banner

Blogs

Monitoring Windows Logs With AWS CloudWatch

  • June 1st, 2016
  • By Praveen
  • Blog
  • Now window system, application and custom logs can be sent directly to AWS CloudWatch. Real-time windows machine logs can be monitored easily with AWS CloudWatch.

    Before following below process, make sure that environment is set well for the smooth task flow.

    Step 1: Ensure that AWS CLI TOOLS is installed on the Windows Server
    Use the link: http://docs.aws.amazon.com/cli/latest/userguide/installing.html

    Step 2: Create a .JSON file to execute the task

    Step 3: Use the url to check the json file http://jsonlint.com/

    Step 4: Create a separate user for the task in aws IAM users

    Step 5: Note down the Access and secret key of the user

    Step 6: After the aws CLI tools are installed navigate to the below path,
    C:\Program Files\Amazon\EC2ConfigService\Settings

    Step 7: Open/Edit the file AWS.EC2.Windows.CloudWatch.json file and use the below script and modify accordingly,

    {
    “EngineConfiguration”: {
    “PollInterval”: “00:00:15”,
    “Components”: [
    {
    “Id”: “ApplicationEventLog”,
    “FullName”: “AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch”,
    “Parameters”: {
    “LogName”: “Application”,
    “Levels”: “7”
    }
    },
    {
    “Id”: “SystemEventLog”,
    “FullName”: “AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch”,
    “Parameters”: {
    “LogName”: “System”,
    “Levels”: “7”
    }
    },
    {
    “Id”: “SecurityEventLog”,
    “FullName”: “AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch”,
    “Parameters”: {
    “LogName”: “Security”,
    “Levels”: “7”
    }
    },
    {
    “Id”: “ETW”,
    “FullName”: “AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch”,
    “Parameters”: {
    “LogName”: “Microsoft-Windows-WinINet/Analytic”,
    “Levels”: “7”
    }
    },
    {
    “Id”: “IISLog”,
    “FullName”: “AWS.EC2.Windows.CloudWatch.IisLog.IisLogInputComponent,AWS.EC2.Windows.CloudWatch”,
    “Parameters”: {
    “LogDirectoryPath”: “C:\inetpub\logs\LogFiles\W3SVC1” // According to system path
    “TimestampFormat”: “yyyy-MM-ddHH:mm:ss”,
    “Encoding”: “UTF-8”,
    }
    },
    {
    “Id”: “CustomLogs”,
    “FullName”: “AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch”,
    “Parameters”: {
    “LogDirectoryPath”: “C:\\CustomLogs\\”, [Be sure to use \\]
    “TimestampFormat”: “MM/dd/yyyyHH:mm:ss”,
    “Encoding”: “UTF-8”,
    “Filter”: “”,
    “CultureName”: “en-US”,
    “TimeZoneKind”: “Local”
    }
    },
    {
    “Id”: “PerformanceCounter”,
    “FullName”: “AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch”,
    “Parameters”: {
    “CategoryName”: “Memory”,
    “CounterName”: “Available MBytes”,
    “InstanceName”: “Name”,
    “MetricName”: “Memory”,
    “Unit”: “Megabytes”,
    “DimensionName”: “”,
    “DimensionValue”: “”
    }
    },
    {
    “Id”: “CloudWatchLogs”,
    “FullName”: “AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch”,
    “Parameters”: {
    “AccessKey”: “”,
    “SecretKey”: “”,
    “Region”: “us-east-1 [your region]”,
    “LogGroup”: “Cloudwatch-logs”,
    “LogStream”: “{i-f36fb96e} [any name] Once executed this name will be automatically created in awscloudwatch console”
    }
    },
    {
    “Id”: “CloudWatch”,
    “FullName”: “AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch”,
    “Parameters”:
    {
    “AccessKey”: “”,
    “SecretKey”: “”,
    “Region”: “us-east-1 [your region]”,
    “NameSpace”: “Windows/Default”
    }
    }
    ],
    “Flows”: {
    “Flows”:
    [
    “(ApplicationEventLog,SystemEventLog),CloudWatchLogs”
    ]
    }
    }
    }

    To make sure your JSON file is valid.
    Use the link: http://jsonlint.com/

    If there is any issue with the .JSON file, the plugin used to start the AWS service may not work.

    Step 8: Once everything is verified and confirmed, the user with .JSON file gets permission to access AWS CloudWatch service.

    Step 9: Save the AWS.EC2.Windows.CloudWatch.json

    Step 10: Navigate to the plugin at the path,
    C:\Program Files\Amazon\EC2ConfigService >> EC2ConfigServiceSettings and make sure to check the box  Enable Cloud Watch Logs Integration and rest leave it untouched.

    Step 11: Go to services [services.msc] and restart the EC2Config service.

    Step 12: Check the logs in the below path if plugin is started successfully,
    C:\Program Files\Amazon\EC2ConfigService\Logs  EC2ConfigLog like the below screenshot,

    Step 13: If the plugin is working, check on to AWS console and navigate to Cloudwatch.

    Step 14: A new log group will be automatically created, open the logs from the console where you would find the name you provided in JSON file {i-f36fb96e} [Mentioned in .JSON file]

    Step 15: To create a metric filter send notification to see the below screen-shot,

    Go to Cloudwatch>>Select logs >> Create Log group >> Create metric filter

    Create a log group and then create a metric like below,

    Once the process is finished create an alarm and set to notify.

    The logs will be delivered to your email like below.

    The complete process of monitoring logs on AWS Cloudwatch is covered in this article. Hope you find this article useful because I learned a great deal about Cloudwatch.

    Recent Post

    Looking for a reliable 24/7 support provider?

    Contact US Today

    Contact Us