I’d like to better understand the architecture: when my application prints something to stdout, I know that eventually I will find that line on CloudWatch Logs. But how does it get there, step by step?
Specifically, what steps are taken by which components of the stack?
I have a feeling that the OS inside the container is capturing the stdout of the process and send it syslog, which is configured to forward the data to an external syslog collector, which is maybe part of the Convox infrastructure? That collector will in turn use the AWS SDK to send the data to Cloudwatch Logs. The same collector is the component that could be reconfigured (according to Convox documentation) to forward the logs to a 3rd party syslog collector instead.
Is my guess correct?