Any recommendation on using local vs file backend ...
# helpj
Joseph Harkins
08/18/2023, 10:27 AMAny recommendation on using local vs file backend for logging in an EC2 instance running Amazon Linux and wanting to connect up to CloudWatch Logs?
Joseph Harkins
08/18/2023, 10:47 AMand if using file, how to manage the .log from getting too big etc?
ps: do I need to actually create the audit.log file
t
Tristan Colgate-McFarlane
08/18/2023, 11:40 AMI think the directory has to exist, but the logging library should create the file if it is not already present.
Tristan Colgate-McFarlane
08/18/2023, 11:44 AMWe do not currently support traditional SIGHUP log rotation (I can't see it in the code), it would be a good thing to do though, I can raise a ticket for that.
Tristan Colgate-McFarlane
08/18/2023, 11:45 AMYou could potentially use stdout for logging and pipe it through a tool that'll handle rotation (or ship to syslog/journald),
j
Joseph Harkins
08/18/2023, 11:48 AMThanks for the replies, I'm new to this stuff so am figuring out cloudwatch ec2 logging etc. I had just set it to a audit.log file, would you recommend using stdout with cloudwatch?
t
Tristan Colgate-McFarlane
08/18/2023, 11:52 AMFrom what I can see, the simplest option right now is probably to set file.path to stadout (so audit logs go to stdout. Run the PDP via systemd/journald on your EC2 instance. That will get you log rotation.
Tristan Colgate-McFarlane
08/18/2023, 11:52 AMThen there seem to be various tools for pushing journald to cloudwatch
Tristan Colgate-McFarlane
08/18/2023, 1:00 PM(had to edit above, typo, we DO NOT, currently support SIGHUP based rotation)