标签：bit   setup   安全组   more   saving   com   保留   分配   figure   

1.创建IAM角色
1.创建IAM角色

在这里创建[CloudWatchLogsFullAccess]权限的角色后分配给Amazon EC2，这样就可以简单的使用CloudWatch Logs监控。

给角色起个名称--等下关联EC2

启动EC2实例

给分配一个公有IP地址-关联创建的IAM角色


安全组需要允许22端口及80端口访问。

等待EC2实例起来--连接EC2实例

使用CRT 连接 EC2实例公有IP地址
连接成功后进入EC2实例
安装Apache

进入root模式

$ sudo -i
更新yum
yum -y update
#安装Apache server
#yum -y install httpd
#启动Apache server
#service httpd start
#下载安装CloudWatch Logs代理(Agent)
[root@ip-172-31-17-22 ~]# wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py
--2020-03-13 08:47:58-- https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py
Resolving s3.amazonaws.com (s3.amazonaws.com)... 52.216.142.54
Connecting to s3.amazonaws.com (s3.amazonaws.com)|52.216.142.54|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 57644 (56K) [text/x-python]
Saving to: ‘awslogs-agent-setup.py’

awslogs-agent-setup 100%[===================>] 56.29K 132KB/s in 0.4s

2020-03-13 08:48:00 (132 KB/s) - ‘awslogs-agent-setup.py’ saved [57644/57644]
#运行CloudWatch Logs代理(Agent)
[root@ip-172-31-17-22 ~]# python ./awslogs-agent-setup.py --region ap-northeast-1
Launching interactive setup of CloudWatch Logs agent ...
downloading AgentDependencies.tar.gz with urllib
AgentDependencies/
AgentDependencies/awslogscli/
AgentDependencies/awslogscli/urllib3-1.25.6.tar.gz
AgentDependencies/awslogscli/jmespath-0.9.2.tar.gz
AgentDependencies/awslogscli/colorama-0.3.7.zip
---------------此处省略--------------------------------------
AgentDependencies/virtualenv-15.1.0/docs/changes.rst
AgentDependencies/virtualenv-15.1.0/docs/installation.rst
AgentDependencies/virtualenv-15.1.0/docs/make.bat
AgentDependencies/pip-6.1.1.tar.gz

Step 1 of 5: Installing pip ...DONE

Step 2 of 5: Downloading the latest CloudWatch Logs agent bits ... DONE

Step 3 of 5: Configuring AWS CLI ...
AWS Access Key ID [None]: 按回车 # 实验默认没有（授权的是IAM角色）
AWS Secret Access Key [None]: 按回车
Default region name [ap-northeast-1]: ap-east-1 #选择EC2实例所在的区域（做实验用的是香港：ap-east-1）
Default output format [None]: 按回车

Step 4 of 5: Configuring the CloudWatch Logs Agent ...
Path of log file to upload [/var/log/messages]: 按回车 当然也可以选择ec2别的服务日志路径
Destination Log Group name [/var/log/messages]: /var/log/messages #目标日志组名称（会自动创建在CloudWatch无需手动创建）

Choose Log Stream name:

1. Use EC2 instance id.
2. Use hostname.
3. Custom.
   Enter choice [1]: 按回车 #使用EC2 实例ID（自动创建的）

Choose Log Event timestamp format:

1. %b %d %H:%M:%S (Dec 31 23:59:59)
2. %d/%b/%Y:%H:%M:%S (10/Oct/2000:13:55:36)
3. %Y-%m-%d %H:%M:%S (2008-09-08 11:52:54)
4. Custom
   Enter choice [1]: 按回车

Choose initial position of upload:

1. From start of file.
2. From end of file.
   Enter choice [1]:
   More log files to configure? [Y]: N # 也可以多选-配置更多日志文件

Step 5 of 5: Setting up agent as a daemon ...DONE

• Configuration file successfully saved at: /var/awslogs/etc/awslogs.conf
• You can begin accessing new log events after a few moments at https://console.aws.amazon.com/cloudwatch/home?region=ap-northeast-1#logs:
• You can use ‘sudo service awslogs start|stop|status|restart‘ to control the daemon.
• To see diagnostic information for the CloudWatch Logs Agent, see /var/log/awslogs.log

• You can rerun interactive setup using ‘sudo python ./awslogs-agent-setup.py --region ap-northeast-1 --only-generate-config‘

  ---

  进入 CloudWatch（自动创建的）
  查看CloudWatch Logs搜集的日志内容
  AWS管理页面点击[CloudWatch] -> [日志] -> 日志组[ /var/log/messages]。
  

修改日志时间为本地时间

修改日志时间为本地时间

创建警报文件！！
点击[筛选条件]。

查看收集日志的情况

AWS CloudWatch Logs监控Apache日志文件

标签：bit   setup   安全组   more   saving   com   保留   分配   figure   

原文地址：https://blog.51cto.com/13672543/2478155