Home › Forums › AWS › AWS Certified Security – Specialty › CloudWatch logs not being sent › Reply To: CloudWatch logs not being sent
-
Hi Robert,
Thank you for sharing your thoughts on this scenario. The scenario says:
An application is hosted in multiple Linux EC2 instances that upload logs to Amazon CloudWatch Logs, which are then processed by Amazon Elasticsearch. The Security Administrator recently discovered that some instances are not sending the logs to CloudWatch.
What should the Administrator do to troubleshoot this issue?
You are referring to this option:
View the /var/log/awslogs-agent-setup.log file to check for any CloudWatch Logs Agent (awslogs) errors.
The explanation says that this is incorrect because the “awslogs-agent-setup.log” file only contains the installation logs for the log agent. Nonetheless, I do agree with you that you can also use this as part of your troubleshooting process.
Based on the provided AWS reference links, the most preferred way to troubleshoot this issue is to review the /var/log/awslogs.log log file to view any error messages:
https://aws.amazon.com/premiumsupport/knowledge-center/push-log-data-cloudwatch-awslogs
Although you can check awslogs-agent-setup.log, it doesn’t contain the most recent log files that could help you troubleshoot the issue. To avoid any ambiguity, I’ll just revise the scenario to say that:
…The Security Administrator recently discovered that some instances have abruptly stopped sending the logs to CloudWatch.
Thanks again for sharing your constructive feedback. Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!
Regards,
Jon Bonso @ Tutorials Dojo