AWS CloudWatch
AWS CloudWatch logs service has the capability to store custom logs and process metrics generated from your application instances. Here is some example use cases for custom logs and metrics.
Webserver (Nginx, Apache etc ) access or error logs can be pushed to CloudWatch logs it acts as central log management for your applications running on AWS
Custom application logs (java, python, etc) can be pushed to CloudWatch and you can set up custom dashboards and alerts based on log patterns.
Ec2 instance metrics/custom system metrics/ app metrics can be pushed to CloudWatch.
Create AMI of the instance for further use.
Application Logs To AWS CloudWatch Workflow
You can send logs from any number of ec2 sources to Cloudwatch. All you need to have is a Cloudwatch agent running on your instance.
Here is what you have to do
Install Cloudwatch agent
Configure log sources in the Cloudwatch agent configuration file.
Start the agent with the configuration file.
Validate logs in Cloudwatch dashboard.
Setup CloudWatch on the instance
Install CloudWatch agent
The CloudWatch agent is available as a package in Amazon Linux 2.
You can install the package by entering the following command. You must also make sure that the IAM role attached to the instance has the CloudWatchAgentServerPolicy attached.
sudo yum install amazon-cloudwatch-agentConfigure profiles for the AWS CLI
# setup AWS CLI profile
$ aws configure
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]: us-west-2
Default output format [None]: json
# verify the AWS CLI profile
$ cat ~/.aws/credentials
$ cat aws configure
$ aws configure list
Create the CloudWatch agent configuration file
Before running the CloudWatch agent on any servers, you must create a CloudWatch agent configuration file.
The agent configuration file is a JSON file that specifies the metrics and logs that the agent is to collect, including custom metrics.
Any time you change the agent configuration file, you must then restart the agent to have the changes take effect.
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizardsudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
================================================================
= Welcome to the Amazon CloudWatch Agent Configuration Manager =
= =
= CloudWatch Agent allows you to collect metrics and logs from =
= your host and send them to CloudWatch. Additional CloudWatch =
= charges may apply. =
================================================================
On which OS are you planning to use the agent?
1. linux
2. windows
3. darwin
default choice: [1]:
Trying to fetch the default region based on ec2 metadata...
Are you using EC2 or On-Premises hosts?
1. EC2
2. On-Premises
default choice: [1]:
Which user are you planning to run the agent?
1. root
2. cwagent
3. others
default choice: [1]:
Do you want to turn on StatsD daemon?
1. yes
2. no
default choice: [1]:
Which port do you want StatsD daemon to listen to?
default choice: [8125]
What is the collect interval for StatsD daemon?
1. 10s
2. 30s
3. 60s
default choice: [1]:
What is the aggregation interval for metrics collected by StatsD daemon?
1. Do not aggregate
2. 10s
3. 30s
4. 60s
default choice: [4]:
Do you want to monitor metrics from CollectD? WARNING: CollectD must be installed or the Agent will fail to start
1. yes
2. no
default choice: [1]:
2
Do you want to monitor any host metrics? e.g. CPU, memory, etc.
1. yes
2. no
default choice: [1]:
Do you want to monitor cpu metrics per core?
1. yes
2. no
default choice: [1]:
2
Do you want to add ec2 dimensions (ImageId, InstanceId, InstanceType, AutoScalingGroupName) into all of your metrics if the info is available?
1. yes
2. no
default choice: [1]:
Do you want to aggregate ec2 dimensions (InstanceId)?
1. yes
2. no
default choice: [1]:
Would you like to collect your metrics at high resolution (sub-minute resolution)? This enables sub-minute resolution for all metrics, but you can customize for specific metrics in the output json file.
1. 1s
2. 10s
3. 30s
4. 60s
default choice: [4]:
Which default metrics config do you want?
1. Basic
2. Standard
3. Advanced
4. None
default choice: [1]:
Current config as follows:
{
"agent": {
"metrics_collection_interval": 60,
"run_as_user": "root"
},
"metrics": {
"aggregation_dimensions": [
[
"InstanceId"
]
],
"append_dimensions": {
"AutoScalingGroupName": "${aws:AutoScalingGroupName}",
"ImageId": "${aws:ImageId}",
"InstanceId": "${aws:InstanceId}",
"InstanceType": "${aws:InstanceType}"
},
"metrics_collected": {
"collectd": {
"metrics_aggregation_interval": 60
},
"disk": {
"measurement": [
"used_percent"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 60
},
"statsd": {
"metrics_aggregation_interval": 60,
"metrics_collection_interval": 10,
"service_address": ":8125"
}
}
}
}
Are you satisfied with the above config? Note: it can be manually customized after the wizard completes to add additional items.
1. yes
2. no
default choice: [1]:
Do you have any existing CloudWatch Log Agent (http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html) configuration file to import for migration?
1. yes
2. no
default choice: [2]:
Do you want to monitor any log files?
1. yes
2. no
default choice: [1]:
Log file path:
/var/log/httpd/error_log
/var/log/nginx/error.log
Log group name:
default choice: [error_log]
s1web_php7_al2_error_log / prodweb_al2_error_log / Prod_CRON_al2_error_log
s1apiv2_lumen_error_log / prodapiv2_lumen_error_log
s1apiv2_error_log / prodapiv2_error_log
s1web_vuejs_al2_error_log / prodweb_vuejs_al2_error_log
Log stream name:
default choice: [{instance_id}]
s1web_php7_al2_error_log / prodweb_al2_error_log / Prod_CRON_al2_error_log
s1apiv2_lumen_error_log / prodapiv2_lumen_error_log
s1apiv2_error_log / prodapiv2_error_log
s1web_vuejs_al2_error_log / prodweb_vuejs_al2_error_log
Log Group Retention in days
1. -1
2. 1
3. 3
4. 5
5. 7
6. 14
7. 30
8. 60
9. 90
10. 120
11. 150
12. 180
13. 365
14. 400
15. 545
16. 731
17. 1827
18. 2192
19. 2557
20. 2922
21. 3288
22. 3653
default choice: [1]:
7
Do you want to specify any additional log files to monitor?
1. yes
2. no
default choice: [1]:
Log file path:
/var/log/httpd/access_log
/var/log/nginx/access.log
Log group name:
default choice: [access_log]
s1web_php7_al2_access_log / prodweb_al2_access_log / Prod_CRON_al2_access_log
s1apiv2_lumen_access_log / prodapiv2_lumen_access_log
s1apiv2_access_log / prodapiv2_access_log
s1web_vuejs_al2_access_log / prodweb_vuejs_al2_access_log
Log stream name:
default choice: [{instance_id}]
s1web_php7_al2_access_log / prodweb_al2_access_log / Prod_CRON_al2_access_log
s1apiv2_lumen_access_log / prodapiv2_lumen_access_log
s1apiv2_access_log / prodapiv2_access_log
s1web_vuejs_al2_access_log / prodweb_vuejs_al2_access_log
Log Group Retention in days
1. -1
2. 1
3. 3
4. 5
5. 7
6. 14
7. 30
8. 60
9. 90
10. 120
11. 150
12. 180
13. 365
14. 400
15. 545
16. 731
17. 1827
18. 2192
19. 2557
20. 2922
21. 3288
22. 3653
default choice: [1]:
7
Do you want to specify any additional log files to monitor?
1. yes
2. no
default choice: [1]:
2
Saved config file to /opt/aws/amazon-cloudwatch-agent/bin/config.json successfully.
Current config as follows:
{
"agent": {
"metrics_collection_interval": 60,
"run_as_user": "root"
},
"logs": {
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/httpd/error_log",
"log_group_name": "prodapiv2_error_log",
"log_stream_name": "prodapiv2_error_log",
"retention_in_days": 30
},
{
"file_path": "/var/log/httpd/access_log",
"log_group_name": "prodapiv2_access_log",
"log_stream_name": "prodapiv2_access_log",
"retention_in_days": 30
}
]
}
}
},
"metrics": {
"aggregation_dimensions": [
[
"InstanceId"
]
],
"append_dimensions": {
"AutoScalingGroupName": "${aws:AutoScalingGroupName}",
"ImageId": "${aws:ImageId}",
"InstanceId": "${aws:InstanceId}",
"InstanceType": "${aws:InstanceType}"
},
"metrics_collected": {
"collectd": {
"metrics_aggregation_interval": 60
},
"disk": {
"measurement": [
"used_percent"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 60
},
"statsd": {
"metrics_aggregation_interval": 60,
"metrics_collection_interval": 10,
"service_address": ":8125"
}
}
}
}
Please check the above content of the config.
The config file is also located at /opt/aws/amazon-cloudwatch-agent/bin/config.json.
Edit it manually if needed.
Do you want to store the config in the SSM parameter store?
1. yes
2. no
default choice: [1]:
2
Program exits now.
[ec2-user@ip-172-31-47-125 ~]$
For the question, Do you want to store the config in the SSM parameter store?, select No.
The final config files get stored in the following location/
sudo cat /opt/aws/amazon-cloudwatch-agent/bin/config.json
The config.json file should look like below
Saved config file to /opt/aws/amazon-cloudwatch-agent/bin/config.json successfully.
Current config as follows:
{
"agent": {
"metrics_collection_interval": 60,
"run_as_user": "root"
},
"logs": {
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/httpd/error_log",
"log_group_name": "prodweb_al2_error_log",
"log_stream_name": "prodweb_al2_error_log"
},
{
"file_path": "/var/log/httpd/access_log",
"log_group_name": "prodweb_al2_access_log",
"log_stream_name": "prodweb_al2_access_log"
}
]
}
}
},
...
...
}Start, Stop & check the status of the CloudWatch agent on the Linux Server
Start the CloudWatch agent with the above custom configuration
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json -sStart the CloudWatch agent with system Default Config
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -s -m ec2Status of CloudWatch agent
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -m ec2 -a statusStop CloudWatch agent
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -m ec2 -a stop
Verify Logs on CloudWatch
Once the setup is done, you can view all the configured logs under the CloudWatch dashboard (under the logs option)
Go to Logs –> Log Groups and you will see the log group you mentioned in the agent configuration.
Select the log group and you should see the instance identified you mentioned in the config.
If you click the instance identifier, it shows all the logs. You can use the cloud watch filter option to filter and query required logs.
Analyzing log data with CloudWatch Logs Insights
CloudWatch Logs Insights enables you to interactively search and analyze your log data in Amazon CloudWatch Logs. You can perform queries to help you more efficiently and effectively respond to operational issues. If an issue occurs, you can use CloudWatch Logs Insights to identify potential causes and validate deployed fixes.
Steps :
Select the log group
Filter data using the query
Reference: How To Push Ec2 Logs To Cloudwatch [Logs And Metrics]
Thanks!
Prasanti Prusty
