Amazon ECS Log Collection
Incident Management is now generally available! Incident Management is now generally available!

Amazon ECS Log Collection

Overview

Datadog Agent 6+ collects logs from containers. The recommended way to collect logs from ECS containers is to enable containerized logging within your datadog-agent-ecs.json or datadog-agent-ecs1.json file. However, if your application emits logs to files in any capacity (logs that are not written to stdout/stderr), you will need to deploy the Datadog Agent on your host and use custom log collection to tail files.

Installation

ECS file

To collect all logs written by running applications in your ECS containers and send it to your Datadog application:

  1. Follow the Amazon ECS setup instructions.

  2. Update your datadog-agent-ecs.json file (datadog-agent-ecs1.json if you are using an original Amazon Linux AMI) with the following configuration:

    {
        "containerDefinitions": [
        (...)
          "mountPoints": [
            (...)
            {
              "containerPath": "/opt/datadog-agent/run",
              "sourceVolume": "pointdir",
              "readOnly": false
            },
            (...)
          ],
          "environment": [
            (...)
            {
              "name": "DD_LOGS_ENABLED",
              "value": "true"
            },
            {
              "name": "DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL",
              "value": "true"
            },
            (...)
          ]
        }
      ],
      "volumes": [
        (...)
        {
          "host": {
            "sourcePath": "/opt/datadog-agent/run"
          },
          "name": "pointdir"
        },
        (...)
      ],
      "family": "datadog-agent-task"
    }
    
  3. Make sure your container definition doesn’t contain a logConfiguration.logDriver parameter, so that the logs are written to stdout/stderr and collected by the Agent. If this parameter is set to awslogs, collect your Amazon ECS logs without the Agent by using AWS Lambda to collect ECS logs from CloudWatch.

  1. Follow the Amazon ECS setup instructions.

  2. Update your datadog-agent-ecs-win.json file with the following configuration:

    {
      "containerDefinitions": [
        (...)
          "environment": [
            (...)
            {
              "name": "DD_LOGS_ENABLED",
              "value": "true"
            },
            {
              "name": "DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL",
              "value": "true"
            },
            (...)
          ]
        }
      ],
      "family": "datadog-agent-task"
    }
    
  3. Make sure your container definition doesn’t contain a logConfiguration.logDriver parameter, so that the logs are written to stdout/stderr and collected by the Agent. If this parameter is set to awslogs, collect your Amazon ECS logs without the Agent by using AWS Lambda to collect ECS logs from CloudWatch.

Custom log collection

Configuration file

If your container writes any logs to files, follow the Custom Log Collection documentation to tail files for logs.

To gather logs from your <APP_NAME> application stored in <PATH_LOG_FILE>/<LOG_FILE_NAME>.log create a <APP_NAME>.d/conf.yaml file at the root of your Agent’s configuration directory with the following content:

logs:
  - type: file
    path: "<PATH_LOG_FILE>/<LOG_FILE_NAME>.log"
    service: "<APP_NAME>"
    source: "<SOURCE>"

Note: Container metadata is not retrieved with custom log collection, therefore the Agent does not automatically assign container tags to logs. Use custom tags to create container tags.

Container label

With Agent v7.25.0+/6.25.0+, it is possible to enable file tailing by using a container label so the logs collected receive the tags of the container on which the label was set. See this example that details the exact label to use.

Note: The file paths are always relative to the Agent. So, this requires extra configuration for involved ECS tasks to share a directory between the container writing to the file and the Agent container. Refer to the AWS documentation for additional details on volume management with ECS.

Activate log integrations

The source attribute is used to identify the integration to use for each container. Override it directly in your containers labels to start using log integrations. Read Datadog’s Autodiscovery guide for logs to learn more about this process.

Further reading

Additional helpful documentation, links, and articles: