We're trying to migrate our Java applications from from the current Elastic Beanstalk JDK 8 platforms to the new ones running Corretto 11 on Amazon Linux 2. The app works well, but the way logs are handled changed. The output from the web process is now stored in /var/log/web.stdout.log
and every line is prefixed with the timestamp and process name, ie:
May 20 17:00:00 ip-10-48-41-129 web: {"timestamp":"2020-05-20T17:00:00.035Z","message":"...","logger":"...","thread":"MessageBroker-2","level":"INFO"}
How can we get rid of the prefix? These logs are streamed into CloudWatch and we're outputting them to stdout in JSON so that we can later query them with Logs Insights. But with the prefix, Insights doesn't "see" the JSON and just treats the whole line as a text blob.
I cannot find any documentation for that on AWS. Almost all of Elastic Beanstalk's documentation refers to the first version of Amazon Linux.
Best Answer
I found a solution that works well enough, so I'll post it here for posterity. If someone can suggest a better one, please do.
Elastic Beanstalk on Amazon Linux 2 relies on
rsyslog
for log processing and output. There's a file at/opt/elasticbeanstalk/config/private/rsyslog.conf
that during deployment gets copied over to/etc/rsyslog.d/web.conf
and it's the one that's directing all output from theweb
application to/var/log/web.stdout.log
.The file doesn't include any custom template. It relies on
rsyslog
's default template, which prefixes any%msg%
with a timestamp and$programname
(which isweb
in this case).I tried replacing this file via an
.ebextensions
config, but that didn't work, because Elastic Beanstalk seems to be overwriting this file after.ebextensions
run. So I added an additional platform hook that deletes the file, keeping the custom one I added.Here's the
.ebextensions/logs.config
file:and
.platform/hooks/predeploy/remove-default-rsyslog-conf.sh
(make sure youchmod +x
this one):