【问题标题】:AWS Elastic Beanstalk: Custom Cloudwatch Logs not showing despite IAM permissions and custom configAWS Elastic Beanstalk:尽管有 IAM 权限和自定义配置,但未显示自定义 Cloudwatch 日志
【发布时间】:2021-06-24 22:36:39
【问题描述】:

我在设置自定义日志文件从我的 AWS Elastic Beanstalk 项目流式传输到 CloudWatch 时遇到问题。作为参考,我尝试了"AWS Elastic Beanstalk: Add custom logs to CloudWatch?" 中的建议,但无济于事。本质上,当我从主机下载日志时,我想要的日志文件位于 /var/log/containers/api-1c080332ba3f-stdouterr.log/var/log/containers/nginx-a5057f87f4cf-stdouterr.log/var/log/containers/web-0a2e0762e8f0-stdouterr.log(每次更新时数字都会更改)。 p>

我在.ebextensions/log.config (following this for reference) 中添加了一个新的自定义日志配置文件:

packages:
  yum:
    awslogs: []

files:
  "/etc/awslogs/awscli.conf" :
    mode: "000600"
    owner: root
    group: root
    content: |
      [plugins]
      cwlogs = cwlogs
      [default]
      region = `{"Ref":"AWS::Region"}`

  "/etc/awslogs/awslogs.conf" :
    mode: "000600"
    owner: root
    group: root
    content: |
      [general]
      state_file = /var/lib/awslogs/agent-state

  "/etc/awslogs/config/logs.conf" :
    mode: "000600"
    owner: root
    group: root
    content: |
      [/var/log/containers/nginx-stdouterr.log]
      log_group_name = `{"Fn::Join":["/", ["/aws/elasticbeanstalk", { "Ref":"AWSEBEnvironmentName" }, "var/log/containers/nginx-stdouterr.log"]]}`
      log_stream_name = {instance_id}
      file = /var/log/containers/nginx*

      [/var/log/containers/web-stdouterr.log]
      log_group_name = `{"Fn::Join":["/", ["/aws/elasticbeanstalk", { "Ref":"AWSEBEnvironmentName" }, "var/log/containers/web-stdouterr.log"]]}`
      log_stream_name = {instance_id}
      file = /var/log/containers/web*

      [/var/log/containers/api-stdouterr.log]
      log_group_name = `{"Fn::Join":["/", ["/aws/elasticbeanstalk", { "Ref":"AWSEBEnvironmentName" }, "var/log/containers/api-stdouterr.log"]]}`
      log_stream_name = {instance_id}
      file = /var/log/containers/api*

commands:
  "01":
    command: systemctl enable awslogsd.service
  "02":
    command: systemctl restart awslogsd

我已将此策略另外添加到服务和 ec2 角色中:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogStream",
                "logs:CreateLogGroup",
                "logs:PutLogEvents",
                "logs:DescribeLogGroups",
                "logs:DescribeLogStreams"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

最后,我在/var/logs/awslogs.log 中看不到任何错误。

我还缺少其他作品吗?到目前为止没有运气翻阅官方文档。

【问题讨论】:

  • 你能解决这个问题吗?

标签: amazon-web-services amazon-elastic-beanstalk amazon-cloudwatch amazon-cloudwatchlogs


【解决方案1】:

尝试添加 CloudWatchAgentServerPolicy 托管策略,而不是将您自己的策略添加到实例角色。

当我的工作时,我还删除了/etc/awslogs/awslogs.conf 文件定义。

最后,代理似乎只在将行写入日志文件时才在 CloudWatch 中创建日志组。确保您正在收集的文件正在被写入,并查看是否创建了日志组。祝你好运!

【讨论】:

    猜你喜欢
    • 2017-10-18
    • 2015-03-27
    • 2018-08-27
    • 1970-01-01
    • 2012-08-30
    • 2021-09-03
    • 2012-12-13
    • 2021-01-27
    • 2012-08-13
    相关资源
    最近更新 更多