By using AWS re:Post, you agree to the AWS re:Post Terms of Use

How do I upload my Windows logs to CloudWatch?

3 minute read
0

I want to upload my Windows logs to Amazon CloudWatch.

Resolution

Upload your Windows logs to CloudWatch with AWS Systems Manager and Amazon CloudWatch agent. Then, store the configuration file in the SSM Parameter Store, a capability of AWS Systems Manager.

Create IAM roles

Create server and administrator AWS Identity and Access Management (IAM) roles to use with the CloudWatch agent. The server role allows instances to upload metrics and logs to CloudWatch. The administrator role creates and stores the CloudWatch configuration template in the Systems Manager Parameter Store.

Note: Be sure to follow both IAM role creation procedures to limit access to the admin role.

Attach the server role

Attach the server role to any Elastic Compute Cloud (Amazon EC2) instances that you want to upload your logs for.

Attach the administrator role

Attach the administrator role to your administrator configuration instance.

Install the CloudWatch agent package

Download and install the CloudWatch agent package with AWS Systems Manager Run Command. In the Targets area, choose your server instances and your administrator instance.

Note: Before you install the CloudWatch agent, be sure to update or install SSM agent on the instance.

Create the CloudWatch agent configuration file

Create the CloudWatch agent configuration file on your administrator instance using the configuration wizard. Store the file in the Parameter Store. Record the Parameter Store name that you choose. For an example configuration with logs, see CloudWatch agent configuration file: Logs section.

To create your configuration file, complete the following steps:

  1. Run PowerShell as an administrator.
  2. To start the configuration wizard, open Command Prompt. Then, run the .exe file that's located at C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-config-wizard.exe.
  3. To create the configuration file, answer the following questions in the configuration wizard:
    On which OS are you planning to use the agent?
    Select Windows.
    Are you using EC2 or On-Premises hosts?
    Select Ec2.
    Do you have any existing CloudWatch Log Agent configuration file to import for migration?
    Select No.
    Do you want to monitor any host metrics?
    If you want to push only logs, then select No.
    Do you want to monitor any customized log files?
    If you want to push only default Windows Event Logs, then select No. If you also want to push custom logs, then select Yes.
    Do you want to monitor any Windows event log?
    If you want to push Windows Event Logs, then select Yes.
  4. When the configuration wizard prompts you to store your file in Parameter Store, select Yes to use the parameter in SSM.

Apply your configuration

To apply the configuration to the server instances and start uploading logs, start the CloudWatch agent using Systems Manager Run Command.

For Targets, choose your server instances.

For Optional Configuration Location, enter the Parameter Store name that you chose in the wizard.

Related information

Collect metrics and logs from Amazon EC2 instances and on-premises servers with the CloudWatch agent

Quick Start: Install and configure the CloudWatch Logs agent on a running EC2 Linux instance