amazon web services - Why are CloudWatch Logs sent from my Windows EC2 Instance not showing up on AWS Console? -
i have set cloudwatch logs on ec2 windows server-r2 doesn't show on aws console. (my iam user has fullaccess) https://aws.amazon.com/blogs/devops/using-cloudwatch-logs-with-amazon-ec2-running-microsoft-windows-server/
my cloudwatch json file looks below:
{ "engineconfiguration": { "pollinterval": "00:00:15", "components": [ { "id": "applicationeventlog", "fullname": "aws.ec2.windows.cloudwatch.eventlog.eventloginputcomponent,aws.ec2.windows.cloudwatch", "parameters": { "logname": "application", "levels": "1" } }, { "id": "systemeventlog", "fullname": "aws.ec2.windows.cloudwatch.eventlog.eventloginputcomponent,aws.ec2.windows.cloudwatch", "parameters": { "logname": "system", "levels": "7" } }, { "id": "securityeventlog", "fullname": "aws.ec2.windows.cloudwatch.eventlog.eventloginputcomponent,aws.ec2.windows.cloudwatch", "parameters": { "logname": "security", "levels": "7" } }, { "id": "etw", "fullname": "aws.ec2.windows.cloudwatch.eventlog.eventloginputcomponent,aws.ec2.windows.cloudwatch", "parameters": { "logname": "microsoft-windows-wininet/analytic", "levels": "7" } }, { "id": "iislogs", "fullname": "aws.ec2.windows.cloudwatch.customlog.customloginputcomponent,aws.ec2.windows.cloudwatch", "parameters": { "logdirectorypath": "c:\\inetpub\\logs\\logfiles\\w3svc1", "timestampformat": "yyyy-mm-dd hh:mm:ss", "encoding": "utf-8", "filter": "", "culturename": "en-us", "timezonekind": "utc", "linecount": "3" } }, { "id": "customlogs", "fullname": "aws.ec2.windows.cloudwatch.customlog.customloginputcomponent,aws.ec2.windows.cloudwatch", "parameters": { "logdirectorypath": "c:\\customlogs\\", "timestampformat": "mm/dd/yyyy hh:mm:ss", "encoding": "utf-8", "filter": "", "culturename": "en-us", "timezonekind": "local" } }, { "id": "performancecounter", "fullname": "aws.ec2.windows.cloudwatch.performancecountercomponent.performancecounterinputcomponent,aws.ec2.windows.cloudwatch", "parameters": { "categoryname": "memory", "countername": "available mbytes", "instancename": "", "metricname": "memory", "unit": "megabytes", "dimensionname": "", "dimensionvalue": "" } }, { "id": "cloudwatchlogs", "fullname": "aws.ec2.windows.cloudwatch.cloudwatchlogsoutput,aws.ec2.windows.cloudwatch", "parameters": { "accesskey": "accesskey", "secretkey": "secretkey", "region": "eu-west-1", "loggroup": "default-log-group", "logstream": "{instance_id}" } }, { "id": "cloudwatch", "fullname": "aws.ec2.windows.cloudwatch.cloudwatch.cloudwatchoutputcomponent,aws.ec2.windows.cloudwatch", "parameters": { "accesskey": "accesskey", "secretkey": "secretkey", "region": "eu-west-1", "namespace": "windows/default" } } ], "flows": { "flows": [ "(applicationeventlog,systemeventlog),cloudwatchlogs", "performancecounter,cloudwatch" ] } } }
as found needs install ssm show on aws console?! doing installation process of ssm based on link: http://docs.aws.amazon.com/awsec2/latest/windowsguide/managed-instances.html#install-managed-win
but can't download file, details followed:
ps c:\program files (x86)\aws tools\powershell\awspowershell> $dir = $env:temp + "\ssm" > new-item -itemtype directory -path $dir > cd $dir > $username = admin > $password = 1234 > $wc = new-object system.net.networkcredential($username, $password) > $wc.downloadfile("https://amazon-ssm-region.s3.amazonaws.com/latest/windows_amd64/amazonssmagentsetup.exe", $dir + "\amazonssmagentsetup.exe") cannot call method on null-valued expression. @ line:1 char:1 + $wc.downloadfile("https://amazon-ssm- region.s3.amazonaws.com/latest/windows_amd64 ... + + categoryinfo : invalidoperation: (:) [], runtimeexception + fullyqualifiederrorid : invokemethodonnull
is there idea problem is?
note: if you're coming here search engine , looking ec2launch/ec2config 4.x on windows server 2016, see documentation related changes. guide written ec2config 3.x windows service on older windows servers in mind, , advice given may not directly parallel ec2launch.
take note of version of ec2config , see following documentation further version-specific advice:
for users migrating 3.x 4.x: you'll need to:
- add
"isenabled":true
aws.ec2.windows.cloudwatch.json
json file. - move file
c:\program files\amazon\ec2configservice\settings\
c:\program files\amazon\ssm\plugins\awscloudwatch\
you're asking lot single question, i'm going answer in parts:
1) guide you're following not use case
the documentation linked setting ssm agent in hybrid environment, in environment both ec2 instances , on-premise machines working together. since you're working on ec2 instance instead of on-premise machine, document isn't relevant you. changes following assumptions:
- you should download ec2config instead of ssm agent explicitly. (see step 3)
- you need iam instance profile attached instance instead of iam user relevant permissions. (see step 4)
2) verify ssm agent ec2 run command
you may have ssm agent installed, per documentation:
ssm agent installed default on windows server 2016 instances , instances created windows server 2003-2012 r2 amis published in november 2016 or later.
to check in aws web console, nagivate ec2 > commands > command history > run command
.
in 'run command' ui button 'select instances'. open dropdown of running instances running ssm agent.
if instance listed here, congratulations! have ssm agent installed. skip step 3.
3) setting ssm agent cloudwatch logs
you should install latest version of ec2config. ssm agent comes bundled ec2config , installed alongside. can interactively, or powershell (this example requires v5):
iwr https://ec2-downloads-windows.s3.amazonaws.com/ec2config/ec2install.zip -usebasicparsing -outfile ec2config.zip expand-archive ec2config.zip .\ec2config\ec2install.exe /install
after installation, ec2 config service restarted. go ahead , restart instance (if you're managing password ec2config may not able retrieve console after reboot if haven't re-enabled setting -- copy somewhere in case!), , follow step 2 again verify instance available ec2 run command. added perk: on, you'll able update ec2config , ssm agent ec2 run command.
4) verify iam instance profile's iam role has sufficient permissions
aws documentation covers here, won't retread that.
if no instance profile attached ec2 instance, should create ami , launch new instance of same configuration current one, except uses new ami created , uses iam role sufficient permissions.
5) don't need explicitly specify aws credentials in cloudwatch config
accesskey , secretkey should left blank, because credentials instead inherited iam instance profile:
{ "id": "cloudwatchlogs", "fullname": "aws.ec2.windows.cloudwatch.cloudwatchlogsoutput,aws.ec2.windows.cloudwatch", "parameters": { "accesskey": "", "secretkey": "", "region": "eu-west-1", "loggroup": "myloggroup", "logstream": "{instance_id}" } }, { "id": "cloudwatch", "fullname": "aws.ec2.windows.cloudwatch.cloudwatch.cloudwatchoutputcomponent,aws.ec2.windows.cloudwatch", "parameters": { "accesskey": "", "secretkey": "", "region": "eu-west-1", "namespace": "mymetricsnamespace" } }
after make changes config file, restart ec2config (or instance if easier in workflow) , changes should applied.
6) troubleshooting
logs related sending local logs cw can found on instance here: c:\program files\amazon\ec2configservice\logs\ec2configlog.txt
. invaluable me first time configured this.
the documentation has guidance common problems.
aside that, looks ok me. maybe handle problem in smaller pieces -- tackling setting windows events logs first, metrics, custom logs.
Comments
Post a Comment