Before you begin:

For Armor Enterprise Cloud users, you must already have a virtual machine in your account

• To learn how to create a virtual machine, see Virtual Machines.

For Armor Anywhere users, you must already have downloaded and installed the Armor Agent.

• To learn how to download the Armor Agent, see Install the Armor Anywhere Agent - Linux.

For introductory information on Log Relay, see Introduction to Log Relay.

When you convert a virtual machine into a Log Relay device, your virtual machine / device will still contain the default Armor Agent components, such as FIM, Malware, Patching, etc.

1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.

2. Click Virtual Machines.

3. Locate and hover over the desired virtual machine.

4. Click the vertical ellipses.

5. Click Convert to Log Relay.
   
   
   
   

6. Review pricing information, and then click Convert VM to Log Relay.
   

   • You will be redirected to the Virtual Machines screen.
     
     

7. Under Type, the virtual machine will be labeled as Log Relay. (By default, the Armor agent will update the virtual machine within 15 minutes.)
   

1. Use the PUT Assign Log Collector API call to add Log Relay to your account.

   In some cases, the terms Log Depot, Host Log Collector, or Log Relay may be used interchangeably.

PUT https://api.armor.com//vms/core/1gfh39d-hdd78-dhd73-434/profil

2. Contact Armor Support to add a custom file path via a host log collector.

Troubleshooting

In general, if you are having issues adding Log Relay to a remote log device, consider that:

You need to update your permissions in AMP.

• In AMP, you must have the following permissions added to your account:

  • Write Virtual Machine

  • Delete Log Management

  • Read Log Endpoints

  • Read Log Relays

  • Write Log Relays

  • Delete Log Relays

To add the above-mentioned AMP permissions to your account, see Roles and Permissions.