1. Cloud Watch
Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real-time. You can use CloudWatch to collect and track metrics, which are the variables you want to measure for your resources and applications.
list-metrics
$ aws cloudwatch list-metrics --namespace "AWS/EC2"
get-metric-statistics
$ aws cloudwatch get-metric-statistics --metric-name CPUUtilization --start-time 2014-04-08T23:18:00 --end-time 2014-04-09T23:18:00 --period 3600 --namespace AWS/EC2 --statistics Maximum --dimensions Name=InstanceId,Value=i-abcdef
put-metric-data
Publishes metric data points to Amazon CloudWatch. Amazon CloudWatch associates the data points with the specified metric. If the specified metric does not exist, Amazon CloudWatch creates the metric. When Amazon CloudWatch creates a metric, it can take up to fifteen minutes for the metric to appear in calls to list-metrics .
Each put-metric-data request is limited to 8 KB in size for HTTP GET requests and is limited to 40 KB in size for HTTP POST requests.
To publish a custom metric to Amazon CloudWatch
$ aws cloudwatch put-metric-data --namespace "Usage Metrics" --metric-data file://metric.json
metric.json
[
{
"MetricName": "New Posts",
"Timestamp": "Wednesday, June 12, 2013 8:28:20 PM",
"Value": 0.50,
"Unit": "Count"
}
]
如何自定义监控一个Instance的80端口访问情况
首先编写一个简单的shell script(port.sh)
#!/bin/sh
instanceid='curl -s http://169.254.169.254/latest/meta-data/instance-id'
count='sudo netstat -np | grep -w 80 | grep ESTABLISHED | wc -l'
aws cloudwatch put-metric-data --metric-name RequestCount --namespace Application --dimensions "InstanceID=$instanceid" --value "$count" --unit None
然后编辑调度任务
$ crontab -e
输入以下内容:
* * * * * /home/ec2-user/port.sh
这样就可以监控80端口每分钟的访问次数了,在Cloud Watch Console的Custom Metrics中可查看。
下面解释一下curl -s http://169.254.169.254/latest/meta-data/instance-id,这是通过instance metadata查询instancd id的一种方法,具体请参考Instance Metadata and User Data。这样脚本就比较通用,不用在脚本中指定instance id。
2. Cloud Watch Log
You can use CloudWatch Logs to:
- Monitor Logs from Amazon EC2 Instances in Real-time : You can use CloudWatch Logs to monitor applications and systems using log data
- Monitor Amazon CloudTrail Logged Events
- Archive Log Data
To use Amazon CloudWatch Logs you need an AWS account.In addition, you need to install and configure the AWS command line interface (CLI).
The CloudWatch Logs agent provides an automated way to send log data to CloudWatch Logs for Amazon EC2 instances. The agent is comprised of the following components:
- A plug-in to the AWS CLI that pushes log data to CloudWatch Logs.
- A script (daemon) that runs the CloudWatch Logs aws logs push command to send data to CloudWatch Logs.
- A cron job that ensures that the daemon is always running.
Install and Configure CloudWatch Logs on an Existing EC2 Instance
$ sudo yum update -y
$ curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O
$ sudo python ./awslogs-agent-setup.py --region cn-north-1
安装过程中需要配置:
账户信息:AWS access key ID、AWS secret access key、Default region name、Default output format
监控的文件信息:Path of log file to upload、Destination Log Group name、Destination Log Stream name、Timestamp format、Initial position
可以监控多个文件,否则在提示是否配置另一个文件时,输入N。
配置文件保存在~/.aws, /var/awslogs/etc目录下。
配置成功后,稍候一会儿,可以在CloudWatch console中查看Viewing Log Data。
/var/awslogs/etc/awslogs.conf文件保存了监控log的配置。For more information about editing this file, see CloudWatch Logs Agent Reference.
awslogs service的启停
$ sudo service awslogs start/stop
通过CLI管理Cloud Watch logs
create-log-group
Creates a new log group with the specified name. The name of the log group must be unique within a region for an AWS account. You can create up to 500 log groups per account.
$ aws logs create-log-group --log-group-name my-logs
在logs agent中配置的log group,如不存在会自动创建。
create-log-stream
Creates a new log stream in the specified log group. The name of the log stream must be unique within the log group. There is no limit on the number of log streams that can exist in a log group.
$ aws logs create-log-stream --log-group-name my-logs --log-stream-name 20161010
put-log-events
Uploads a batch of log events to the specified log stream.
Every put-log-events request must include the sequenceToken obtained from the response of the previous request. An upload in a newly created log stream does not require a sequenceToken . You can also get the sequenceToken using describe-log-streams .
$ aws logs put-log-events --log-group-name my-logs --log-stream-name 20161010 --log-events file://events
file events:
[
{
"timestamp": 1476084773350,
"message": "Example Event 1"
},
{
"timestamp": 1476084773358,
"message": "Example Event 2"
},
{
"timestamp": 1476084773360,
"message": "Example Event 3"
}
]
注意:时间不能是14天前的,否则不能导入。
describe-log-streams
$ aws logs describe-log-streams --log-group-name my-logs
delete-log-group
Deletes the log group with the specified name and permanently deletes all the archived log events associated with it.
$ aws logs delete-log-group --log-group-name my-logs
delete-log-stream
Deletes a log stream and permanently deletes all the archived log events associated with it.
$ aws logs delete-log-stream --log-group-name my-logs --log-stream-name 20161010
AWS CloudWatch Developer Guide