Forward systemd service logs to AWS Cloudwatch
source link: https://gist.github.com/adam-hanna/06afe09209589c80ba460662f7dce65c
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Introduction
I often find myself ssh'ing into my servers and checking my systemd service logs with $ journalctl -f -u {name}.service. One day I got tired of this and wanted all of my important logs in once place (Amazon AWS Cloudwatch). To my dismay, there weren't any real good tutorials on how to do so. So, voilà.
Steps
Overall, it's a fairly simple process consisting of the following few steps.
1. Modify the service file
Open the service file with $ sudo vi /lib/systemd/system/{name}.service
Modify the [Service] section:
[Service]
...
StandardOutput=file:/var/log/{name}/logs.log
StandardError=file:/var/log/{name}/logs.log
Next, create the directory $ sudo mkdir /var/log/{name}
Finally, restart the service:
sudo systemctl daemon-reload
sudo systemctl stop {name}.service
sudo systemctl start {name}.service
Wait a little bit, and confirm logs are being written $ cat /var/log/{name}/logs.log
2. Install the cloudwatch agent
$ mkdir /tmp/cloudwatch-logs && cd /tmp/cloudwatch-logs
$ wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
$ sudo dpkg -i -E ./amazon-cloudwatch-agent.deb
Be sure to download the appropriate agent for your OS
3. Create an IAM role
See, here (copied below for convenience).
- Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
- In the navigation pane on the left, choose Roles and then Create role.
- For Choose the service that will use this role, choose EC2 Allows EC2 instances to call AWS services on your behalf. Choose Next: Permissions.
- In the list of policies, select the check box next to CloudWatchAgentServerPolicy. If necessary, use the search box to find the policy.
- Choose Next: Review.
- Confirm that CloudWatchAgentServerPolicy appears next to Policies. In Role name, enter a name for the role, such as CloudWatchAgentServerRole. Optionally give it a description. Then choose Create role.
4. Attach the IAM role to your EC2 instance
See, here (copied below for convenience)
- Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
- In the navigation pane, choose Instances.
- Select the instance, choose Actions, Instance Settings, Attach/Replace IAM role.
- Select the IAM role to attach to your instance, and choose Apply.
5. Create the log stream in cloudwatch
- Navigate to https://console.aws.amazon.com/cloudwatch
- Click
Logsfrom the left menu. Then clickActions>Create log group. Name it/{service}/. - Click on the newly greated log group. Then click
Create Log Stream. Name itlogs.
6. Create a config file and start cloudwatch
$ mkdir ~/cloudwatch && cd ~/cloudwatch
$ vi config.json
Copy/paste the below json being sure to change settings as appropriate:
{
"agent": {
"metrics_collection_interval": 60,
"logfile": "/opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log"
},
"logs": {
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/{service}/logs.log",
"log_group_name": "/{service}/",
"log_stream_name": "logs",
"timezone": "UTC"
}
]
}
},
"log_stream_name": "logs",
"force_flush_interval" : 60
}
}Finally, start the cloudwatch agent $ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/home/ubuntu/cloudwatch/config.json -s
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK