Step to enable log retention policy for the RDS


Step to enable log retention policy for the RDS (Oracle) Instances

export dbinstance=kskdev01


# Publish all logs to CloudWatch for monitoring.
aws rds modify-db-instance --db-instance-identifier ${dbinstance} --cloudwatch-logs-export-configuration EnableLogTypes=alert,audit,listener,trace 

# Optional command to check the log group are created in CloudWatch. We can also Check in console : CloudWatch > Log Groups
aws logs describe-log-groups --log-group-name-prefix /aws/rds/instance/${dbinstance}   --output table

# By default, all published logs NEVER expire.  Need to set a  retention period, for example 91 days 

aws logs put-retention-policy --log-group-name /aws/rds/instance/${dbinstance}/alert --retention-in-days 120
aws logs put-retention-policy --log-group-name /aws/rds/instance/${dbinstance}/audit --retention-in-days 91
aws logs put-retention-policy --log-group-name /aws/rds/instance/${dbinstance}/listener --retention-in-days 120
aws logs put-retention-policy --log-group-name /aws/rds/instance/${dbinstance}/trace --retention-in-days 91 

No comments:

Post a Comment

Subscribe to: Posts (Atom)