/
Obtain Log Relay for Remote Log Collection

Obtain Log Relay for Remote Log Collection

Owned by Aaron Gabriel (Deactivated)
Last updated: 14 May 2024 by Soniya Patil
2 min read

Topics Discussed

 

You can use this document to learn about the specific, high-level steps needed to obtain Log Relay, and send additional log types to Armor's Security Information & Event Management (SIEM).

To obtain Log Relay and to configure your account for remote log collection, you must have the following AMP permissions added to your account: 

  • Write Virtual Machine

  • Delete Log Management

  • Read Log Endpoints

  • Read Log Relays

  • Write Log Relays

  • Delete Log Relays

Before you begin:

For Armor Enterprise Cloud users, you must already have a virtual machine in your account

For Armor Anywhere users, you must already have downloaded and installed the Armor Agent.

For introductory information on Log Relay, see Introduction to Log Relay.

 

Review Requirements


Obtain Log Relay

 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.

  2. Click Virtual Machines.

  3. Locate and hover over the desired virtual machine.

  4. Click the vertical ellipses.

  5. Click Convert to Log Relay.




  6. Review pricing information, and then click Convert VM to Log Relay.

    • You will be redirected to the Virtual Machines screen.


  7. Under Type, the virtual machine will be labeled as Log Relay. (By default, the Armor agent will update the virtual machine within 15 minutes.)

 

  1. Use the PUT Assign Log Collector API call to add Log Relay to your account.

METHOD / TYPE

PUT

API CALL / URL

/vms/core/{coreInstanceId}/profile 

PARAMETERS

You must enter your virtual machine's coreInstanceId.

 

FULL API CALL / URL

PUT https://api.armor.com//vms/core/1gfh39d-hdd78-dhd73-434/profil

  1. Contact Armor Support to add a custom file path via a host log collector.



After you have converted your virtual machine into a Log Relay device, see Create and Configure Remote Log Sources to learn how to create and configure a remote log source.

 

 

Related content

Introduction to Log Relay
Introduction to Log Relay
Knowledge Base
More like this
Log Management Overview
Log Management Overview
Knowledge Base
Read with this
Create a Storage Only Log Source
Create a Storage Only Log Source
Knowledge Base
More like this
Log Collection Through The Armor Agent
Log Collection Through The Armor Agent
Knowledge Base
Read with this
Create a Remote Log Source - Imperva Incapsula
Create a Remote Log Source - Imperva Incapsula
Knowledge Base
More like this
Third Party Sources Through Armor Log Relay
Third Party Sources Through Armor Log Relay
Knowledge Base
More like this