Question

我尝试使用aws CloudWatch分析IIS日志。我按照以下链接进行操作 [https://aws.amazon.com/blogs/mt/automate-iis-and-httperr-logs-to-amazon-cloudwatch-using-ec2-systems-manager/]

已执行的步骤：

设置配置json文件。

配置json文件：

{ "IsEnabled": true, "EngineConfiguration": { "PollInterval": "00:00:15", "Components": [ { "Id": "SystemEventLog", "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Parameters": { "LogName": "System", "Levels": "7" } }, { "Id": "SecurityEventLog", "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Parameters": { "LogName": "Security", "Levels": "7" } }, { "Id": "ETW", "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Parameters": { "LogName": "Microsoft-Windows-WinINet/Analytic", "Levels": "7" } }, { "Id": "IISLogs", "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Parameters": { "LogDirectoryPath": "C:\\inetpub\\logs\\LogFiles\\W3SVC1", "TimestampFormat": "yyyy-MM-dd HH:mm:ss", "Encoding": "UTF-8", "Filter": "", "CultureName": "en-US", "TimeZoneKind": "UTC", "LineCount": "3" } }, { "Id": "HttpErr", "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Parameters": { "LogDirectoryPath": "C:\\Windows\\System32\\LogFiles\\HTTPERR", "TimestampFormat": "yyyy-MM-dd HH:mm:ss", "Encoding": "UTF-8", "Filter": "", "CultureName": "en-US", "TimeZoneKind": "UTC", "LineCount": "3" } }, { "Id": "CustomLogs", "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Parameters": { "LogDirectoryPath": "C:\\CustomLogs\\", "TimestampFormat": "MM/dd/yyyy HH:mm:ss", "Encoding": "UTF-8", "Filter": "", "CultureName": "en-US", "TimeZoneKind": "Local" } }, { "Id": "PerformanceCounter", "FullName": "AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch", "Parameters": { "CategoryName": "Memory", "CounterName": "Available MBytes", "InstanceName": "", "MetricName": "Memory", "Unit": "Megabytes", "DimensionName": "", "DimensionValue": "" } }, { "Id": "IISCloudWatchLogs", "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Parameters": { "AccessKey": "---------------------------------", "SecretKey": "----------------------------------", "Region": "us-east-1a", "LogGroup": "RWEBAPP-SERVER", "LogStream": "used our instance id" } }, { "Id": "HttpErrCloudWatchLogs", "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Parameters": { "AccessKey": "-----------------------------------------", "SecretKey": "-----------------------------------------", "Region": "us-east-1a", "LogGroup": "RckWebServer", "LogStream": "used our instance id-httpErr" } }, { "Id": "CloudWatch", "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch", "Parameters": { "AccessKey": "------------------------------", "SecretKey": "------------------------------", "Region": "us-east-1a", "NameSpace": "Windows/Default" } } ], "Flows": { "Flows": [ "IISLogs,IISCloudWatchLogs", "HttpErrLogs,HttpCloudWatchLogs" ] } } }

然后，配置与CloudWatch的集成。关联已成功创建。

在cloudwatch日志控制台中看不到日志组。。   4.检查此文件路径[C：/ ProgramData / Amazon / SSM / Logs]中的错误日志

错误日志：

2018-11-12 11：20：06,055 [1]信息[框架]-无法创建组件，因为缺少配置HttpErrLogs，基于该组件的工作流程将无法启动。 2018-11-12 11：20：06,077 [1]信息[框架]-无法创建组件，因为缺少配置HttpCloudWatchLogs，基于该组件的工作流程将无法启动。 2018-11-12 11：20：06,077 [1]信息[框架]-无法创建组件，因为缺少配置HttpErrLogs，基于该组件的工作流程将无法启动。 2018-11-12 11：20：06,077 [1]错误[框架]-创建工作流失败：无法创建组件ID HttpErrLogs。请确认配置中定义了工作流程中的组件。 2018-11-12 11：20：06,077 [1]错误[框架]-无法使用提供的配置设置初始化CloudWatch插件。 2018-11-12 11：20：06,077 [1]错误[框架]-aws：cloudWatch插件引发异常。 AWS.EC2.Windows.CloudWatch.CloudwatchConfigurationException：无法使用提供的配置设置初始化CloudWatch插件。工作流创建失败：无法创建组件ID HttpErrLogs。请验证配置中是否定义了工作流程中的组件。

在AWS.EC2.Windows.CloudWatch.Host.Configure（字符串配置）中的

在Amazon.EC2Services.Config.Plugins.CloudWatch.CloudWatchPlugin.Apply（PluginApplyContext applyContext，PluginArgs pluginArgs）中 2018-11-12 11：20：06,102 [1]信息[框架]-aws：cloudWatch插件配置已验证 2018-11-12 11：20：06,102 [1]信息[aws：cloudWatch]-CloudWatch开始执行。 2018-11-12 11：20：06,102 [1]信息[aws：cloudWatch]-启动CloudWatch插件 2018-11-12 11：20：06,102 [1]错误[aws：cloudWatch]-主机未配置，没有数据将上传到CloudWatch

Answer 1

您的ID与HttpErr不匹配：

{
                "Id": "HttpErr",
                "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch",
                "Parameters": {
                    "LogDirectoryPath": "C:\\Windows\\System32\\LogFiles\\HTTPERR",
                    "TimestampFormat": "yyyy-MM-dd HH:mm:ss",
                    "Encoding": "UTF-8",
                    "Filter": "",
                    "CultureName": "en-US",
                    "TimeZoneKind": "UTC",
                    "LineCount": "3"
                }
            }

但是在您的流程中，您使用HttpErrLogs

"Flows": {
            "Flows": [
                "IISLogs,IISCloudWatchLogs",
                "HttpErrLogs,HttpCloudWatchLogs"
            ]
        }

在CloudWatch Log Console中无法获取IIS日志组。建立关联后

1 个答案: