Syslog CloudWatch Logs bridge
This is a Syslog server that sends all logs received over to AWS's CloudWatch Logs.
Features:
- Uses AWS's SDK to get credentials from the environment, credentials file or IAM Role.
- TCP and UDP Syslog server on a configurable port (default
514
).
- Automatic support for syslog messages in RFC3164, RFC6587 or RFC5424 formats.
- Configurable CloudWatch Log Group.
- Creates a new CloudWatch Log Stream on each invocation which is persisted runtime of the server.
- Dockerized in a minimal container (~8MB).
Usage Example
- Create an IAM user that can create Log Streams and Logs e.g.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"arn:aws:logs:*:*:*"
]
}
]
}
- Run the bridge
$ docker run -e \
AWS_REGION=ap-southeast-2 \
AWS_ACCESS_KEY_ID=foo \
AWS_SECRET_ACCESS_KEY=bar \
LOG_GROUP_NAME=test-logger \
-p 5014:514 \
-p 5014:514/udp \
rjocoleman/syslog-cloudwatch-bridge
- Send syslog messages to
127.0.0.1:5014
, these will be viewable in your AWS CloudWatch Logs Management console under the group called test-logger
.
Troubleshooting
Issues with AWS signatures - as per #1 this could be a clock sync issue. You should add timezone to your container (as a volume) /etc/timezone:/etc/timezone:ro