AWS Systems Manager
User Guide

Monitoring AWS Systems Manager

SSM Agent writes information about executions, scheduled actions, errors, and health statuses to log files on each instance. Manually connecting to an instance to view log files and troubleshoot an issue with SSM Agent is time-consuming. For more efficient instance monitoring, you can configure either SSM Agent itself or the CloudWatch agent to send this log data to Amazon CloudWatch Logs.


The unified CloudWatch agent has replaced SSM Agent as the tool for sending log data to Amazon CloudWatch Logs. Support for using SSM Agent to send log data will be deprecated in the near future. We recommend using only the unified CloudWatch agent for your log collection processes. For more information, see the following topics:

Using CloudWatch Logs, you can monitor log data in real-time, search and filter log data by creating one or more metric filters, and archive and retrieve historical data when you need it. For more information about CloudWatch Logs, see the Amazon CloudWatch Logs User Guide.

Configuring an agent to send log data to Amazon CloudWatch Logs provides the following benefits:

  • Centralized log file storage for all of your SSM Agent log files.

  • Quicker access to files to investigate errors.

  • Indefinite log file retention (configurable).

  • Logs can be maintained and accessed regardless of the status of the instance.

  • Access to other CloudWatch features such as metrics and alarms.

For information about monitoring Session Manager activity, see Auditing and Logging Session Activity.