Scribd
Upload
9 views4 pages

11 CloudWatch1

The document outlines the process of using the CloudWatch log agent to monitor and send log files to a CloudWatch repository, including filtering for invalid transactions and raising alarms. It details the steps for accessing AWS resources, configuring the log agent, and managing log files and streams. Additionally, it emphasizes the importance of restarting services after configuration changes and setting up notifications for specific log events.

Uploaded by

venkatasaikiran2014
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
9 views4 pages

11 CloudWatch1

The document outlines the process of using the CloudWatch log agent to monitor and send log files to a CloudWatch repository, including filtering for invalid transactions and raising alarms. It details the steps for accessing AWS resources, configuring the log agent, and managing log files and streams. Additionally, it emphasizes the importance of restarting services after configuration changes and setting up notifications for specific log events.

Uploaded by

venkatasaikiran2014
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

application related errors stored on log files, whatver activities end

user doing will get recorded in log file

Out of log file I want to filter invalid transactions more than 100-->
raise alarm --> send notification

Log file contains lof of activities details which discussed eariler

Like laptop want to access Google drive u need browser s/w and google
credentials in same way we need CWlog agent.

CWLogAgent --> My account--> Give credentials

There are 2 ways u can access resources(aws)

GUI access --> username, password

Programmatically access---> how u will access, by using python u wan


to launch ec2 instance, python programme need to use credentials

in aws console --> click Username on top right corner--> my security


credential --> there is something called access key and secret
accesskey which is like username and password

Copy the to notepad

now this ec2 instance,server , aws or onpremise, this machine wants to


access CW repository , this access key and secret access key related
to CW repo acct
If I give ur access key, my ec2 instance will send log files to ur cw
repository acct

At the time of creation of CW log agent it asks 2 things--> whoch CW


repository acct need to access and log grp name, inside my acct there
might be multiple log grp names.

Inside log there might be multiple log file details which we called as
streams, streams can be from one machine or multiple machines

launch ec2 instance


your work is to send log file details to CWrepo as a admin and also
configure which errors need to be monitored and notified

testing purpose create some simple file file1.txt > this is testing
cloud watch logs, testing app monitoring
ls -ltr /home/ubuntu/file1.txt

click on cloud watch

click on logs --> log groups

to install cw log agent , u need to install python first

apt-get install python2.7

follow documentation: cloud watch log agent install in ubuntu/file1

to run directly from internet follow this

execute .py file

.py --region ap-southeast-1

this will prompt for accesskey, secret accesskey and which region u
want to send file

Path of log: /home/ubuntu/file1.txt

destination log grp name: as of now no grp available so i say


testcwloggrp it will create

grp has streams

aws given some options i can use instance id

from start of file: 1 option 1

add some more records into file1.txt

new thing will be added by default

as of now grp is having one stream, I want to send one more file from
same system, technically it is possible

how to send one more file

cd /var /log/auth.log
want to send above

you can do it, check the configuration file of CloudLogAgent

so /var/log/auth.log ---> authlogdetails


under TestCWLG

we need to do some changes in conf file, cloud watch log agent sw have
conf file

/var/awslogs/etc/awslogs.conf

/var/log/awslog.log -

someone complaining log files not going to Cloud watch repo

service aswslogs stop, we dont know that

log file continously updating to file1.txt


add more messages to that file,these details will not be available in
cloud watch repo as service is stopped

so now start service aswslogs start, from this moment onwards will
update to cloud watch repository

go to awslogs.conf

come down

every 5000 milli sec cloud watch log agent upload to cloud watch
repository

if u want to copy one more file ,copy 7 lines 7yy and insert

change the file name and give different stream name instead of
instance id , such as OSuserlogs

whenever u do changes in conf file restart sevice awslogs restart

auth.log contains

tail -f auth.log, from where u are logging into this machine

give satya user in ssh

refresh log in cloudwatch repo

so i need notification for invAalid users

if grter than 100 in last 5mins

click on cloudwtch log grp--> filter-->invalid user --> test pattern


--> create filter
install apache 2

cd /var/log/apache2/access.log

if some request comes to port 80 it will be logged in access.

add entry in configuration file and restart and create filter 404

if u give access.log file wrong name it will not update u can see the
same from awslogs.log

You might also like