Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

Get $4 OFF in AWS Solutions Architect & Data Engineer Associate Practice Exams for $10.99 each ONLY!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty CloudWatch logs not being sent

  • CloudWatch logs not being sent

     Jon-Bonso updated 3 years, 11 months ago 2 Members · 2 Posts
    AWS Certified Security – Specialty

  • kung

    Member
    May 3, 2020 at 10:17 pm

    There’s a scenario, which states “The Security Administrator recently discovered that some instances are not sending the logs to CloudWatch”.

    I’m reading this as these instances have never send the logs to CloudWatch, as in the case it was working earlier, and suddenly stopped working, I would expect the word ‘anymore’ in the scenario. (like ‘are not sending the logs to CloudWatch anymore’)

    Based on this reasoning (never worked), I selected the answer which mentioned to check the awslogs agent setup log file, as most likely the installation of the awslogs agent had gone wrong. But this was not marked as the correct answer…

    I don’t fully agree with this!

    Cheers,
    Robert

  • Jon-Bonso

    Administrator
    May 5, 2020 at 8:58 am

    Hi Robert,

    Thank you for sharing your thoughts on this scenario. The scenario says:

    An application is hosted in multiple Linux EC2 instances that upload logs to Amazon CloudWatch Logs, which are then processed by Amazon Elasticsearch. The Security Administrator recently discovered that some instances are not sending the logs to CloudWatch.

    What should the Administrator do to troubleshoot this issue?

    You are referring to this option:

    View the /var/log/awslogs-agent-setup.log file to check for any CloudWatch Logs Agent (awslogs) errors.

    The explanation says that this is incorrect because the “awslogs-agent-setup.log” file only contains the installation logs for the log agent. Nonetheless, I do agree with you that you can also use this as part of your troubleshooting process.

    Based on the provided AWS reference links, the most preferred way to troubleshoot this issue is to review the /var/log/awslogs.log log file to view any error messages:

    https://aws.amazon.com/premiumsupport/knowledge-center/push-log-data-cloudwatch-awslogs

    Although you can check awslogs-agent-setup.log, it doesn’t contain the most recent log files that could help you troubleshoot the issue. To avoid any ambiguity, I’ll just revise the scenario to say that:

    …The Security Administrator recently discovered that some instances have abruptly stopped sending the logs to CloudWatch.

    Thanks again for sharing your constructive feedback. Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!

    Regards,

    Jon Bonso @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now