Obtain Log Relay for Remote Log Collection

Owned by Aaron Gabriel (Deactivated)
Last updated: 14 May 2024 by Soniya Patil
2 min read

Topics Discussed

 

You can use this document to learn about the specific, high-level steps needed to obtain Log Relay, and send additional log types to Armor's Security Information & Event Management (SIEM).

To obtain Log Relay and to configure your account for remote log collection, you must have the following AMP permissions added to your account: 

  • Write Virtual Machine

  • Delete Log Management

  • Read Log Endpoints

  • Read Log Relays

  • Write Log Relays

  • Delete Log Relays

Before you begin:

For Armor Enterprise Cloud users, you must already have a virtual machine in your account

For Armor Anywhere users, you must already have downloaded and installed the Armor Agent.

For introductory information on Log Relay, see Introduction to Log Relay.

 

Review Requirements


Obtain Log Relay

 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.

  2. Click Virtual Machines.

  3. Locate and hover over the desired virtual machine.

  4. Click the vertical ellipses.

  5. Click Convert to Log Relay.




  6. Review pricing information, and then click Convert VM to Log Relay.

    • You will be redirected to the Virtual Machines screen.


  7. Under Type, the virtual machine will be labeled as Log Relay. (By default, the Armor agent will update the virtual machine within 15 minutes.)

 

  1. Use the PUT Assign Log Collector API call to add Log Relay to your account.

METHOD / TYPE

PUT

API CALL / URL

/vms/core/{coreInstanceId}/profile 

PARAMETERS

You must enter your virtual machine's coreInstanceId.

 

FULL API CALL / URL

PUT https://api.armor.com//vms/core/1gfh39d-hdd78-dhd73-434/profil

  1. Contact Armor Support to add a custom file path via a host log collector.



After you have converted your virtual machine into a Log Relay device, see Create and Configure Remote Log Sources to learn how to create and configure a remote log source.

 

Â