{"id":1689,"date":"2019-02-05T11:14:56","date_gmt":"2019-02-05T11:14:56","guid":{"rendered":"http:\/\/wiki.thomasandsofia.com\/?p=1689"},"modified":"2019-02-06T11:36:22","modified_gmt":"2019-02-06T11:36:22","slug":"csap-cloudwatch-logs","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=1689","title":{"rendered":"CSAP CloudWatch Logs"},"content":{"rendered":"<p><a href=\"http:\/\/wiki.thomasandsofia.com\/2018\/08\/20\/aws-certified-solutions-architect-professional-overview\/\">Main Menu<\/a><\/p>\n<h1>Menu<\/h1>\n<ul>\n<li>Understanding CloudWatch Logs<\/li>\n<li>Pushing Linux system logs to CloudWatch<\/li>\n<\/ul>\n<h1>Understanding CloudWatch Logs<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/aws-certified-solutions-architect-professional\/learn\/v4\/t\/lecture\/13308272?start=0\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/aws-certified-solutions-architect-professional\/learn\/v4\/t\/lecture\/13308272?start=0<\/a><\/p>\n<h2>Centralized Log Solutions<\/h2>\n<ul>\n<li>A server can contain a lot of log files &#8211; from system logs to the application logs.<\/li>\n<li>During debugging, it is important to have log files at hand.<\/li>\n<li>By default, since the log files are stored directly on the server, this means the individual that needs to debug must have access to that server.\n<ul>\n<li>This is considered poor security.\u00a0 Developers should not have access to the server.<\/li>\n<\/ul>\n<\/li>\n<li>The better solution is to push the log files to a centralized S3 bucket.<\/li>\n<\/ul>\n<h1>Pushing Linux system logs to CloudWatch<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/aws-certified-solutions-architect-professional\/learn\/v4\/t\/lecture\/13308276?start=0\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/aws-certified-solutions-architect-professional\/learn\/v4\/t\/lecture\/13308276?start=0<\/a><\/p>\n<p><a href=\"https:\/\/docs.aws.amazon.com\/AmazonCloudWatch\/latest\/logs\/QuickStartEC2Instance.html\" target=\"_blank\" rel=\"noopener\">https:\/\/docs.aws.amazon.com\/AmazonCloudWatch\/latest\/logs\/QuickStartEC2Instance.html<\/a><\/p>\n<h2>Step 1: Create the CloudWatch Log policy<\/h2>\n<ul>\n<li>EC2 instance must be able to create a log group in CloudWatch then push the logs there.\n<ul>\n<li>Region &gt; EC2 &gt; Instances &gt; Select Instance &gt; IAM role &gt; Click the IAM role name<\/li>\n<li>&gt; Roles &gt; Summary &gt; +Add inline policy<\/li>\n<li>&gt; Create policy &gt; JSON<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<pre>{\r\n   \"Version\": \"2012-10-17\",\r\n   \"Statement\": [\r\n      {\r\n         \"Effect\": \"Allow\",\r\n         \"Action\": [\r\n            \"logs:CreateLogGroup\",\r\n            \"logs:CreateLogStream\",\r\n            \"logs:PutLogEvents\",\r\n            \"logs:DescribeLogStreams\"\r\n         ],\r\n         \"Resource\": [\r\n            \"arn:aws:logs:*:*:*\"\r\n         ]\r\n      }\r\n   ]\r\n}\r\n<\/pre>\n<ul>\n<li>[ Review policy ]<\/li>\n<li>&gt; Review policy\n<ul>\n<li>Name: CloudWatchLogs<\/li>\n<li>[ Create policy ]<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Step 2: Install the CloudWatch agent<\/h2>\n<h3>AWS Linux<\/h3>\n<h4>Install the agent<\/h4>\n<pre>sudo yum update -y\r\nyum install -y awslogs<\/pre>\n<h4>Edit \/etc\/awslogs\/awscli.conf to use the correct region<\/h4>\n<pre>nano \/etc\/awslogs\/awscli.conf<\/pre>\n<pre>region =<\/pre>\n<h4>Edit \/etc\/awslogs\/awslogs.conf to enter the Log Group name<\/h4>\n<ul>\n<li>This can be used to add additional log files.<\/li>\n<li>Use different log group names for different log files<\/li>\n<li>it is recommended to restrict permissions to these files only to uses that require that access.\n<ul>\n<li>SysAdmins need the messages logs while Dev does not.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<pre>nano \/etc\/awslogs\/awslogs.conf<\/pre>\n<pre>[\/var\/logs\/messages]\r\n...\r\nfile = \/var\/log\/messages\r\n...\r\nlog_group_name = \/var\/logs\/messages<\/pre>\n<p>Start the log service<\/p>\n<pre>service awslogs start<\/pre>\n<h4>Ubuntu, CentOS and RedHat<\/h4>\n<p><strong>Update the packages<\/strong><\/p>\n<pre>sudo apt-get update -y<\/pre>\n<pre>sudo yum update -y<\/pre>\n<p><strong>Download the agent<\/strong><\/p>\n<pre>curl https:\/\/s3.amazonaws.com\/aws-cloudwatch\/downloads\/latest\/awslogs-agent-setup.py -O<\/pre>\n<p><strong>Install the agent<\/strong><br \/>\n* Note: you must specify what region you are exporting your logs to.<\/p>\n<pre>sudo python .\/awslogs-agent-setup.py --region us-east-1<\/pre>\n<p>or<\/p>\n<pre>sudo python3 .\/awslogs-agent-setup.py --region us-east-1<\/pre>\n<p>&nbsp;<\/p>\n<p>3:04<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Main Menu Menu Understanding CloudWatch Logs Pushing Linux system logs to CloudWatch Understanding CloudWatch Logs https:\/\/www.udemy.com\/aws-certified-solutions-architect-professional\/learn\/v4\/t\/lecture\/13308272?start=0 Centralized Log Solutions A server can contain a lot of log files &#8211; from system logs to the application logs. During debugging, it is important to have log files at hand. By default, since the log files are stored ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=1689\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18,38],"tags":[],"class_list":["post-1689","post","type-post","status-publish","format-standard","hentry","category-amazon-web-services-aws","category-certified-solutions-architect-professional"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1689","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1689"}],"version-history":[{"count":5,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1689\/revisions"}],"predecessor-version":[{"id":1695,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1689\/revisions\/1695"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1689"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1689"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1689"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}