Home › Forums › AWS › AWS Certified Security – Specialty › CloudWatch logs not being sent
-
CloudWatch logs not being sent
-
There’s a scenario, which states “The Security Administrator recently discovered that some instances are not sending the logs to CloudWatch”.
I’m reading this as these instances have never send the logs to CloudWatch, as in the case it was working earlier, and suddenly stopped working, I would expect the word ‘anymore’ in the scenario. (like ‘are not sending the logs to CloudWatch anymore’)
Based on this reasoning (never worked), I selected the answer which mentioned to check the awslogs agent setup log file, as most likely the installation of the awslogs agent had gone wrong. But this was not marked as the correct answer…
I don’t fully agree with this!
Cheers,
Robert -
Hi Robert,
Thank you for sharing your thoughts on this scenario. The scenario says:
An application is hosted in multiple Linux EC2 instances that upload logs to Amazon CloudWatch Logs, which are then processed by Amazon Elasticsearch. The Security Administrator recently discovered that some instances are not sending the logs to CloudWatch.
What should the Administrator do to troubleshoot this issue?
You are referring to this option:
View the /var/log/awslogs-agent-setup.log file to check for any CloudWatch Logs Agent (awslogs) errors.
The explanation says that this is incorrect because the “awslogs-agent-setup.log” file only contains the installation logs for the log agent. Nonetheless, I do agree with you that you can also use this as part of your troubleshooting process.
Based on the provided AWS reference links, the most preferred way to troubleshoot this issue is to review the /var/log/awslogs.log log file to view any error messages:
https://aws.amazon.com/premiumsupport/knowledge-center/push-log-data-cloudwatch-awslogs
Although you can check awslogs-agent-setup.log, it doesn’t contain the most recent log files that could help you troubleshoot the issue. To avoid any ambiguity, I’ll just revise the scenario to say that:
…The Security Administrator recently discovered that some instances have abruptly stopped sending the logs to CloudWatch.
Thanks again for sharing your constructive feedback. Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!
Regards,
Jon Bonso @ Tutorials Dojo
Log in to reply.