AWS EC2インスタンス CloudWatch Logs(awslogs)インストールとCloudWatch保存対象ログの追加 ref: http://qiita.com/na0AaooQ/items/a3b0e5384399b66b742b

file0.txt

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

file1.txt

$ sudo su -

# cd /usr/local/src
# pwd
/usr/local/src

# wget https://s3.amazonaws.com/aws-cloudwatch/downloads/awslogs-agent-setup-v1.0.py

# python ./awslogs-agent-setup-v1.0.py --region us-east-1
Launching interactive setup of CloudWatch Logs agent ...

Step 1 of 5: Installing pip ...DONE

Step 2 of 5: Downloading the latest CloudWatch Logs agent bits ... DONE

Step 3 of 5: Configuring AWS CLI ...
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]:

Step 4 of 5: Configuring the CloudWatch Logs Agent ...
Path of log file to upload [/var/log/messages]:
Destination Log Group name [/var/log/messages]:

Choose Log Stream name:
  1. Use EC2 instance id.
  2. Use hostname.
  3. Custom.
Enter choice [1]: 1

Choose Log Event timestamp format:
  1. %b %d %H:%M:%S    (Dec 31 23:59:59)
  2. %d/%b/%Y:%H:%M:%S (10/Oct/2000:13:55:36)
  3. %Y-%m-%d %H:%M:%S (2008-09-08 11:52:54)
  4. Custom
Enter choice [1]: 3

Choose initial position of upload:
  1. From start of file.
  2. From end of file.
Enter choice [1]: 1
More log files to configure? [Y]: n

Step 5 of 5: Setting up agent as a daemon ...DONE


------------------------------------------------------
- Configuration file successfully saved at: /var/awslogs/etc/awslogs.conf
- You can begin accessing new log events after a few moments at https://console.aws.amazon.com/cloudwatch/home?region=us-east-1#logs:
- You can use 'sudo service awslogs start|stop|status|restart' to control the daemon.
- To see diagnostic information for the CloudWatch Logs Agent, see /var/log/awslogs.log
- You can rerun interactive setup using 'sudo ./awslogs-agent-setup.py --region us-east-1 --only-generate-config'
------------------------------------------------------
#

file2.txt

# ll /var/log/maillog
-rw------- 1 root root 1194 Jan 20 02:42 /var/log/maillog
#

# ll /var/log/unbound.log
-rw-r--r-- 1 unbound unbound 49131 Jan 20 02:55 /var/log/unbound.log
#

file3.txt

# cp -p /var/awslogs/etc/awslogs.conf /var/awslogs/etc/awslogs.conf.ORG
# diff /var/awslogs/etc/awslogs.conf /var/awslogs/etc/awslogs.conf.ORG
#

# vi /var/awslogs/etc/awslogs.conf
　(末尾に以下を追加する)

[/var/log/maillog]
datetime_format = %Y-%m-%d %H:%M:%S
file = /var/log/maillog
buffer_duration = 5000
log_stream_name = {instance_id}
initial_position = start_of_file
log_group_name = /var/log/mailog

[/var/log/unbound.log]
datetime_format = %Y-%m-%d %H:%M:%S
file = /var/log/unbound.log
buffer_duration = 5000
log_stream_name = {instance_id}
initial_position = start_of_file
log_group_name = /var/log/unbound.log

file4.txt

# ps awux | grep -v grep | grep awslogs
root      2721  0.0  0.1 112916  1188 pts/0    S    02:50   0:00 /bin/sh /var/awslogs/bin/awslogs-agent-launcher.sh
root      2726  0.5  2.8 439252 29480 pts/0    SNl  02:50   0:01 /var/awslogs/bin/python26 /var/awslogs/bin/aws logs push --config-file /var/awslogs/etc/awslogs.conf
#

# /etc/init.d/awslogs stop
Stopping system awslogs daemon
#

# ps awux | grep -v grep | grep awslogs
#

# /etc/init.d/awslogs start
Starting system awslogs daemon
Starting awslogs daemon
#                          [  OK  ]
#

# ps awux | grep -v grep | grep awslogs
root      2799  0.0  0.1 112916  1184 pts/0    S    02:55   0:00 /bin/sh /var/awslogs/bin/awslogs-agent-launcher.sh
root      2801 17.0  2.4 730132 24544 pts/0    SNl  02:55   0:00 /var/awslogs/bin/python26 /var/awslogs/bin/aws logs push --config-file /var/awslogs/etc/awslogs.conf
#

file5.txt

# chkconfig awslogs on
#
# chkconfig --list | grep awslogs
awslogs         0:off   1:off   2:on    3:on    4:on    5:on    6:off
#