I added a \Program Files\Amazon\SSM\Plugins\awsCloudWatch\AWS.EC2.Windows.Cloudwatch.json file as explained to my user-data startup and restarted the ssm service as explained in the documentation for windows 2016. There are no errors in the ssm agent log. However, I do not see AWS.Cloudwatch.exe running, and no logs make it to cloudwatch.
I am really interested in just the application and system event logs and the \programdata\amazon\ecs\log directory. If I get that working, I will add the launch logs too.
Where can I look for clues? I did try starting the aws.cloudwatch.exe manually but don't know what the configuration argument is supposed to look like.
Here is my configuration
$ssmconfig = @"
{
"IsEnabled": true,
"EngineConfiguration": {
"PollInterval": "00:00:05",
"Components": [
{
"Id": "ApplicationEventLog",
"FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Parameters": {
"LogName": "Application",
"Levels": "1"
}
},
{
"Id": "SystemEventLog",
"FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Parameters": {
"LogName": "System",
"Levels": "7"
}
},
{
"Id": "SecurityEventLog",
"FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Parameters": {
"LogName": "Security",
"Levels": "7"
}
},
{
"Id": "CustomLogs",
"FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Parameters": {
"LogDirectoryPath": "C:\\ProgramData\\Amazon\ECS\Log
",
"TimestampFormat": "MM/dd/yyyy HH:mm:ss",
"Encoding": "UTF-8",
"Filter": "",
"CultureName": "en-US",
"TimeZoneKind": "Local"
}
},
{
"Id": "CloudWatchLogs",
"FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch",
"Parameters": {
"Region": "MYREGION}",
"LogGroup": "MYLOGGGROUP/win-host-eventlog",
"LogStream": "THISINSTANCEID"
}
},
{
"Id": "CloudWatchEcsLogs",
"FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch",
"Parameters": {
"Region": "MYREGION",
"LogGroup": "MYLOGGROUP/win-host-ecs-logs",
"LogStream": "THISINSTANCEID"
}
}
],
"Flows": {
"Flows": [
"(ApplicationEventLog,SystemEventLog),CloudWatchLogs"
"CustomLogs,CloudWatchEcsLogs"
]
}
}
}
"@
Add-Content "C:\Program Files\Amazon\SSM\Plugins\awsCloudWatch\AWS.ECS.Windows.CloudWatch.json" $ssmconfig
Restart-Service AmazonSSMAgent
`
According to the documentation: The EC2Config service is not included in AWS Windows 2016 AMIs and you need to install it manually. Install it, run it, enable log integration, and update the JSON file (normally) located in the following path:
C:\Program Files\Amazon\SSM\Plugins\awsCloudWatch
Here is the configuration I have on my servers. It works fine and I get both logs and performance metrics.
{
"IsEnabled": true,
"EngineConfiguration": {
"Components": [{
"FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "ApplicationEventLog",
"Parameters": {
"Levels": "1",
"LogName": "Application"
}
}, {
"FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "SystemEventLog",
"Parameters": {
"Levels": "7",
"LogName": "System"
}
}, {
"FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "SecurityEventLog",
"Parameters": {
"Levels": "7",
"LogName": "Security"
}
}, {
"FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "ETW",
"Parameters": {
"Levels": "7",
"LogName": "Microsoft-Windows-WinINet/Analytic"
}
}, {
"FullName": "AWS.EC2.Windows.CloudWatch.IisLog.IisLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "IISLog",
"Parameters": {
"LogDirectoryPath": "C:\\inetpub\\logs\\LogFiles\\W3SVC1"
}
}, {
"FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "CustomLogs",
"Parameters": {
"CultureName": "en-US",
"Encoding": "UTF-8",
"Filter": "",
"LogDirectoryPath": "C:\\Logs\\",
"TimeZoneKind": "Local",
"TimestampFormat": "yyyy-MM-dd HH:mm:ss"
}
}, {
"FullName": "AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "PerformanceCounterMemory",
"Parameters": {
"CategoryName": "Memory",
"CounterName": "Available MBytes",
"DimensionName": "InstanceId",
"DimensionValue": "{instance_id}",
"InstanceName": "",
"MetricName": "Memory",
"Unit": "Megabytes"
}
}, {
"FullName": "AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "PerformanceCounterDisk",
"Parameters": {
"CategoryName": "LogicalDisk",
"CounterName": "Free Megabytes",
"DimensionName": "InstanceId",
"DimensionValue": "{instance_id}",
"InstanceName": "D:",
"MetricName": "FreeDisk",
"Unit": "Megabytes"
}
}, {
"FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch",
"Id": "CloudWatchLogs",
"Parameters": {
"AccessKey": "",
"LogGroup": "ASG",
"LogStream": "{instance_id}",
"Region": "eu-west-1",
"SecretKey": ""
}
}, {
"FullName": "AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "CloudWatch",
"Parameters": {
"AccessKey": "",
"NameSpace": "PerformanceMonitor",
"Region": "eu-west-1",
"SecretKey": ""
}
}],
"Flows": {
"Flows": [
"(PerformanceCounterMemory,PerformanceCounterDisk),CloudWatch",
"(ApplicationEventLog,SystemEventLog),CloudWatchLogs"
]
},
"PollInterval": "00:00:15"
}
}