How are logs collected?


I’d like to better understand the architecture: when my application prints something to stdout, I know that eventually I will find that line on CloudWatch Logs. But how does it get there, step by step?

Specifically, what steps are taken by which components of the stack?

I have a feeling that the OS inside the container is capturing the stdout of the process and send it syslog, which is configured to forward the data to an external syslog collector, which is maybe part of the Convox infrastructure? That collector will in turn use the AWS SDK to send the data to Cloudwatch Logs. The same collector is the component that could be reconfigured (according to Convox documentation) to forward the logs to a 3rd party syslog collector instead.

Is my guess correct?


1 Like


You can check out the task definitions generated by Convox. Under “Container Definitions” you will find “Log Configuration”. The Log Driver used is called “awslogs” and it is configured at the Task Definition level.

Also if you ssh into the EC2 Instance and use docker inspect <CONTAINER_ID> command, you will find a section called “LogConfig” under “HostConfig”. This will contain the same information as the Task Definition.

So this seems to be a feature of Docker itself. I hope this points you in the right direction.

Ah! Thanks a lot Vincent! That’s really good input.

Basically it confirms that no Convox-specific technology is involved in the log collection process. It’s all Docker + AWS machinery.