- EC2 instances do not send logs to CloudWatch Logs by default.
- To push logs, a CloudWatch Logs agent must be installed and running.
- The instance requires IAM permissions to publish logs.
- The same agent can be installed on on-premises servers to send logs to AWS.
CloudWatch Logs Agent vs Unified Agent
CloudWatch Logs Agent
- Legacy agent.
- Sends only logs to CloudWatch Logs.
CloudWatch Unified Agent
- Modern replacement with broader capabilities.
- Collects both:
- Logs (for CloudWatch Logs)
- System-level metrics (e.g., memory, processes, disk usage).
- Supports centralized configuration via SSM Parameter Store.
CloudWatch Unified Agent – Metrics
- Metrics collected directly from the server (Linux/Windows EC2 or on-premises).
Collected Metrics Examples
- CPU: active, guest, idle, system, user, steal
- Disk: free, used, total, I/O stats (writes, reads, bytes, IOPS)
- RAM: free, inactive, used, total, cached
- Netstat: TCP/UDP connection counts, packets, bytes
- Processes: total, dead, blocked, idle, running, sleeping
- Swap: free, used, usage percentage
EC2 already provides basic instance metrics (CPU, network, disk) without the agent, but not detailed RAM or process-level metrics.