AWS Elastic Beanstalk:尽管有 IAM 权限和自定义配置,但自定义 Cloudwatch 日志未显示

问题描述 投票:0回答:2

我在设置自定义日志文件从我的 AWS Elastic Beanstalk 项目流式传输到 CloudWatch 时遇到问题。作为参考,我尝试了“AWS Elastic Beanstalk:将自定义日志添加到 CloudWatch?” 中的建议,但无济于事。本质上,当我从主机下载日志时,我想要的日志文件位于 

/var/log/containers/api-1c080332ba3f-stdouterr.log
/var/log/containers/nginx-a5057f87f4cf-stdouterr.log
/var/log/containers/web-0a2e0762e8f0-stdouterr.log
(每次更新时数字都会变化)

我在

.ebextensions/log.config
中添加了一个新的自定义日志配置文件(以下供参考):

packages:
  yum:
    awslogs: []

files:
  "/etc/awslogs/awscli.conf" :
    mode: "000600"
    owner: root
    group: root
    content: |
      [plugins]
      cwlogs = cwlogs
      [default]
      region = `{"Ref":"AWS::Region"}`

  "/etc/awslogs/awslogs.conf" :
    mode: "000600"
    owner: root
    group: root
    content: |
      [general]
      state_file = /var/lib/awslogs/agent-state

  "/etc/awslogs/config/logs.conf" :
    mode: "000600"
    owner: root
    group: root
    content: |
      [/var/log/containers/nginx-stdouterr.log]
      log_group_name = `{"Fn::Join":["/", ["/aws/elasticbeanstalk", { "Ref":"AWSEBEnvironmentName" }, "var/log/containers/nginx-stdouterr.log"]]}`
      log_stream_name = {instance_id}
      file = /var/log/containers/nginx*

      [/var/log/containers/web-stdouterr.log]
      log_group_name = `{"Fn::Join":["/", ["/aws/elasticbeanstalk", { "Ref":"AWSEBEnvironmentName" }, "var/log/containers/web-stdouterr.log"]]}`
      log_stream_name = {instance_id}
      file = /var/log/containers/web*

      [/var/log/containers/api-stdouterr.log]
      log_group_name = `{"Fn::Join":["/", ["/aws/elasticbeanstalk", { "Ref":"AWSEBEnvironmentName" }, "var/log/containers/api-stdouterr.log"]]}`
      log_stream_name = {instance_id}
      file = /var/log/containers/api*

commands:
  "01":
    command: systemctl enable awslogsd.service
  "02":
    command: systemctl restart awslogsd

我已将此策略另外添加到服务和 ec2 角色中:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogStream",
                "logs:CreateLogGroup",
                "logs:PutLogEvents",
                "logs:DescribeLogGroups",
                "logs:DescribeLogStreams"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

最后,我在

/var/logs/awslogs.log
中没有看到任何错误。

我还缺少其他部分吗?浏览了官方文档,到目前为止还没有运气。

amazon-web-services amazon-elastic-beanstalk amazon-cloudwatch amazon-cloudwatchlogs
2个回答
0
投票

不要将您自己的策略添加到实例角色,而是尝试添加 

CloudWatchAgentServerPolicy
托管策略。

当我的工作时,我还删除了 

/etc/awslogs/awslogs.conf
文件定义。

最后,代理似乎仅在将行写入日志文件时才在 CloudWatch 中创建日志组。确保您正在收集的文件已被写入,并查看日志组是否已创建。祝你好运!

0
投票

我认为你应该在 .ebextensions 中创建一个 option_settings

option_settings:
  aws:elasticbeanstalk:cloudwatch:logs:
    StreamLogs: true
    DeleteOnTerminate: false
    RetentionInDays: 30

此外,对于那些已迁移到 amazon-linux-2023 的用户,所引用的 .ebextensions/log.config 尚未运行。

我已经用这个配置解决了它

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.