EC2 Windows - CloudWatch Agent not creating "Log Group" for customs file logs
Hello,
I created an EC2 Windows instance and installed the CloudWatch Agent, I run the configuration wizard and added the Windows System logs and custom file location as in can be seen here:
{
"logs": {
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "C:\\Logs\\appplication.log",
"log_group_name": "My-Logs",
"log_stream_name": "{instance_id}",
"retention_in_days": 1
}
]
},
"windows_events": {
"collect_list": [
{
"event_format": "xml",
"event_levels": [
"VERBOSE",
"INFORMATION",
"WARNING",
"ERROR",
"CRITICAL"
],
"event_name": "System",
"log_group_name": "WindowsEventSystem",
"log_stream_name": "{instance_id}",
"retention_in_days": 1
}
]
}
}
}
I tried different "file_path" formats for the custom logs and entered text in the file but still the "Log Group" does not get created in CloudWatch only the WindowsEventSystem
"C:/Logs/appplication.log", "C:\Logs\appplication.log" "C:\\Logs\\appplication.log",
Custom Logs:
Policy attached to the EC2 instance:
Any help will be appreciated. Thanks
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Suggest you try escaping the directory separator in the file_path e.g. "C:\\Logs\\appplication.log" (or maybe due to typo in the file name (ppp)) and the file doesn't exist?
Thank you Pete_D. I have added an image showing the file path and file. The file path and file exists. My latest version of the configuration file is using your and Matt-B suggestion for the path. Thank again.
Have you had a look at the CWAgent log file, this is normally in C:\ProgramData\Amazon\AmazonCloudWatchAgent\Logs, this may give some clues.
Hi There
Please try using "C:\\Logs\\appplication.log" for the file_path
the following is an example of a logs section.
"logs":
{
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "c:\\ProgramData\\Amazon\\AmazonCloudWatchAgent\\Logs\\amazon-cloudwatch-agent.log",
"log_group_name": "amazon-cloudwatch-agent.log",
"log_stream_name": "my_log_stream_name_1",
"timestamp_format": "%H: %M: %S%y%b%-d"
},
{
"file_path": "c:\\ProgramData\\Amazon\\AmazonCloudWatchAgent\\Logs\\test.log",
"log_group_name": "test.log",
"log_stream_name": "my_log_stream_name_2"
}
]
},
"windows_events": {
"collect_list": [
{
"event_name": "System",
"event_levels": [
"INFORMATION",
"ERROR"
],
"log_group_name": "System",
"log_stream_name": "System"
},
{
"event_name": "CustomizedName",
"event_levels": [
"INFORMATION",
"ERROR"
],
"log_group_name": "CustomizedLogGroup",
"log_stream_name": "CustomizedLogStream"
}
]
}
},
"log_stream_name": "my_log_stream_name"
}
Also here is a good walk-through (lab) for setting up CW Logging on a windows server
Thank you Matt-B, I appreciate the time. I did try the format you indicated "C:\Logs\appplication.log" and still the CloudWatch does not create the "Log Group" "My-Logs". Thanks again.
I addition to the other replies, I would verify that the role attached to the instance has the IAM permissions for logs:CreateLogGroup
Thank you Kyager. The policy has that permission. I have attached an image showing the entire policy.
Relevanter Inhalt
AWS OFFICIALAktualisiert vor 2 Jahren- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
Is it possible to create subscription filter as part of this config file?
I am also facing the same issue. Any one has a solution for this yet?
I am having the exact same issue as well, only Windows events were pipe to CloudWatch but not the customised log files. Anyone has the solution?
@eugenelq: I got it working with Matt B's answer below (refer the link in his answer). Also, try again with a fresh / new EC2 instance.