Problem
There's a security requirement to have centralized application logging. How can I do that?
Solution
The easiest way to do this is to take advantage of the Cloudwatch agent that's already installed on the "CIS Secure" images offered as part of a Moderate of High risk data space. To do so:
- Edit the file /var/awslogs/etc/awslogs.conf . If this file does not exist, the cloud watch agent is not set up and will have to be installed first.
Add a stanza like the one below to the bottom of the file. Parts in bold should be edited to match the specifics of what you want logged. Make sure the path is correct and that the log_stream_name contains a description of what the file is (no spaces are allowed) in the third pipe separeted field. \{instance_id\} and \{ip_address\} can be left as is, they will get replaced automatically with the actual values.
[/var/log/httpd/error_log]
file = /var/log/httpd/error_log
log_group_name = Application_Logs
datetime_format = %b %d %H:%M:%S
log_stream_name = {instance_id}|{ip_address}|httpd_error_log
3. Restart the cloudwatch agent with the command
sudo service awslogs restart
4. Logs will begin being sent to Cloudwatch.
Related articles