The EBS disk included in the product is only used for day-to-day storage of logs. Persistent log storage is kept on an S3 store. This store also contains some other data items which should persist over upgrades of the rsyslog on AWS application.
The following prefixes/folders are used by rsyslog:
- /rsyslog.logstore/ – the actual logstore
This is synced with data from the local EBS disk once a day for the past day (in default settings).
- /rsyslog.config/ – config data items.
This contains the user-based config which can be restored from here during an upgrade or on misconfiguration.
The users should select proper S3 policies based on her or his needs. Most importantly, Versioning and Retention Period should be set accordingly.
The S3 store to use can be configured during the cloud formation process and manually via the meta config.
rsyslog on AWS – S3 file structure