Amazon CloudWatch Logs Agent vs CloudWatch Unified Agent - Overview.
Scope:
- Intro,
- Comparison of Agents,
- Key Differences,
- Link to official documentation:
- Legacy CloudWatch Logs Agent,
- CloudWatch Unified Agent,
- Flow Diagram of Logs Agent vs Unified Agent
- Migration from logs agent to unified agent & Best Practices.
Intro:
- The CloudWatch unified agent is the current (as at January-2026), recommended tool for comprehensive monitoring, while the older CloudWatch Logs agent is deprecated and is no longer supported.
- CloudWatch unified agent primary difference lies in the unified agent's ability to collect both logs and metrics with a single installation.
Comparison of Agents
| Feature | CloudWatch Logs Agent (Older) | CloudWatch Unified Agent (Current) |
|---|---|---|
| Status | Deprecated and no longer supported. | Recommended and fully supported. |
| Data Collection | Collects only logs from EC2 instances and on-premises servers. | Collects both logs and metrics (including custom metrics like memory/disk utilization). |
| Operating Systems | Primarily supported Linux servers. | Supports both 64-bit Linux and Windows servers. |
| Configuration | Configured via a separate configuration file. | Supports configuration via the config.json file, which can be created with a wizard, and deployment using AWS Systems Manager (SSM). |
| Migration | A migration wizard is available to help transition existing configurations to the new agent. | Includes a wizard to easily migrate older configurations. |
Key Differences
- Unified Functionality: The most significant advantage of the unified agent is that it consolidates log and metric collection into a single agent, simplifying installation and management compared to using separate tools.
- Comprehensive Metrics: The unified agent can collect detailed system-level metrics (e.g., memory, disk space, CPU threads), which were not available with the logs-only agent or only via separate, older tools like
EC2Configor Perl scripts. - Modern Support: The unified agent is built with modern practices (written in Go, for a reasonable memory footprint) and supports newer AWS features like Instance Metadata Service Version 2 (IMDSv2).
- AWS strongly recommends twtech to migrate to the unified CloudWatch agent for all new and existing setups.
Link to official documentation:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Install-CloudWatch-Agent.html
1. Legacy CloudWatch Logs Agent
- Purpose: Forward application/system logs
to CloudWatch Logs.
- Installation: Python-based agent (awslogs), configured via awslogs.conf.
- Capabilities:
- Collects log files (e.g., /var/log/messages, /var/log/httpd/access_log).
- Streams logs into CloudWatch Logs groups/streams.
- Lightweight, but logs-only (no metrics).
- Limitations:
- No metric collection (CPU, memory, disk, etc.).
- Less extensible, being phased out in favor of the unified agent.
- Older configuration format.
2. CloudWatch Unified Agent
- Purpose:
Consolidated agent for logs + metrics.
- Installation: Binary package, configured via JSON config file (amazon-cloudwatch-agent.json).
- Capabilities:
- Logs:
- Same functionality as Logs
Agent (send log files →
CloudWatch Logs).
- Supports more advanced
filtering, multiple log sources.
- Metrics:
- Collects system-level
metrics (CPU, disk, memory,
network).
- Can collect application-level/custom
metrics.
- Pushes metrics directly to CloudWatch
Metrics.
- Integration:
- Can pull custom dimensions (instance ID, tags, Auto Scaling
group).
- Can output to CloudWatch
Logs, CloudWatch Metrics, and even Kinesis/Firehose.
- Extensibility:
- JSON configuration supports both logs and metrics.
- Can run in Docker, EC2, on-premises servers.
3. Flow Diagram of Logs Agent vs Unified Agent
4. Migration from logs agent to unified agent & Best Practices
- If twtech is only shipping logs → Logs Agent works is okay.
- However, for new installs logs twtech should use Unified Agent.
- For hybrid workloads (metrics + logs, containerized, on-prem, EC2) → Unified Agent is strongly recommended.
- AWS guidance: treat older Logs Agent as deprecated in favor of newer Unified Agent.
No comments:
Post a Comment