View your CloudWatch Logs

Now that the CloudWatch Agent is up and running on your EC2 Instance, let’s go ahead and view those logs and metrics from the Console. CloudWatch is a useful place to view logs because it is centralized, meaning you can switch between examining logs from many sources.

Viewing Logs:

  1. Open the CloudWatch console.
  2. On the left side menu, choose Log groups under Logs. On that screen, enter securitylablogs in the search bar. Click on the log group that appears in the results.

view-logs-1

  1. You will see these log streams: cw-agent-logs, apache-access-logs, apache-error-logs, yum-logs, and ssh-logs. Click through all of them to view the logs from each of these services.

view-logs-2

  1. You should see a record of log events. This is the data being collected on your EC2 instance, and then sent to CloudWatch by the CloudWatch Agent installed on the instance.

view-logs-3

Recap: In this section, you explored log files generated by your EC2 instance in the CloudWatch console. The CloudWatch console provides a unified location to view a variety of logs, enabling you to investigate or monitor security activity in a central location. Using the CloudWatch console illustrates the security best practice of “analyzing logs, findings, and metrics centrally”.