Viewing SSM Agent logs - Amazon Web Services Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Viewing SSM Agent logs

Amazon Web Services Systems Manager Agent (SSM Agent) writes information about executions, commands, scheduled actions, errors, and health statuses to log files on each instance. You can view log files by manually connecting to an instance, or you can automatically send logs to Amazon CloudWatch Logs. For more information about sending logs to CloudWatch Logs, see Monitoring Amazon Web Services Systems Manager.

You can view SSM Agent logs on instances in the following locations.

Linux and macOS

/var/log/amazon/ssm/amazon-ssm-agent.log

/var/log/amazon/ssm/errors.log

/var/log/amazon/ssm/audits/amazon-ssm-agent-audit-YYYY-MM-DD

Windows

%PROGRAMDATA%\Amazon\SSM\Logs\amazon-ssm-agent.log

%PROGRAMDATA%\Amazon\SSM\Logs\errors.log

%PROGRAMDATA%\Amazon\SSM\Logs\audits\amazon-ssm-agent-audit-YYYY-MM-DD

For Linux instances, the SSM Agent stderr and stdout files are written to the following directory: /var/lib/amazon/ssm.

For information about enabling SSM Agent debug logging, see Enabling SSM Agent debug logging.

For more information about cihub/seelog configuration, see the Seelog Wiki on GitHub. For examples of cihub/seelog configurations, see the cihub/seelog examples repository on GitHub.

Enabling SSM Agent debug logging

Use the following procedure to enable SSM Agent debug logging on your managed instances.

Linux and macOS

To enable SSM Agent debug logging on Linux and macOS instances

  1. Either use Session Manager, a capability of Amazon Web Services Systems Manager, to connect to the instance where you want to enable debug logging, or log on to the managed instance. For more information, see Working with Session Manager.

  2. Locate the seelog.xml.template file.

    Linux:

    On most Linux instance types, the file is located in the directory /etc/amazon/ssm/seelog.xml.template.

    On Ubuntu Server 20.10 STR & 20.04, 18.04, and 16.04 LTS, the file is located in the directory /snap/amazon-ssm-agent/current/seelog.xml.template. Copy this file from the /snap/amazon-ssm-agent/current/ directory to the /etc/amazon/ssm/ directory before making any changes.

    macOS:

    On macOS instance types, the file is located in the directory /opt/aws/ssm/seelog.xml.template.

  3. Change the file name from seelog.xml.template to seelog.xml.

    Note

    On Ubuntu Server 20.10 STR & 20.04, 18.04, and 16.04 LTS, the file seelog.xml must be created in the directory /etc/amazon/ssm/. You can create this directory and file by running the following commands.

    sudo mkdir -p /etc/amazon/ssm
    sudo cp -p /snap/amazon-ssm-agent/current/seelog.xml.template /etc/amazon/ssm/seelog.xml
  4. Edit the seelog.xml file to change the default logging behavior. Change the value of minlevel from info to debug, as shown in the following example.

    <seelog type="adaptive" mininterval="2000000" maxinterval="100000000" critmsgcount="500" minlevel="debug">

  5. (Optional) Restart SSM Agent using the following command.

    Linux:

    sudo service amazon-ssm-agent restart

    macOS:

    sudo /opt/aws/ssm/bin/amazon-ssm-agent restart
Windows

To enable SSM Agent debug logging on Windows Server instances

  1. Either use Session Manager to connect to the instance where you want to enable debug logging, or log on to the managed instance. For more information, see Working with Session Manager.

  2. Make a copy of the seelog.xml.template file. Change the name of the copy to seelog.xml. The file is located in the following directory.

    %PROGRAMFILES%\Amazon\SSM\seelog.xml.template

  3. Edit the seelog.xml file to change the default logging behavior. Change the value of minlevel from info to debug, as shown in the following example.

    <seelog type="adaptive" mininterval="2000000" maxinterval="100000000" critmsgcount="500" minlevel="debug">

  4. Locate the following entry.

    filename="{{LOCALAPPDATA}}\Amazon\SSM\Logs\amazon-ssm-agent.log"

    Change this entry to use the following path.

    filename="C:\ProgramData\Amazon\SSM\Logs\amazon-ssm-agent.log"

  5. Locate the following entry.

    filename="{{LOCALAPPDATA}}\Amazon\SSM\Logs\errors.log"

    Change this entry to use the following path.

    filename="C:\ProgramData\Amazon\SSM\Logs\errors.log"

  6. Restart SSM Agent using the following PowerShell command in Administrator mode.

    Restart-Service AmazonSSMAgent