AmazonLinux2023でログの出力を制御するために/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.jsonの設定を下記の通りに実施しました。
{
"logs": {
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/messages",
"log_group_name": "messages",
"log_stream_name": "{instance_id}",
"retention_in_days": -1,
"filters": [
{
"type": "include",
"expression": "audit"
}
]
}
]
}
}
}
}
上記を設定した後にsystemctl restart amazon-cloudwatch-agent.serviceコマンドでサービスの再起動をしましたが、フィルターが効いていないようです。
また、amazon-cloudwatch-agent.tomlの内容が重複しているようですがこれも関係あるのでしょうか?
[inputs]
[[inputs.logfile]]
destination = "cloudwatchlogs"
file_state_folder = "/opt/aws/amazon-cloudwatch-agent/logs/state"
[[inputs.logfile.file_config]]
file_path = "/var/log/messages"
from_beginning = true
log_group_class = ""
log_group_name = "messages"
log_stream_name = "i-XXXXXXXXXXXX"
pipe = false
retention_in_days = -1
[[inputs.logfile.file_config]]
file_path = "/var/log/messages"
from_beginning = true
log_group_class = ""
log_group_name = "messages"
log_stream_name = "i-XXXXXXXXXXXX"
pipe = false
retention_in_days = -1
[[inputs.logfile.file_config.filters]]
expression = "audit"
type = "include"