Create and Configure Remote Log Sources
Â
Topics Discussed
Â
You can use this document to learn how to create and configure a remote Log Relay device.
To obtain Log Relay and to configure your account for remote log collection, you must have the following AMP permissions added to your account:
Write Virtual Machine
Delete Log Management
Read Log Endpoints
Read Log Relays
Write Log Relays
Delete Log Relays
Before you begin, you must first convert a virtual machine into a Log Relay device. To learn more, see Obtain Log Relay for Remote Log Collection.
For introductory information on Log Relay, see Introduction to Log Relay.
Create and Configure a Remote Log Source
Based on your specific log type, review the following options to create and configure a remote log source:
Log type | Additional information | Detailed instructions |
AWS CloudTrail | For this log type, you must be able to:
| |
AWS GuardDuty | For this log type, you must be able to:
| |
AWS VPC Flow Logs | For this log type, you must be able to:
| |
AWS WAF | For this log type, you must be able to:
| |
Check Point | For this log type you must be able to:
| |
Cisco ASA | For this log type, you must be able to:
| |
Cisco ISR | For this log type, you must be able to:
| |
Juniper | For this log type, you must be able to:
| |
Fortinet FortiGate | For this log type, you must be able to:
| |
Imperva Incapsula | For this log type, you must be able to:
| |
Palo Alto Firewall | For this log type, you must be able to:
| |
SonicWall | For this log type, you must be able to:
| |
Cylance | For this log type:
| |
Storage Only | For this log type, you must be able to:
|
Â
Troubleshooting
In general, if you are having issues adding Log Relay to a remote log device, consider that:
You need to update your permissions in AMP.
In AMP, you must have the following permissions added to your account:
Write Virtual Machine
Delete Log Management
Read Log Endpoints
Read Log Relays
Write Log Relays
Delete Log Relays