Logging in EC2 with CloudWatch Agents
CloudWatch Agents
By default, no logs are sent to CloudWatch by AWS.
AWS uses CloudWatch Agents to push EC2 logs to CloudWatch.
CloudWatch Agents can be used in on-premise servers as well to push the server logs to CloudWatch (See Figure 1).
Using CloudWatch Agents within EC2
Step 1: Create an Amazon Linux EC2 instance and make sure an IAM role is attached to access CloudWatch from EC2 (If you had already have an IAM role with CloudWatchFullAccess that should be fine for this exercise).
Step 2: Install AWS Log Agent binaries to EC2 instance.
$ sudo yum update
$ sudo yum install -y awslogs
Step 3: If you wish to change the log format, you may edit the /etc/awslogs/awslogs.conf file. In this exercise, you may keep it as it is.
Step 4: Edit the /etc/awslogs/awscli.conf file in order to change the AWS region of yours. If your AWS region is other than, us-east-1, you may change it in the file.
Step 5: Start the awslogs service.
[P.Note: The following command is for Amazon Linux EC2 instances only.]
$ sudo systemctl start awslogsd
$ sudo systemctl enable awslogsd.service
If you have any other Linux distribution in your EC2 instances, please use the following command.
$ sudo service awslogs start
$ sudo chkconfig awslogs on
Step 6: If there are no errors, move to ClooudWatch on AWS Console.
Select Logs → Log Groups → Select /var/log/messages Log Group (See Figure 2).
Step 7: Click the /var/log/messages Log Group and you will see the following (See Figure 3).
The Log Stream that you see is for the EC2 instance that you have selected. The Log Stream Id should basically match the EC2 instance Id as well (See Figure 4).
Congratulations! Now you have successfully managed to push EC2 server logs to CloudWatch.
References:
- Quick Start: Install and Configure the CloudWatch Logs Agent on a Running EC2 Linux Instance: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html
