Amazon ECS Log File Locations
Amazon ECS stores logs in the /var/log/ecs folder of your container
instances. There are logs available from the Amazon ECS container agent and from the
ecs-init service that controls the state of the agent (start/stop) on the
container instance. You can view these log files by connecting to a container instance using
SSH.
Note
If you are not sure how to collect all of the logs on your container instances, you can use the Amazon ECS logs collector. For more information, see Amazon ECS logs collector.
Amazon ECS Container Agent Log
The Amazon ECS container agent stores logs on your container instances.
For container agent version 1.36.0 and later, by default the logs are located at
/var/log/ecs/ecs-agent.log on Linux instances and at
C:\ProgramData\Amazon\ECS\log\ecs-agent.log on Windows
instances.
For container agent version 1.35.0 and earlier, by default the logs are located at
/var/log/ecs/ecs-agent.log.
on Linux instances and at
timestampC:\ProgramData\Amazon\ECS\log\ecs-agent.log.
on Windows instances.timestamp
By default, the agent logs are rotated hourly with a maximum of 24 logs being stored.
The following are the container agent configuration variables that can be used to change the default agent logging behavior. For more information, see Amazon ECS container agent configuration.
ECS_LOGFILE-
Example values:
/ecs-agent.logDefault value on Linux: Null
Default value on Windows: Null
The location where agent logs should be written. If you are running the agent via
ecs-init, which is the default method when using the Amazon ECS-optimized AMI, the in-container path will be/logandecs-initmounts that out to/var/log/ecs/on the host. ECS_LOGLEVEL-
Example values:
crit,error,warn,info,debugDefault value on Linux:
infoDefault value on Windows:
infoThe level of detail to log.
ECS_LOGLEVEL_ON_INSTANCE-
Example values:
none,crit,error,warn,info,debugDefault value on Linux:
none, ifECS_LOG_DRIVERis explicitly set to a non-empty value; otherwise the same value asECS_LOGLEVELDefault value on Windows:
none, ifECS_LOG_DRIVERis explicitly set to a non-empty value; otherwise the same value asECS_LOGLEVELCan be used to override
ECS_LOGLEVELand set a level of detail that should be logged in the on-instance log file, separate from the level that is logged in the logging driver. If a logging driver is explicitly set, on-instance logs are turned off by default, but can be turned back on with this variable. ECS_LOG_DRIVER-
Example values:
awslogs,fluentd,gelf,json-file,journald,logentriessyslog,splunkDefault value on Linux:
json-fileDefault value on Windows: Not applicable
Determines the logging driver to be used by the agent container.
ECS_LOG_ROLLOVER_TYPE-
Example values:
size,hourlyDefault value on Linux:
hourlyDefault value on Windows:
hourlyDetermines whether the container agent log file will be rotated hourly or based on size. By default, the agent log file is rotated each hour.
ECS_LOG_OUTPUT_FORMAT-
Example values:
logfmt,jsonDefault value on Linux:
logfmtDefault value on Windows:
logfmtDetermines the log output format. When the
jsonformat is used, each line in the log will be a structured JSON map. ECS_LOG_MAX_FILE_SIZE_MB-
Example values:
10Default value on Linux:
10Default value on Windows:
10When the
ECS_LOG_ROLLOVER_TYPEvariable is set tosize, this variable determines the maximum size (in MB) of the log file before it is rotated. If the rollover type is set tohourly, then this variable is ignored. ECS_LOG_MAX_ROLL_COUNT-
Example values:
24Default value on Linux:
24Default value on Windows:
24Determines the number of rotated log files to keep. Older log files are deleted after this limit is reached.
For container agent version 1.36.0 and later, the following is an example log file
when the logfmt format is used.
level=info time=2019-12-12T23:43:29Z msg="Loading configuration" module=agent.go
level=info time=2019-12-12T23:43:29Z msg="Image excluded from cleanup: amazon/amazon-ecs-agent:latest" module=parse.go
level=info time=2019-12-12T23:43:29Z msg="Image excluded from cleanup: amazon/amazon-ecs-pause:0.1.0" module=parse.go
level=info time=2019-12-12T23:43:29Z msg="Amazon ECS agent Version: 1.36.0, Commit: ca640387" module=agent.go
level=info time=2019-12-12T23:43:29Z msg="Creating root ecs cgroup: /ecs" module=init_linux.go
level=info time=2019-12-12T23:43:29Z msg="Creating cgroup /ecs" module=cgroup_controller_linux.go
level=info time=2019-12-12T23:43:29Z msg="Loading state!" module=statemanager.go
level=info time=2019-12-12T23:43:29Z msg="Event stream ContainerChange start listening..." module=eventstream.go
level=info time=2019-12-12T23:43:29Z msg="Restored cluster 'auto-robc'" module=agent.go
level=info time=2019-12-12T23:43:29Z msg="Restored from checkpoint file. I am running as 'arn:aws:ecs:us-west-2:0123456789:container-instance/auto-robc/3330a8a91d15464ea30662d5840164cd' in cluster 'auto-robc'" module=agent.go The following is an example log file when the JSON format is used.
{"time": "2019-11-07T22:52:02Z", "level": "info", "msg": "Starting Amazon Elastic Container Service Agent", "module": "engine.go"}For container agent versions 1.35.0 and earlier, the following is the format of the log file.
2016-08-15T15:54:41Z [INFO] Starting Agent: Amazon ECS Agent - v1.12.0 (895f3c1)
2016-08-15T15:54:41Z [INFO] Loading configuration
2016-08-15T15:54:41Z [WARN] Invalid value for task cleanup duration, will be overridden to 3h0m0s, parsed value 0, minimum threshold 1m0s
2016-08-15T15:54:41Z [INFO] Checkpointing is enabled. Attempting to load state
2016-08-15T15:54:41Z [INFO] Loading state! module="statemanager"
2016-08-15T15:54:41Z [INFO] Detected Docker versions [1.17 1.18 1.19 1.20 1.21 1.22]
2016-08-15T15:54:41Z [INFO] Registering Instance with ECS
2016-08-15T15:54:41Z [INFO] Registered! module="api client"Amazon ECS ecs-init Log
The ecs-init process stores logs at
/var/log/ecs/ecs-init.log.
You can use the following command to view the log files.
cat /var/log/ecs/ecs-init.logOutput:
2018-02-16T18:13:54Z [INFO] pre-start
2018-02-16T18:13:56Z [INFO] start
2018-02-16T18:13:56Z [INFO] No existing agent container to remove.
2018-02-16T18:13:56Z [INFO] Starting Amazon Elastic Container Service AgentIAM Roles for Tasks Credential Audit Log
When the credential provider for the IAM role is used to provide credentials to
tasks, these requests are saved in an audit log. The audit log inherits the same log
rotation settings as the container agent log. The ECS_LOG_ROLLOVER_TYPE,
ECS_LOG_MAX_FILE_SIZE_MB, and ECS_LOG_MAX_ROLL_COUNT
container agent configuration variables can be set to affect the behavior of the audit
log. For more information, see Amazon ECS Container Agent Log.
For container agent version 1.36.0 and later, the audit log is located at
/var/log/ecs/audit.log. When the log is rotated, a timestamp in
YYYY-MM-DD-HH
For container agent version 1.35.0 and earlier, the audit log is located at
/var/log/ecs/audit.log..YYYY-MM-DD-HH
The log entry format is as follows:
-
Timestamp
-
HTTP response code
-
IP address and port number of request origin
-
Relative URI of the credential provider
-
The user agent that made the request
-
The ARN of the task to which the requesting container belongs
-
The
GetCredentialsAPI name and version number -
The name of the Amazon ECS cluster to which the container instance is registered
-
The container instance ARN
An example log entry is shown below.
You can use the following command to view the log files.
cat /var/log/ecs/audit.log.2016-07-13-16Output:
2016-07-13T16:11:53Z 200 172.17.0.5:52444 "/v1/credentials" "python-requests/2.7.0 CPython/2.7.6 Linux/4.4.14-24.50.amzn1.x86_64" TASK_ARN GetCredentials 1 CLUSTER_NAME CONTAINER_INSTANCE_ARN