How to push custom application logs to cloudwatch

Question

Scenario - I have multiple java microservice containers running on ECS(ec2-backed).
In each microservice container, we are collecting custom application logs in the location /var/log/app.There are around 5 containers in one ec2.
I want to push those application logs from within the container directly to cloudwatch with a custom structure. Is this possible?

I tried installing cloudwatch agent inside the container. But this did not work.

Guide me on this!

Accepted Answer

You can send application logs from within an ECS container directly to CloudWatch with a custom structure using the default CloudWatch log driver for ECS. 
Here's how you can achieve this:

1. **Configure your application to send logs to STDOUT/STDERR**:
   Instead of writing logs to a file, you need to configure your application to send logs to the standard output (STDOUT) or standard error (STDERR) streams. This is a common practice for containerized applications, as the container engine (in this case, ECS) captures these streams and can forward them to a logging solution like CloudWatch.

For Java applications, you can typically configure your logging framework (e.g., Log4j, Logback) to redirect the logs to STDOUT/STDERR. For example, with Logback, you can configure the `ConsoleAppender` to write to STDOUT. Please check the Java documentation to see what is the configuration to do it with your current logging driver.

2. **Configure the CloudWatch log driver in your ECS task definition**:
   In your ECS task definition, you need to configure the CloudWatch log driver to capture the logs from STDOUT/STDERR and send them to CloudWatch Logs. Here's an example of how you can configure the log driver:

```json
   {
     "logConfiguration": {
       "logDriver": "awslogs",
       "options": {
         "awslogs-group": "/ecs/your-log-group-name",
         "awslogs-region": "your-aws-region",
         "awslogs-stream-prefix": "your-log-stream-prefix"
       }
     }
   }
   ```

- `awslogs-group`: The name of the CloudWatch Logs log group where your logs will be sent.
   - `awslogs-region`: The AWS region where your CloudWatch Logs log group is located.
   - `awslogs-stream-prefix`: An optional prefix for the log stream names within the log group.

With this configuration, the CloudWatch log driver will capture the STDOUT/STDERR streams from your containers and send the logs to the specified CloudWatch Logs log group.

3. **Customize the log format**:
   By default, the CloudWatch log driver will send logs to CloudWatch Logs in a predefined format. However, you can customize the log format by configuring your logging framework (e.g., Log4j, Logback) to include additional information or structure in the log messages.

For example, with Logback, you can use a custom pattern layout to include additional fields or metadata in your log messages, which will be preserved in CloudWatch Logs.

By following these steps, you can send your application logs from within the ECS containers directly to CloudWatch Logs with a custom structure, without the need to install the CloudWatch agent inside the containers.

Note: If you need more advanced log processing or filtering capabilities, you may want to consider using AWS FireLens, which is a log router for ECS that allows you to filter, enrich, and route logs from your containers to various destinations, including CloudWatch Logs.

Answer

Hello.

I think that if you use the awslogs log driver, you will be able to output the logs that are output to the standard output of the container.  
Therefore, if you output logs to standard output such as "/dev/stdout" on the application side, the logs will be output to CloudWatch Logs.  
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html

How to push custom application logs to cloudwatch

Relevant content