One key to managing any IT environment is the availability of logs -- rolling files that capture and record an...
array of events within systems, applications and actions. Admins can access and review log files to identify and troubleshoot problems and trends for long-term planning.
Amazon CloudWatch provides a feature called "Logs," which captures and stores log files from Amazon Elastic Compute Cloud (EC2) instances and AWS CloudTrail. Through CloudWatch logging, IT teams can collect and aggregate content from resources outside of AWS. And Amazon EC2 instances export any event log, event trace or log text file for CloudWatch logging. For example, a Windows-based instance can send Windows Server system, security, application or Internet Information Server information for CloudWatch logging and then apply CloudWatch metrics to report them.
Admins can check CloudWatch Logs for a variety of different activities, including near real-time troubleshooting as well as can filtering for events, phrases, values or behaviors that occur. For example, a technician can receive alarms corresponding to log errors that exceed a selected threshold, and then review the log entries to learn the underlying cause. Similarly, CloudWatch logging results can be viewed graphically over a longer period of time, allowing enterprise IT to make better strategic decisions about changes, such as infrastructure improvements or adjusting AWS products to boost workload performance.
CloudWatch retention settings enable admins to decide how long to store log events. Log data is stored indefinitely by default, but users can also set a log expiration, allowing any older log data or events to be automatically deleted. This helps limit storage use and reflects established corporate data retention policies.
CloudWatch Logs have storage, configuration and traffic limitations. The service provides 5 GB of incoming data and 5 GB of data archiving for free, though additional storage will require services like Amazon Glacier. Users can configure up to 500 log groups and filter up to 100 CloudWatch metrics per log group.
CloudWatch logging is available up to 256 KB and can handle batched log events up to 1 MB. Log events can only be sent -- "PutLogEvents" -- up to five requests per second, per log stream; log events can only be received -- "GetLogEvents" -- up to 10 requests per second for the entire AWS account. This can pose a problem when processing a large number of logs for multiple business units.
Amazon EC2 instances running Linux, Ubuntu, CentOS or RHEL must have a CloudWatch Logs agent installed. Windows Server can also use a CloudWatch Logs agent, but Windows Server instances, such as Amazon Machine Instances, already include the EC2Config service, which can send event or Web server request logs to CloudWatch Logs.
Monitor EC2 resources with CloudWatch
AWS logging tools help secure resources
Sort all that data with AWS log management tools
Dig Deeper on AWS CloudWatch and application performance monitoring
Related Q&A from Stephen J. Bigelow
Microsoft offers a free antimalware tool for client and server systems, but administrators need to tune the layers of protection to avoid problems. Continue Reading
Testing Exchange information rights management functionality can be tedious, but Microsoft offers a dedicated cmdlet for Exchange 2016 administrators... Continue Reading
Not every tool is right for the job of backing up data. Find out what limits System Center DPM 2016 protection and which alternatives cover what it ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.