Why is there no /var/log/bastion/bastion.log file

Question

Why is there no /var/log/bastion/bastion.log file

FFTU opened this issue 4 years ago · 4 comments

I follow the tutorial configuration in https://docs.aws.amazon.com/quickstart/latest/linux-bastion/welcome.html, but there is no log file；no /var/log/bastion/bastion.log and Linux-bastion-BastionMainLogGroup log stream is empty
ec2 Amazon Linux（amzn2-ami-hvm-2.0.20200722.0-x86_64-gp2）

thanks

Answer 1 · 2021-01-15T07:18:50.000Z

5472050

Log file output destination changed

/var/log/bastion/bastion.log ⇒ /var/log/auditd/auditd.log

However, the logs have not been transferred to CloudWatch ...
Linux-bastion-BastionMainLogGroup log stream is empty ...
why?

Answer 2 · 2021-01-18T01:45:56.000Z

Because there is an error in the file path of the transfer settings
Not transferred to CloudWatch

Wrong: /var/log/auditd/auditd.log
Correct: /var/log/audit/audit.log

■quickstart-linux-bastion/scripts/bastion_bootstrap.sh
Line：123 ～ 142

    cat <<EOF >> /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
{
    "logs": {
        "force_flush_interval": 5,
        "logs_collected": {
            "files": {
                "collect_list": [
                    {
                        "file_path": "/var/log/auditd/auditd.log",  ★「/var/log/audit/audit.log」 is correct
                        "log_group_name": "${CWG}",
                        "log_stream_name": "{instance_id}",
                        "timestamp_format": "%Y-%m-%d %H:%M:%S",
                        "timezone": "UTC"
                    }
                ]
            }
        }
    }
}
EOF

Answer 3 · 2021-01-18T21:27:23.000Z

Here facing the same issue, this is a problem when trying to audit logs, which is one of the main reasons we implemented a bastion.

Answer 4 · 2021-11-10T10:48:15.000Z

Hi,

In which file or directory do I find the configuration of bastion.log file please ?
I can't find it.