Tutorials

ECS Logs Collector – Essential Tool For Amazon ECS Troubleshooting

This project was created to collect Amazon ECS log files and Operating System log files for troubleshooting Amazon ECS customer support cases.

The following functions are supported:

  • Collect Operating System logs
  • Collect Operating System settings
  • Collect Docker logs
  • Collect Amazon ECS agent Logs
  • Enable debug mode for Docker and the Amazon ECS agent (only available for Systemd init systems and Amazon Linux)
  • Create a tar zip file in the same folder as the script

Usage

Run this project as the root user:

curl -O https://raw.githubusercontent.com/aws/amazon-ecs-logs-collector/master/ecs-logs-collector.sh
bash ecs-logs-collector.sh

Confirm if the tarball file was successfully created (it can be .tgz or .tar.gz)

# ls collect*
collect-i-ffffffffffffffffff-YYYYMMDDHHmm.tgz

collect:
i-ffffffffffffffffff

Retrieving The Logs

Download the tarball using your favourite Secure Copy tool.

Important

We recommend that you edit the logs and remove all sensitive data from the files. You can search for known data, and also search for environment variables such as AWS_ACCESS_KEY_ID , AWS_SECRET_ACCESS_KEY , and AWS_SESSION_TOKEN in the file.

Example Output

The project can be used in normal or enable-debug mode. Enable debug is only available for Systemd init systems and Amazon Linux.

# bash ecs-logs-collector.sh --help
USAGE: ./ecs-logs-collector.sh [--mode=[brief|enable-debug]]
       ./ecs-logs-collector.sh --help

OPTIONS:
     --mode  Sets the desired mode of the script. For more information,
             see the MODES section.
     --help  Show this help message.

MODES:
     brief         Gathers basic operating system, Docker daemon, and Amazon
                   ECS Container Agent logs. This is the default mode.
     enable-debug  Enables debug mode for the Docker daemon and the Amazon
                   ECS Container Agent. Only supported on Systemd init systems
                   and Amazon Linux.

Example Output In Normal Mode

The following output shows this project running in normal mode.

# bash ecs-logs-collector.sh
Trying to check if the script is running as root ... ok
Trying to resolve instance-id ... ok
Trying to collect system information ... ok
Trying to check disk space usage ... ok
Trying to collect common operating system logs ... ok
Trying to collect kernel logs ... ok
Trying to get mount points and volume information ... ok
Trying to check SELinux status ... ok
Trying to get iptables list ... ok
Trying to detect installed packages ... ok
Trying to detect active system services list ... ok
Trying to gather Docker daemon information ... ok
Trying to inspect all Docker containers ... ok
Trying to collect Docker and containerd daemon logs ... ok
Trying to collect Docker systemd unit file ... ok
Trying to collect containerd systemd unit file ... ok
Trying to collect Docker sysconfig ... ok
Trying to collect Docker storage sysconfig ... ok
Trying to collect Docker daemon.json ... ok
Trying to collect Amazon ECS Container Agent logs ... ok
Trying to collect Amazon ECS Container Agent state and config ... ok
Trying to collect Amazon ECS Container Agent engine data ... ok
Trying to get open files list ... ok
Trying to collect /etc/os-release ... ok
Trying to get uname kernel info ... ok
Trying to get dmidecode info ... ok
Trying to get lsmod info ... ok
Trying to collect systemd slice info ... ok
Trying to get veth info ... ok
Trying to get gpu info ... ok
Trying to archive gathered log information ... ok

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

How to Install Docker on Ubuntu (Step-by-Step Guide)

Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…

1 day ago

Uninstall Docker on Ubuntu

Docker is one of the most widely used containerization platforms. But there may come a…

1 day ago

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

2 days ago

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

3 days ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

4 days ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

4 days ago