Help Document

Starting Log360 Cloud

You can either configure an On-premise agent or a Cloud Account to get started.

This page describes the various steps involved in configuring an on-premise agent or a cloud agent.

  1. Configure an agent
  2. Configure advanced threat analytics
  3. Configure Log360 Cloud Account

Configure Log360 Cloud Agent

Starting Log360 Cloud

To sync Log360 Cloud with the Log360 Cloud Agent, you will have to obtain the security access key of Log360 Cloud and enter it in the Log360 Cloud Agent installation.

To obtain the security access key of Log360 Cloud,

  • Click Configure Agent to open the Log360 Cloud Agent page.
  • Follow the steps listed on the page.
  • The access key will be available on Step 3 of the page.

Security Access Key

To enter the access key in the Log360 Agent console, follow the steps given below.

  • If you have not downloaded the Log360 Cloud Agent already, click here.
  • Run the Log360CloudAgent.msi file. An installation wizard will begin.
  • Log360 Cloud Security Access Key

  • Click Next to open the Connection Settings for Log360 Cloud pop-up
  • Log360 Cloud Security Access Key

  • On starting the installation, you will be prompted for an Access Key. Enter the access key that was obtained from Log360 Cloud and click OK.
  • Security Access Key

  • Once the Installation Complete pop-up is displayed, click Close to exit.

On completing installation, data synchronization will begin and Log360 Cloud Agent will start pushing logs to the cloud.

Configure Log360 Cloud Agent without GUI

Note: For operating systems without a graphical interface, like Windows Server Core, you can perform a silent installation of the agent using the following steps:

  • Download the Log360 Cloud agent from this link and save it to your desired folder.
  • Open a command prompt window and navigate to the folder where the agent was downloaded.
  • Replace the <Server URL> and <Access Key> placeholders with the appropriate values, then enter the following command to initiate the silent installation:
msiexec /i "Log360CloudAgent.msi" /qn /norestart /L*v "Agent_Install.log" ServerName="<Server URL>" ServerIPAddress="<Server URL>" ZAPIKEY<Access key copied from UI> ENABLESILENT=yes ALLUSERS=1

Use the following URLs based on your region to replace <Server URL> in the command:

US region: log360cloud.manageengine.com

EU region: log360cloud.manageengine.eu

AU region: log360cloud.manageengine.com.au

IN region: log360cloud.manageengine.in

JP region: log360cloud.manageengine.jp

Example:

msiexec /i "Log360CloudAgent.msi" /qn /norestart /L*v "Agent_Install.log" ServerName="log360cloud.manageengine.com" ServerIPAddress="log360cloud.manageengine.com" ZAPIKEY=1003.fe6***********************************************************b4b ENABLESILENT=yes ALLUSERS=1

Configure advanced threat analytics

  • Login to Log360 Cloud and navigate to Settings → Admin Settings → Threat Management.
  • Enable the Default Threat Server and Advanced Threat Analytics options.
  • Now the threat feeds have been enabled.
  • Log360 Cloud Security Access Key

    Log360 Cloud Security Access Key

Configure Log360 Cloud Account

Click on Configure Cloud Account under Cloud Source Configuration.

Starting Log360 Cloud

The following page will appear.

Starting Log360 Cloud

Enter the following details:

  • In the Select Cloud Type field, select the cloud type from the drop-down list.
  • In the Display Name field, enter the name.
  • Enter the Access Key ID and Secret Access Key.
  • Note:

    To get the access key ID and secret access key

    • Login to your AWS Console.
    • Create an IAM User.
    • Grant programmatic access to the IAM user.
    • Create a policy for the IAM user by copying the policy document.
    • Enter the generated access key ID and secret access key in the above fields.
  • Create/Connect to existing cloudtrail.
  • Click on Save.