Syslog CloudWatch Logs bridge
This is a Syslog server that sends all logs received over to AWS's CloudWatch Logs.
Features:
- Uses AWS's SDK to get credentials from the environment, credentials file or IAM Role.
- TCP and UDP Syslog server on a configurable port (default
514
). - Automatic support for syslog messages in
RFC3164
,RFC6587
orRFC5424
formats. - Configurable CloudWatch Log Group.
- Creates a new CloudWatch Log Stream on each invocation which is persisted runtime of the server.
- Dockerized in a minimal container (~8MB).
Usage Example
Create an IAM user that can create Log Streams and Logs
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"arn:aws:logs:*:*:*"
]
}
]
}
Create CloudWatch Log Group
https://docs.aws.amazon.com/cli/latest/reference/logs/create-log-group.html
Run the bridge
$ docker run \
-e AWS_REGION=ap-southeast-2 \
-e AWS_ACCESS_KEY_ID=foo \
-e AWS_SECRET_ACCESS_KEY=bar \
-e LOG_GROUP_NAME=test-logger \
-p 5014:514 \
-p 5014:514/udp \
quay.io/app-sre/syslog-cloudwatch-bridge
- Send syslog messages to
127.0.0.1:5014
, these will be viewable in your AWS CloudWatch Logs Management console under the group calledtest-logger
.
Troubleshooting
Issues with AWS signatures - as per #1 this could be a clock sync issue. You should add timezone to your container (as a volume) /etc/timezone:/etc/timezone:ro