AWS rsyslog – Technical Overview

We provide

  • AMI file
  • CloudFormation file

The AMI contains rsyslog with a special configuration. A simple feature-based configuration is included, which enables the user to easily turn standard features on and off. The current feature set provides:

  • servers for UDP and TCP syslog
  • storing incoming logs split by reporting hostname and tag in the log store
  • filtering out unwanted logs by hostname and tag in a highly efficient way
  • limited email-alerting based on keywords inside the log stream
  • rsyslog-internal state information via pstats
    • written to local file
    • published to CloudWatch Dashboard
    • basic log rotation settings
  • easily configurable meta configuration file

It’s important to note that the rsyslog AWS Marketplace Application is designed to be used within a private IP address space. Therefore, it should not be exposed to the public Internet, as this can result in significant security risks. To connect non-cloud systems, we recommend using Amazon’s Site-to-Site VPN service. However, please be aware that the configuration of this service is the responsibility of the user.

Important: Log data is at risk of being lost upon instance destruction as it shares the same EBS disk as the main rsyslog software. Beta testers should mount their own log store and change the meta-config’s log store location. Additionally, user-created config items like meta-config and drop filter are stored on the main EBS disk, so beta users should back them up using their own script or simple copy-and-paste.

During the beta phase, we will be introducing new features and improvements to enhance the performance and functionality of rsyslog. To stay up-to-date with the latest developments, be sure to regularly check the rsyslog website where we’ll announce new versions as they become available.

Back to aws rsyslog overview.

Scroll to top