from filebeat config

 /opt/armor/armor logging remove-file-paths <paths to file locations>

List added config paths

/opt/armor/armor logging describe-file-paths

Sync filebeat config

/opt/armor/armor logging sync-file-paths


Armor Agent - Collecting Custom Windows System Event Logs

Add new paths to filebeat config

C:\.armor\opt\armor.exe logging add-file-paths <paths to file locations>


Remove paths from filebeat config

C:\.armor\opt\armor.exe logging remove-file-paths <paths to file locations>


List added config paths

C:\.armor\opt\armor.exe logging describe-file-paths


Sync filebeat config

C:\.armor\opt\armor.exe logging sync-file-paths


Add winlogbeat event logs

C:\.armor\opt\armor.exe logging add-event-logs <add events>


Remove winlogbeat event logs

 C:\.armor\opt\armor.exe logging remove-event-logs <add events>


List Event logs

C:\.armor\opt\armor.exe logging describe-event-logs


Sync event logs

C:\.armor\opt\armor.exe logging sync-event-logs
 Logging Command Usage

Command Usage:

armor logging command [arguments...]

The following arguments are possible parameters for the Logging CLI feature. This allows customers to manage filebeat modules on Virtual Machines.

CommandArguments Result
  • iis-enable
  • apache-enable
  • nginx-enable

Enables filebeat IIS/apache/nginx.  When run, module yml file will change from disabled state to enable state.

  • iis-disable
  • apache- disable
  • nginx- disable

Disables Filebeat IIS/apache/nginx.  When run the module yml file will change from enable state to disable mode.

  • iis-add-access-paths
  • apache-add-access-paths
  • nginx-add-access-paths
path1, path2, path3Includes the argument paths in module yml file under the 'access_paths' section.
  • iis-remove-access-paths 
  • apache-remove-access-paths
  • nginx-remove-access-paths

path1, path2, path3

Removes the argument paths in module yml file under the 'access_paths' section.

  • iis-add-error-paths
  • apache-add-error-paths
  • nginx-add-error-paths

path1, path2, path3

Includes the argument paths in module yml file under the 'error_paths' section.

  • iis-remove-error-paths
  • apache-remove-error-paths
  • nginx-remove-error-paths

path1, path2, path3

Removes the argument paths in module yml file under the 'error_paths' section. Removes the argument paths in module yml file under the 'error_paths' section.

  • iis-sync-config
  • apache-sync-config
  • nginx-sync-config

The command sync the module yml file on vm with latest changes which are required.
  • iis-describe-config
  • apache-describe-config
  • nginx-describe-config

The command displays current access & error paths which are configured in module yml file.


Users can add as many paths in a single command as needed by must be comma-separated.

  • Linux example (multiple/one path):

    • /opt/armor/armor logging add-file-paths "/var/log/thing,/var/log/stuff/log,/path/to/log"
    • /opt/armor/armor logging add-file-paths /var/log/thing

  • Windows example (multiple/one path):

    • C:\.armor\opt\armor.exe logging add-file-paths "C:\var\log\thing,D:\path\to\log"
    • C:\.armor\opt\armor.exe logging add-file-paths C:\var\log\thing


Examples: Below is example usage for logging apache and similarly for iis and ngix module.

Command Usage:

armor logging apache-enable

armor logging apache-disable

armor logging apache-add-access paths <required paths needs to add here>

armor logging apache-remove-access paths <required paths needs to add here>

armor logging apache-add-error paths <required paths needs to add here>

armor logging apache-remove-error paths <required paths needs to add here>

armor logging apache-sync-config

armor logging apache-describe-config

  • No labels