Help us understand the problem. What is going on with this article?

SSMを用いたCloudWatchLogsへのイベントログ出力

More than 3 years have passed since last update.

WindowsServer2012のEC2Config Ver4.x以降とWindowsServer2016からはCloudWatchLogsへのログ出力設定方法が変わりました。

今回は東京リージョンにイベントログを出力する手順に絞って記載します。
※いままでEC2Config経由でログ出力設定をしていた方であれば、任意ログの設定方法もわかると思います。

EC2でWindowsインスタンス作成

  • 割愛

EC2インスタンスにアタッチしたIAMRoleの設定

  • AmazonEC2RoleforSSM を対象インスタンスのIAMRoleにアタッチする

ドキュメント作成

  1. 以下の画面で[Create Document]をクリック
    https://ap-northeast-1.console.aws.amazon.com/ec2/v2/home#Documents:Owner=MeOrAmazon;sort=Name
  2. 以下を入力
    Name: [ドキュメント名]
    Content: 以下のjsonファイルの内容をコピペ
cloudwatchlogs_conf.json
{
    "schemaVersion": "1.2",
    "description": "Example CloudWatch Logs tasks",
    "runtimeConfig": {
        "aws:cloudWatch": {
            "settings": {
                "startType": "Enabled"
            },
            "properties": {
                "EngineConfiguration": {
                    "PollInterval": "00:00:15",
                    "Components": [
                        {
                            "Id": "ApplicationEventLog",
                            "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
                            "Parameters": {
                                "LogName": "Application",
                                "Levels": "1"
                            }
                        },
                        {
                            "Id": "SystemEventLog",
                            "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
                            "Parameters": {
                                "LogName": "System",
                                "Levels": "7"
                            }
                        },
                        {
                            "Id": "SecurityEventLog",
                            "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
                            "Parameters": {
                            "LogName": "Security",
                            "Levels": "7"
                            }
                        },
                        {
                            "Id": "ETW",
                            "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
                            "Parameters": {
                                "LogName": "Microsoft-Windows-WinINet/Analytic",
                                "Levels": "7"
                            }
                        },
                        {
                            "Id": "IISLog",
                            "FullName": "AWS.EC2.Windows.CloudWatch.IisLog.IisLogInputComponent,AWS.EC2.Windows.CloudWatch",
                            "Parameters": {
                                "LogDirectoryPath": "C:\\inetpub\\logs\\LogFiles\\W3SVC1"
                            }
                        },
                        {
                            "Id": "CustomLogs",
                            "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch",
                            "Parameters": {
                                "LogDirectoryPath": "C:\\CustomLogs\\",
                                "TimestampFormat": "MM/dd/yyyy HH:mm:ss",
                                "Encoding": "UTF-8",
                                "Filter": "",
                                "CultureName": "en-US",
                                "TimeZoneKind": "Local"
                            }
                        },
                        {
                            "Id": "PerformanceCounter",
                            "FullName": "AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch",
                            "Parameters": {
                                "CategoryName": "Memory",
                                "CounterName": "Available MBytes",
                                "InstanceName": "",
                                "MetricName": "Memory",
                                "Unit": "Megabytes",
                                "DimensionName": "",
                                "DimensionValue": ""
                            }
                        },
                        {
                            "Id": "CloudWatchLogs",
                            "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch",
                            "Parameters": {
                                "AccessKey": "",
                                "SecretKey": "",
                                "Region": "ap-northeast-1",
                                "LogGroup": "Default-Log-Group",
                                "LogStream": "{instance_id}"
                            }
                        },
                        {
                            "Id": "CloudWatch",
                            "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch",
                            "Parameters": 
                            {
                                "AccessKey": "",
                                "SecretKey": "",
                                "Region": "ap-northeast-1",
                                "NameSpace": "Windows/Default"
                            }
                        }
                    ],
                    "Flows": {
                        "Flows": 
                        [
                            "(ApplicationEventLog,SystemEventLog,SecurityEventLog),CloudWatchLogs"
                        ]
                    }
                } 
            }
        }
    }
}

3.[Create Document]をクリック

ドキュメント紐付け

  1. 以下の画面で[Create Association]をクリック
    https://ap-northeast-1.console.aws.amazon.com/ec2/v2/home#ManagedInstances:sort=InstanceId
  2. Command documentで作成したドキュメントを選択
  3. Select Targets byでManually Selecting Instancesを選択後、対象インスタンスを選択
    ※インスタンス作成直後だと、表示されないことがあります。待ちましょう。
  4. [Create Association]をクリック

まとめ

ここまでの手順からわかるとおり、ログ出力設定はドキュメントとして外出しする形になりました。
インスタンス構築の度に同じログ出力設定を書く手間がなくなり、かつログインせずにログ出力設定ができるようになりました。
複数台に同じ設定を適用する場面ではうれしい機能ですね。

t_wkm2
cloudpack
Amazon Web Services (AWS) の導入設計、環境構築、運用・保守をサポートするマネジドホスティングサービス
https://cloudpack.jp/
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした