Send journald logs to AWS CloudWatch
This is heavily based on https://github.com/arkenio/journald-wrapper.
docker run -e AWS_DEFAULT_REGION=ap-southeast-2 -v /var/log/journal/:/var/log/journal/:ro -v /data/journald:/data/journald/:rw quay.io/lock8/journald-2-cloudwatch --cursor=/data/journald/cursorIf journald is configured with "volatile" Storage then the command will be:
docker run -e AWS_DEFAULT_REGION=ap-southeast-2 -v /run/log/journal/:/var/log/journal/:ro -v /data/journald:/data/journald/:rw quay.io/lock8/journald-2-cloudwatch --cursor=/data/journald/cursorNote the host mount point /run/log/journal/.
By default, the log group is the EC2 instance ID (fetched from the AWS metadata URL).
If the --prefix=abcdef flag is given, the log group is prefixed and becomes (for example) abcdef_{instance_id}
If the --log-group=abcdef flag is given, the argument is used as the log group instead.
The log stream is taken from the fields in the journal messages, in decreasing priority:
- the docker container name
- the systemd unit name (with the templated parts removed)
- the syslog identifier
- the
_EXEfield of the message [other]for anything else
The journal cursor is stored in the file specified in the --cursor flag.
This file should be persisted to disk/placed in a mounted volume; consider using named volumes.