Any recommendation on using local vs file backend for logging in an EC2 instance running Amazon Linux and wanting to connect up to CloudWatch Logs?
and if using file, how to manage the .log from getting too big etc?
ps: do I need to actually create the audit.log file
08/18/2023, 11:40 AM
I think the directory has to exist, but the logging library should create the file if it is not already present.
We do not currently support traditional SIGHUP log rotation (I can't see it in the code), it would be a good thing to do though, I can raise a ticket for that.
You could potentially use stdout for logging and pipe it through a tool that'll handle rotation (or ship to syslog/journald),
08/18/2023, 11:48 AM
Thanks for the replies, I'm new to this stuff so am figuring out cloudwatch ec2 logging etc. I had just set it to a audit.log file, would you recommend using stdout with cloudwatch?
08/18/2023, 11:52 AM
From what I can see, the simplest option right now is probably to set file.path to stadout (so audit logs go to stdout. Run the PDP via systemd/journald on your EC2 instance. That will get you log rotation.
Then there seem to be various tools for pushing journald to cloudwatch
(had to edit above, typo, we DO NOT, currently support SIGHUP based rotation)