Menu
AWS Systems Manager
User Guide

Sending SSM Agent Log Files to Amazon CloudWatch Logs

SSM Agent writes information about executions, scheduled actions, errors, and health statuses to log files on each instance. Manually connecting to an instance to view log files and troubleshoot an issue with SSM Agent is time-consuming. You can configure SSM Agent to send log data to Amazon CloudWatch Logs. Configuring logging in this way provides the following benefits:

  • Centralized log file storage for all of your SSM Agent log files.

  • Quicker access to files to investigate errors.

  • Indefinite log file retention (configurable).

  • Logs can be maintained and accessed regardless of the status of the instance.

  • Access to other CloudWatch features such as metrics and alarms.

Before You Begin

Create a log group in Amazon CloudWatch Logs. For more information, see Create a Log Group in CloudWatch Logs in the Amazon CloudWatch Logs User Guide.

To configure SSM Agent to send logs to CloudWatch

  1. Log into an instance and locate the following file:

    On Windows: %PROGRAMFILES%\Amazon\SSM\seelog.xml.template

    On Linux: /etc/amazon/ssm/seelog.xml.template

  2. Change the file name from seelog.xml.template to seelog.xml.

  3. Open the seelog.xml file in a text editor, and locate the following section:

    Copy
    <outputs formatid="fmtinfo"> <console formatid="fmtinfo"/> <rollingfile type="size" maxrolls="5" maxsize="30000000" filename="{{LOCALAPPDATA}}\Amazon\SSM\Logs\amazon-ssm-agent.log"/> <filter formatid="fmterror" levels="error,critical"> <rollingfile type="size" maxrolls="5" maxsize="10000000" filename="{{LOCALAPPDATA}}\Amazon\SSM\Logs\errors.log"/> </filter> </outputs>
  4. Edit the file, and add the following custom name element after the closing </filter> tag, as shown in the following example.

    Copy
    <seelog minlevel="info" critmsgcount="500" maxinterval="100000000" mininterval="2000000" type="adaptive"> <exceptions> <exception minlevel="error" filepattern="test*"/> </exceptions> <outputs formatid="fmtinfo"> <console formatid="fmtinfo"/> <rollingfile type="size" maxrolls="5" maxsize="30000000" filename="{{LOCALAPPDATA}}\Amazon\SSM\Logs\amazon-ssm-agent.log"/> <filter formatid="fmterror" levels="error,critical"> <rollingfile type="size" maxrolls="5" maxsize="10000000" filename="{{LOCALAPPDATA}}\Amazon\SSM\Logs\errors.log"/> </filter> <custom name="cloudwatch_receiver" formatid="fmtdebug" data-log-group="Your CloudWatch Log Group Name"/> </outputs>
  5. Save your changes.

  6. Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.

  7. Choose Logs, and then choose your log group. The log stream for SSM Agent log file data is organized by instance ID.