无法在 windows 2016 上使用 ec2 cloudwatch 日志答案

【问题标题】：Unable to use ec2 cloudwatch logs on windows 2016无法在 windows 2016 上使用 ec2 cloudwatch 日志
【发布时间】：2017-08-06 03:29:00
【问题描述】：

我添加了一个 \Program Files\Amazon\SSM\Plugins\awsCloudWatch\AWS.EC2.Windows.Cloudwatch.json 文件，如我的用户数据启动中所述，并重新启动了 ssm 服务，如 windows 2016 文档中所述。 ssm 代理日志中没有错误。但是，我没有看到 AWS.Cloudwatch.exe 正在运行，也没有日志进入 cloudwatch。

我真的只对应用程序和系统事件日志以及 \programdata\amazon\ecs\log 目录感兴趣。如果我能正常工作，我也会添加启动日志。

我在哪里可以找到线索？我确实尝试过手动启动 aws.cloudwatch.exe，但不知道配置参数应该是什么样子。

这是我的配置

$ssmconfig = @"
{
    "IsEnabled": true,
    "EngineConfiguration": {
        "PollInterval": "00:00:05",
        "Components": [
            {
                "Id": "ApplicationEventLog",
                "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
                "Parameters": {
                    "LogName": "Application",
                    "Levels": "1"
                }
            },
            {
                "Id": "SystemEventLog",
                "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
                "Parameters": {
                    "LogName": "System",
                    "Levels": "7"
                }
            },
            {
                "Id": "SecurityEventLog",
                "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
                "Parameters": {
                    "LogName": "Security",
                    "Levels": "7"
                }
            },
            {
                "Id": "CustomLogs",
                "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch",
                "Parameters": {
                    "LogDirectoryPath": "C:\\ProgramData\\Amazon\ECS\Log
    ",
    "TimestampFormat": "MM/dd/yyyy HH:mm:ss",
                    "Encoding": "UTF-8",
                    "Filter": "",
                    "CultureName": "en-US",
                    "TimeZoneKind": "Local"
                }
            },
            {
                "Id": "CloudWatchLogs",
                "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch",
                "Parameters": {
                    "Region": "MYREGION}",
                    "LogGroup": "MYLOGGGROUP/win-host-eventlog",
                    "LogStream": "THISINSTANCEID"
                }
            },
            {
                "Id": "CloudWatchEcsLogs",
                "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch",
                "Parameters": {
                    "Region": "MYREGION",
                    "LogGroup": "MYLOGGROUP/win-host-ecs-logs",
                    "LogStream": "THISINSTANCEID"
                }
            }
        ],
        "Flows": {
            "Flows": [
                "(ApplicationEventLog,SystemEventLog),CloudWatchLogs"
"CustomLogs,CloudWatchEcsLogs"
            ]
        }
    }
}
"@

Add-Content "C:\Program Files\Amazon\SSM\Plugins\awsCloudWatch\AWS.ECS.Windows.CloudWatch.json"     $ssmconfig
Restart-Service AmazonSSMAgent

【问题讨论】：

您是否为您的实例分配了 CloudWatch 监控 IAM 角色？
这是添加的权限，听起来您指的是现有策略？ “ssm:UpdateInstanceInformation”、“ssm:ListInstanceAssociations”、“ssm:ListAssociations”、“logs:CreateLogStream”、“logs:PutLogEvents”
不，这似乎是正确的。修改 JSON 文件后是否重启了 AmazonSSMAgent 服务？
是的，这是我在此处发布的 powershell 脚本的最后一行
对于发现此问题的任何人，除了 logs:CreateLogStream 之外，还需要向策略添加一项额外权限：logs:CreateLogGroup。至少在我们的例子中，您可能有正在使用的预先存在的日志组

标签： windows amazon-ec2 amazon-cloudwatch amazon-ecs

【解决方案1】：

根据documentation： EC2Config 服务不包含在 AWS Windows 2016 AMI 中，您需要手动安装它。安装、运行、启用日志集成并更新位于以下路径的 JSON 文件（通常）：

C:\Program Files\Amazon\SSM\Plugins\awsCloudWatch

这是我在服务器上的配置。它工作正常，我得到了日志和性能指标。

{
    "IsEnabled": true,
    "EngineConfiguration": {
        "Components": [{
            "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
            "Id": "ApplicationEventLog",
            "Parameters": {
                "Levels": "1",
                "LogName": "Application" 
            }
        }, {
            "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
            "Id": "SystemEventLog",
            "Parameters": {
                "Levels": "7",
                "LogName": "System"
            }
        }, {
            "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
            "Id": "SecurityEventLog",
            "Parameters": {
                "Levels": "7",
                "LogName": "Security"
            }
        }, {
            "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
            "Id": "ETW",
            "Parameters": {
                "Levels": "7",
                "LogName": "Microsoft-Windows-WinINet/Analytic"
            }
        }, {
            "FullName": "AWS.EC2.Windows.CloudWatch.IisLog.IisLogInputComponent,AWS.EC2.Windows.CloudWatch",
            "Id": "IISLog",
            "Parameters": {
                "LogDirectoryPath": "C:\\inetpub\\logs\\LogFiles\\W3SVC1"
            }
        }, {
            "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch",
            "Id": "CustomLogs",
            "Parameters": {
                "CultureName": "en-US",
                "Encoding": "UTF-8",
                "Filter": "",
                "LogDirectoryPath": "C:\\Logs\\",
                "TimeZoneKind": "Local",
                "TimestampFormat": "yyyy-MM-dd HH:mm:ss"
            }
        }, {
            "FullName": "AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch",
            "Id": "PerformanceCounterMemory",
            "Parameters": {
                "CategoryName": "Memory",
                "CounterName": "Available MBytes",
                "DimensionName": "InstanceId",
                "DimensionValue": "{instance_id}",
                "InstanceName": "",
                "MetricName": "Memory",
                "Unit": "Megabytes"
            }
        }, {
            "FullName": "AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch",
            "Id": "PerformanceCounterDisk",
            "Parameters": {
                "CategoryName": "LogicalDisk",
                "CounterName": "Free Megabytes",
                "DimensionName": "InstanceId",
                "DimensionValue": "{instance_id}",
                "InstanceName": "D:",
                "MetricName": "FreeDisk",
                "Unit": "Megabytes"
            }
        }, {
            "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch",
            "Id": "CloudWatchLogs",
            "Parameters": {
                "AccessKey": "",
                "LogGroup": "ASG",
                "LogStream": "{instance_id}",
                "Region": "eu-west-1",
                "SecretKey": ""
            }
        }, {
            "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch",
            "Id": "CloudWatch",
            "Parameters": {
                "AccessKey": "",
                "NameSpace": "PerformanceMonitor",
                "Region": "eu-west-1",
                "SecretKey": ""
            }
        }],
        "Flows": {
            "Flows": [
                "(PerformanceCounterMemory,PerformanceCounterDisk),CloudWatch",
                "(ApplicationEventLog,SystemEventLog),CloudWatchLogs"
            ]
        },
        "PollInterval": "00:00:15"
    }
}

【讨论】：

谢谢！我读了最后一部分，流程只是将输入 SystemEventLog 发送到输出 CloudWatchLogs，我一定是误解了一些东西。自定义日志和其他事件源是如何添加到您的日志流中的？
你是对的，但这是一个例子。如果要发送 CustomLogs，则应将其添加到 Flows 部分。我只是想确保它将日志发送到 CloudWatch，所以我只添加了 SystemEventLogs。
性能计数器使用的语法是如何做到的？ '(...)' 内的一系列输入？
是的，应该是一样的。
等一下，您是否在 EC2ConfigService 设置中启用了 CloudWatch 日志集成？