- Newest
- Most votes
- Most comments
Hi,
I have a slightly different issue with deploying the LogManager: It only forwards the System logs not the custom component's logs. Here's the configuration:
{
"reset": [],
"merge": {
"logsUploaderConfiguration": {
"systemLogsConfiguration": {
"uploadToCloudWatch": "true",
"deleteLogFileAfterCloudUpload": "false"
}
},
"componentLogsConfigurationMap": {
"com.<company_name>.<custome_component>": {
"minimumLogLevel": "INFO",
"deleteLogFileAfterCloudUpload": "false"
}
},
"periodicUploadIntervalSec": "300"
}
}
Wondering if I need to include the "uploadToCloudWatch": "true" for the component too?
Hello Tuan, In the future, please ask a new question for assistance. It is only by pure luck that I noticed you added a new question in the answers here.
componentLogsConfigurationMap
needs to go under the keylogsUploaderConfiguration
. That's the problem you have. You can review the configuration format along with examples here: https://docs.aws.amazon.com/greengrass/v2/developerguide/log-manager-component.html#log-manager-component-configuration.
Hi, Are you still facing this issue? What version of log manager are you using, and could you share the part of greengrass.log
file that show log manager getting started up and doing any work, if you can share debug logs, that will be more helpful. You said S3 and EventBridge access work fine, does that mean you are able to access those from the Greengrass core device using the TokenExchangeService component? (to confirm if the IoT role alias is set up correctly)
Relevant content
- asked 2 years ago
- Accepted Answerasked 6 months ago
- asked a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
When you say "Having Greengrass create the roles and policies itself works.", this means that when Greengrass created the role for you it is then able to upload the logs to CloudWatch? If that is true it sounds like you may have an issue with the IoT Role Alias. If that is the case, then you would see errors in greengrass.log when it tries to use the Role Alias. Common issues here would be that the IAM Role does not have credentials.iot.amazonaws.com as the trusted service.
Does your LogManager deployment configuration specify some log files to upload? Either in systemLogsConfiguration or componentLogsConfigurationMap?
"Enable logging to CloudWatch Logs" section here covers what you need to upload log to Cloudwatch. Do you have both the needed IAM policy and
"uploadToCloudWatch": true
config?@MichaelDombrowski-AWS Thanks for pointing that out. Strange thing is that, to the role there are other policies attached, (eventbridge and S3) these were accessed just fine, only Cloudwatch was not accessed. This is the trust policy that is attached to the role.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "credentials.iot.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
@AWS-User-8932345 & @Ryan_B Yeah, my config looks like this:
{ "reset": [], "merge": { "logsUploaderConfiguration": { "systemLogsConfiguration": { "uploadToCloudWatch": "true", "minimumLogLevel": "INFO", "diskSpaceLimit": "10", "diskSpaceLimitUnit": "MB", "deleteLogFileAfterCloudUpload": "false" }, "componentLogsConfigurationMap": { "com.<company>.<component>": { "minimumLogLevel": "INFO", "diskSpaceLimit": "20", "diskSpaceLimitUnit": "MB", "deleteLogFileAfterCloudUpload": "false" } } }, "periodicUploadIntervalSec": "300" } }