Which steps should be taken to troubleshoot the issue?
(Choose two.)
Use an EC2 run command to confirm that the ג€awslogsג€ service is running on all instances.
Verify that the permissions used by the agent allow creation of log groups/streams and to put log events.
Check whether any application log entries were rejected because of invalid time stamps by reviewing /var/cwlogs/rejects.log.
Check that the trust relationship grants the service ג€cwlogs.amazonaws.comג€ permission to write objects to the Amazon S3 staging bucket.
Verify that the time zone on the application servers is in UTC.
Explanations:
Using the EC2 Run Command to confirm that the “awslogs” service is running on all instances helps ensure that the CloudWatch Logs agent is actively running and capable of pushing logs. If the service is not running, it can lead to missing logs.
Verifying that the permissions used by the agent allow for the creation of log groups/streams and the ability to put log events is crucial. Insufficient permissions can prevent the agent from sending logs to CloudWatch, leading to missing log data.
Checking the /var/cwlogs/rejects.log for rejected log entries due to invalid timestamps may be helpful, but it’s not a primary step for troubleshooting missing logs. Other steps, like checking service status and permissions, are more critical.
While ensuring that the trust relationship grants the cwlogs.amazonaws.com permission to write to an S3 staging bucket is important, it is not directly related to the immediate problem of missing logs from EC2 instances. This is more applicable to S3 bucket configurations rather than CloudWatch Logs directly.
Verifying that the time zone on application servers is in UTC is generally a good practice for consistency in logs, but it does not directly address the immediate issue of missing logs in CloudWatch. Logs should still be captured regardless of the server’s time zone settings.