Which logback appender to use?

[graingert]

Currently there are a few:

@pierredavidbelanger https://github.com/pierredavidbelanger/logback-awslogs-appender @kernspin https://github.com/brick-commerce/cloudwatch-logback-appender @trautonen https://github.com/trautonen/logback-ext/tree/master/logback-ext-cloudwatch-appender @tyutyutyu https://github.com/Bankmonitor/logback-appenders/

And they all seem reasonably active, it seems a shame to duplicate this effort

[arubalcaba]

yeah I was looking into this myself last couple of weeks. I was trying to find a good appender to use and one that is up to date with the latest AWS SDK. Did you ever find a good answer @graingert ?

I had no trouble getting @pierredavidbelanger appender working but if you look at some of the issues there seems to be some problem with throttling. It seems a fix might be in the works though.

[graingert]

I think it's best to use a file appender and then use fluentd to send all your logs in one go.

[pierredavidbelanger]

@graingert You are right. Even if I am the logback-awslogs-appender project owner, I myself use it only on AWS Lambda.

When I want to send log to CloudWatch Logs from EC2, I instead put something like this in a cloud-init script (for ubuntu instances):

...

# --------------------------------------------------------------------------------
# Setup awslogs
#

sudo apt-get install -y ruby python-pip jq awscli

region=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq .region -r)

cat << EOT > ./awslogs.conf
[general]
state_file=/var/awslogs/state/agent-state

[/var/log/syslog]
file=/var/log/syslog
log_group_name=/var/log/syslog
log_stream_name={instance_id}
datetime_format=%b %d %H:%M:%S
time_zone=UTC

[/var/log/tomcat8/catalina.out]
file=/var/log/tomcat8/catalina.out
log_group_name=/var/log/tomcat8/catalina.out
log_stream_name={instance_id}
datetime_format=[%Y-%m-%dT%H:%M:%S]
time_zone=UTC

EOT

wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py
chmod +x ./awslogs-agent-setup.py
sudo ./awslogs-agent-setup.py --non-interactive --region $region --configfile=./awslogs.conf

sudo systemctl enable awslogs
sudo systemctl start awslogs

...

[arubalcaba]

@pierredavidbelanger how often does the agent send the logs to Cloudwatch?

[pierredavidbelanger]

@arubalcaba I am not an AWS guru, I will have to refer you to Getting Started with CloudWatch Logs and CloudWatch Logs Agent Reference.

I guess this is what you are looking for:

buffer_duration Specifies the time duration for the batching of log events. The minimum value is 5000ms and default value is 5000ms.

[pierredavidbelanger]

@graingert I am curious, can you elaborate on your fluentd usage ? Especially on the installation and configuration (in an unattended install) ?

I always prefer to use native ubuntu packages over custom AWS stuff when possible.

[graingert]

@pierredavidbelanger I just pull fluentd out of their ppa in a docker container, then mount the logs directories of the other containers

[pierredavidbelanger]

@graingert Yeah, for the installation part, this is an easy one.

But now, for the configuration part, I guess you need to tell fluentd where are the files you want to monitor ? And where to send the logs ?

It would be great if you can show a working example of a fluentd config file that monitor a file and send the content to CW Logs.

[arubalcaba]

Thanks for the heads up guys!

[trautonen]

This has been a really low priority project, because currently our tech stack uses many different programming languages and it's easier to flush the logs from files like @pierredavidbelanger said.

Altough, if there is still interest for this project I might have some time to get some polishing done around new year's, so all hope is not lost. :)

[arubalcaba]

yeah we were looking at using ELK stack for our project but we love about CloudWatch is that is provides similar functionality and its fully managed by AWS. We are a super small shop and so we don't have a team dedicated to managing and maintaining a whole ELK stack configuration.

[j256]

I see none of these that are in the maven central repo. Am I wrong?

[graingert]

@j256 I think it's best to use a file appender and then use fluentd to send all your logs in one go.

[pierredavidbelanger]

@j256 depending on your use case , it may be best to have a look at CloudWatch Logs Agent Reference

If you explicitly need a java only solution, my project Logback AWSLogs Appender is in maven