Feeding log files into CloudWatch logs

CloudWatch logs is a managed, highly durable, log storage system in AWS. It's capable of ingesting logs from many sources. We're going to focus on what is probably the most common use case which is shipping logs off your EC2 instances into CloudWatch logs.

This capability is particularly important in highly dynamic auto scaling environments. Since the lifetime of your EC2 instances can be quite short, any logs which are written only to a local disk will be lost upon instance termination. You'll inevitably find yourself wishing you had access to server logs after an instance has disappeared.

The following pattern we're about to show you allows you to aggregate, search and filter log entries across a number of sources. You can then create custom metrics and trigger alarms based on log activity. Super handy!

In this recipe we're going to:

  • Launch an EC2 instance
  • Configure it to send logs to CloudWatch logs
  • Create a filter based on SSH logins to the instance
  • Send ourselves an e-mail alert on filter matches
This might be something you'd consider doing on your bastion boxes since they will typically be the sole point of SSH access to your environments and it can be a good idea to make a lot of noise if people are logging in to production servers.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset