By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

amazon-cloudwatch-agent collects Windows log errors

1

version { "status": "running", "starttime": "2023-06-15T02:39:20", "version": "1.247345.33b249130" }

amazon-cloudwatch-agent.log I! [processors.ec2tagger] ec2tagger: 10 retry for initial retrieval of tags and volumes W! [processors.ec2tagger] ec2tagger: Unable to describe ec2 tags for initial retrieval: AuthFailure: AWS was not able to validate the provided access credentials status code: 401, request id: 1e9c4a9f-101a-4632-8bed-c4c80ec7e0e3 E! [windows_event_log] Failed to read Windows event logs for log group name Windows-Event. Details: XML syntax error on line 1: unexpected EOF

The aws credentials are all configured, how can I solve it?

  • DD-Boom
    10 months ago

    Now the Windows log is uploaded to CloudWatch, but the xml code is uploaded: "<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System>...........". The CloudWatch agent still reports an error "E! [windows_event_log] Failed to read Windows event logs for log group name Windows-Event. Details: XML syntax error on line 1: unexpected EOF"

Topics
Management & GovernanceCompute
Tags
Amazon CloudWatchWindows ProvisioningAmazon CloudWatch LogsWindows
Language
English
AWS-User-3563040
asked 10 months ago362 views
2 Answers
0

Hi there!

A couple of things to check:

  1. I don't know what version of windows you have but generally speaking, can you validate the credentials have the right permissions to access the instance?
  2. Verify the CloudWatch agent configuration.

I hope this helps.

profile pictureAWS
EXPERT
Jose Guay
answered 10 months ago
  • DD-Boom
    10 months ago

    thanks a lot for answering Now the Windows log is uploaded to CloudWatch, but the xml code is uploaded: "<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System>...........". The CloudWatch agent still reports an error "E! [windows_event_log] Failed to read Windows event logs for log group name Windows-Event. Details: XML syntax error on line 1: unexpected EOF"

  • Jose Guay EXPERT
    10 months ago

    I see, so the error is saying "unexpected EOF" which means that even know the XML is valid, it has no content. I would recommend to still check the CW agent configuration and additionally, try to find those entries in Event Viewer to compare the content. It may very well be that the log entries are indeed empty which would indicate a different problem (much harder to troubleshoot) with the instance. If Event Viewer shows content but CW Logs don't, then most likely the issue is with the agent. Alternatively you can try to re-deploy the agent if nothing else works.

    I hope this helps.

0

Hi, you seem to have an issue on ec2 describe-tags issue by ec2 service when launching your instance https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-tags.html,

It's action DescribeTags (see https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions) that seems to be missing in your defined credentials.

So, the best way to solve it to modify your defined IAM credentials with a looser definition for EC2 (Action:* and Resource:*) to see see if it goes through. Then, you can incrementally tighten them to restrict to allow really needed authorized actions.

profile pictureAWS
EXPERT
Didier_Durand
answered 10 months ago
  • DD-Boom
    10 months ago

    Now the Windows log is uploaded to CloudWatch, but the xml code is uploaded: "<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System>...........". The CloudWatch agent still reports an error "E! [windows_event_log] Failed to read Windows event logs for log group name Windows-Event. Details: XML syntax error on line 1: unexpected EOF"

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content