Exam AWS Certified Security - Specialty topic 1 question 14 discussion

A and B..

C is incorrect. /var/cwlogs/rejects.log does not exists. The correct log file is /var/log/awslogs.log

A and B

B&A according to the chatgpt To troubleshoot the issue of missing logs from specific EC2 instances using Amazon CloudWatch Logs, the following steps should be taken: B. Verify that the permissions used by the agent allow creation of log groups/streams and to put log events. This step is crucial to ensure that the CloudWatch Logs agent has the necessary IAM permissions to send logs to CloudWatch. C. Check whether any application log entries were rejected because of invalid time stamps by reviewing /var/cwlogs/rejects.log. This log file can provide insights into any logs that were rejected due to timestamp issues, which is a common problem that can cause logs to not appear in CloudWatch. These two steps will help identify and address potential permission and format issues that could be causing the missing logs.

no rejects.log at all

AB are the correct answers. There's nothing called "rejects.log".

A & B is correct

A y B should be the right ones. I discarded the others: -C: rejects.log does exist -D: the agent does not upload logs to S3 directly -E: the time zone can be LOCAL as well -> time_zone .Specifies the time zone of log event timestamp. The two supported values are UTC and LOCAL. The default is LOCAL, which is used if time zone can't be inferred based on datetime_format. (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html)

A and B

A and B is the right answer

A and B make sense

A and B is the right answer

And B is right ans

C is almost right, if it wasn<t for the made up directories. https://aws.amazon.com/premiumsupport/knowledge-center/push-log-data-cloudwatch-awslogs/ A describes the right service name : https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html B is kind of OK, even if the permissions are defined at the instance level not the agent level

Option A and E. Check this amazing article at https://aws.amazon.com/premiumsupport/knowledge-center/cloudwatch-push-logs-with-unified-agent/ Topic *Resolve timestamp issues* (Option E) and topic *Check your IAM permissions* which excludes option B, since the log stream has already been created and only this instance is having trouble.

Particular instance issue , probably mussing autorisation

keywords: instance-level logging. (At the first glance, missing the instance-level, I searched file permission in the answers.) A - If the agent stopped not log being pushed B - Permission is not applied on the agent but instance role (if the role is used, I will prefer B to C) C - timestamp: The PutLogEvents command doesn't allow log batches in time frames either older than 14 days or more than two hours in the future. D - I think the agent can calculate the timestamp correctly based on time zone :-)