Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 90 Next »

Armor Agent - Collecting Linux and Windows Standard Logs


Use the following commands to manage the Logging service - Filebeat and Winlogbeat (for Windows only).


Install Logging:

Windows: C:\.armor\opt\armor.exe logging install
Linux: /opt/armor/armor logging install


Uninstall Logging:

Windows: C:\.armor\opt\armor.exe logging uninstall
Linux: /opt/armor/armor logging uninstall 


Logging Help

Windows: C:\.armor\opt\armor.exe logging help
Linux: /opt/armor/armor logging help
 Filebeat Sync Configuration Commands for Linux
 Filebeat Sync Configuration Commands for Windows
 Logging Command Usage


Default Logging Configuration for the Armor Agent


Windows

The Armor Agent forwards logs from the System and Security event types. The specific event id's kept are as follows:

Sysmon Id's

1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 255

Security Event Id's

1102, 4624, 4625, 4648, 4649, 4657, 4688, 4697, 4698, 4719, 4720, 4722, 4723, 4724, 4725, 4726, 4732, 4733, 4738, 4794, 4798, 4799, 5140, 7034, 7045, 33205


Linux

The Armor Agent forwards the following log files for Linux servers:

CentOS/RHELUbuntu/Debian
  • /var/log/secure
  • /var/log/messages
  • /var/log/yum.log
  • /var/log/auth.log
  • /var/log/syslog


Log and Data Management Home

Was this helpful?

Sysmon

NGINX

MSSQL

Microsoft IIS

Armor Anywhere

Apache Server

Armor can ingest logs from most sources. The logs are stored and can be correlated and analyzed against threat intelligence feeds from Armor and other third parties. Armor provides advanced log search and data visualization capabilities through the Armor Management Portal. The benefits of Armor's log and data management add-on include:

  • Enhanced security posture through the analysis and correlation of log information with other Armor telemetry sources.
  • Greater context to aid in more effective detection, alerting and response.
  • Ability to meet compliance mandates through the storing of log data for up to 13 months.

ARMOR ANYWHERE can be configured to collect logs from the following sources:

  • No labels