# awslog agent
this role install awslog agent which sends syslog to cloudwatch. the default config sends /var/log/messages to cloudwatch. the default config is shown below.

```
[/var/log/messages]
datetime_format = %Y-%m-%d %H:%M:%S
file = /var/log/messages
buffer_duration = 5000
log_stream_name = {hostname}
initial_position = start_of_file
log_group_name = linux-syslog
```

## requirements
instances need the following cloudwatch log permissions. Create a policy with these privileges and attach as instance role
- CreateLogStream
- DescribeLogStreams
- CreateLogGroup
- PutLogEvents

## references:
- https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html