# Log delivery
**Note**
Slow Log is supported for Valkey 7.x and above, and Redis OSS clusters and replication groups using engine version 6.0 onward.
Engine Log is supported for Valkey 7.x and above, and Redis OSS clusters and replication groups using engine version 6.2 onward.
Command Log is supported for Valkey 8.1 and above.
Log delivery lets you stream [SLOWLOG](https://valkey.io/commands/slowlog), [COMMANDLOG](https://valkey.io/commands/commandlog/) (Valkey 8.1\$1), or **Engine Log** to one of two destinations:
+ Amazon Data Firehose
+ Amazon CloudWatch Logs
You enable and configure log delivery when you create or modify a cluster using ElastiCache APIs. Each log entry will be delivered to the specified destination in one of two formats: *JSON* or *TEXT*.
A fixed number of Slow log entries are retrieved from the engine periodically. Depending on the value specified for engine parameter `slowlog-max-len`, additional slow log entries might not be delivered to the destination.
You can choose to change the delivery configurations or disable log delivery at any time using the AWS console or one of the modify APIs, either [modify-cache-cluster](https://docs.aws.amazon.com/cli/latest/reference/elasticache/modify-cache-cluster.html) or [modify-replication-group](https://docs.aws.amazon.com/cli/latest/reference/elasticache/modify-replication-group.html).
You must set the `apply-immediately` parameter for all log delivery modifications.
**Note**
Amazon CloudWatch Logs charges apply when log delivery is enabled, even when logs are delivered directly to Amazon Data Firehose. For more information, see Vended Logs section in [Amazon CloudWatch Pricing](https://aws.amazon.com/cloudwatch/pricing/).
## Contents of a slow log entry
The Slow Log contains the following information:
+ **CacheClusterId** – The ID of the cluster
+ **CacheNodeId** – The ID of the cache node
+ **Id** – A unique progressive identifier for every slow log entry
+ **Timestamp** – The Unix timestamp at which the logged command was processed
+ **Duration** – The amount of time needed for its execution, in microseconds
+ **Command** – The command used by the client. For example, `set foo bar` where `foo` is the key and `bar` is the value. ElastiCache replaces the actual key name and value with `(2 more arguments)` to avoid exposing sensitive data.
+ **ClientAddress** – Client IP address and port
+ **ClientName** – Client name if set via the `CLIENT SETNAME` command
## Contents of an engine log entry
The ElastiCache Engine Log contains the following information:
+ **CacheClusterId** – The ID of the cluster
+ **CacheNodeId** – The ID of the cache node
+ **Log level** – LogLevel can one of the following: `VERBOSE("-")`, `NOTICE("*")`, `WARNING("#")`.
+ **Time** – The UTC time of the logged message. Time is in following format: `"DD MMM YYYY hh:mm:ss.ms UTC"`
+ **Role** – Role of the node from where the log is emitted. It can be one of the following: “M” for Primary, “S” for replica, "C" for writer child process working on RDB/AOF or "X" for sentinel.
+ **Message** – Engine log message.
## Permissions to configure logging
You need to include the following IAM permissions in your IAM user/role policy:
+ `logs:CreateLogDelivery`
+ `logs:UpdateLogDelivery`
+ `logs:DeleteLogDelivery`
+ `logs:GetLogDelivery`
+ `logs:ListLogDeliveries`
For more information, see [Overview of access management: Permissions and policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_access-management.html).
## Log type and log format specifications
### Slow log
Slow log supports both JSON and TEXT
The following shows a JSON format example:
```
{
"CacheClusterId": "logslowxxxxmsxj",
"CacheNodeId": "0001",
"Id": 296,
"Timestamp": 1605631822,
"Duration (us)": 0,
"Command": "GET ... (1 more arguments)",
"ClientAddress": "192.168.12.104:55452",
"ClientName": "logslowxxxxmsxj##"
}
```
The following shows a TEXT format example:
```
logslowxxxxmsxj,0001,1605631822,30,GET ... (1 more arguments),192.168.12.104:55452,logslowxxxxmsxj##
```
### Engine log
Engine log supports both JSON and TEXT
The following shows a JSON format example:
```
{
"CacheClusterId": "xxxxxxxxxzy-engine-log-test",
"CacheNodeId": "0001",
"LogLevel": "VERBOSE",
"Role": "M",
"Time": "12 Nov 2020 01:28:57.994 UTC",
"Message": "Replica is waiting for next BGSAVE before synchronizing with the primary. Check back later"
}
```
The following shows a TEXT format example:
```
xxxxxxxxxxxzy-engine-log-test/0001:M 29 Oct 2020 20:12:20.499 UTC * A slow-running Lua script detected that is still in execution after 1000 microseconds.
```
# ElastiCache logging destinations
This section describes the logging destinations that you can choose for your ElastiCache logs. Each section provides guidance for configuring logging for the destination type and information about any behavior that's specific to the destination type. After you've configured your logging destination, you can provide its specifications to the ElastiCache logging configuration to start logging to it.
**Topics**
+ [
## Amazon CloudWatch Logs
](#Destination_Specs_CloudWatch_Logs)
+ [
## Amazon Data Firehose
](#Destination_Specs_Kinesis_Firehose_Stream)
## Amazon CloudWatch Logs
+ You specify a CloudWatch Logs log group where the logs will be delivered.
+ Logs from multiple Valkey or Redis OSS clusters and replication groups can be delivered to the same log group.
+ A new log stream will be created for each node within a cluster or replication group and the logs will be delivered to the respective log streams. The log stream name will use the following format: `elasticache/${engine-name}/${cache-cluster-id}/${cache-node-id}/${log-type}`
**Permissions to publish logs to CloudWatch Logs**
You must have the following permissions settings to configure ElastiCache to send logs to a CloudWatch Logs log group:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogDelivery",
"logs:GetLogDelivery",
"logs:UpdateLogDelivery",
"logs:DeleteLogDelivery",
"logs:ListLogDeliveries"
],
"Resource": [
"*"
],
"Effect": "Allow",
"Sid": "ElastiCacheLogging"
},
{
"Sid": "ElastiCacheLoggingCWL",
"Action": [
"logs:PutResourcePolicy",
"logs:DescribeResourcePolicies",
"logs:DescribeLogGroups"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
```
------
For more information, see [Logs sent to CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-CWL).
## Amazon Data Firehose
+ You specify a Firehose delivery stream where the logs will be delivered.
+ Logs from multiple Valkey or Redis OSS clusters and replication groups can be delivered to the same delivery stream.
+ Logs from each node within a cluster or replication group will be delivered to the same delivery stream. You can distinguish log messages from different cache nodes based on the `cache-cluster-id` and `cache-node-id` included in each log message.
+ Log delivery to Firehose is currently not available in the Asia Pacific (Osaka) Region.
**Permissions to publish logs to Firehose**
You must have the following permissions to configure ElastiCache to send logs to an Amazon Kinesis Data Firehose delivery stream.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogDelivery",
"logs:GetLogDelivery",
"logs:UpdateLogDelivery",
"logs:DeleteLogDelivery",
"logs:ListLogDeliveries"
],
"Resource": [
"*"
],
"Effect": "Allow",
"Sid": "ElastiCacheLogging"
},
{
"Sid": "ElastiCacheLoggingFHSLR",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Sid": "ElastiCacheLoggingFH",
"Action": [
"firehose:TagDeliveryStream"
],
"Resource": "arn:aws:iam::*:role/*",
"Effect": "Allow"
}
]
}
```
------
# Specifying log delivery using the Console
Using the AWS Management Console you can create a Valkey or Redis OSS (cluster mode disabled) cluster by following the steps at [Creating a Valkey (cluster mode disabled) cluster (Console)](SubnetGroups.designing-cluster-pre.valkey.md#Clusters.Create.CON.valkey-gs) or create a Valkey or Redis OSS (cluster mode enabled) cluster using the steps at [Creating a Valkey or Redis OSS (cluster mode enabled) cluster (Console)](Clusters.Create.md#Clusters.Create.CON.RedisCluster). In either case, you configure log delivery by doing the following;
1. Under **Advanced settings**, choose **Logs** and then check either **Slow logs** or **Engine logs**.
1. Under **Log format**, choose either **Text** or **JSON**.
1. Under **Destination Type**, choose either **CloudWatch Logs** or **Kinesis Firehose**.
1. Under **Log destination**, choose either **Create new** and enter either your Amazon S3 bucket name, CloudWatchLogs log group name or your Kinesis Data Firehose stream name, or choose **Select existing** and then choose either your CloudWatch Logs group name or your Kinesis Data Firehose stream name,
**When modifying a cluster:**
You can choose to either enable/disable log delivery or change either the destination type, format or destination:
1. Sign in to the Console and open the ElastiCache console at [https://console.aws.amazon.com/elasticache/](https://console.aws.amazon.com/elasticache/home).
1. From the navigation pane, choose **Valkey clusters** or **Redis OSS clusters**.
1. From the list of clusters, choose the cluster you want to modify. Choose the **Cluster name** and not the checkbox beside it.
1. On the **Cluster name** page, choose the **Logs** tab.
1. To enable/disable slow logs, choose either **Enable slow logs** or **Disable slow logs**.
1. To enable/disable engine logs, choose either **Enable engine logs** or **Disable engine logs**.
1. To change your configuration, choose either **Modify slow logs** or **Modify engine logs**:
+ Under **Destination Type**, choose either **CloudWatch Logs** or **Kinesis Firehose**.
+ Under **Log destination**, choose either **Create new** and enter either your CloudWatchLogs log group name or your Kinesis Data Firehose stream name. Or choose **Select existing** and then choose either your CloudWatchLogs log group name or your Kinesis Data Firehose stream name.
# Specifying log delivery using the AWS CLI
**Slow Log**
Create a replication group with slow log delivery to CloudWatch Logs.
For Linux, macOS, or Unix:
```
aws elasticache create-replication-group \
--replication-group-id test-slow-log \
--replication-group-description test-slow-log \
--engine redis \
--cache-node-type cache.r5.large \
--num-cache-clusters 2 \
--log-delivery-configurations '{
"LogType":"slow-log",
"DestinationType":"cloudwatch-logs",
"DestinationDetails":{
"CloudWatchLogsDetails":{
"LogGroup":"my-log-group"
}
},
"LogFormat":"json"
}'
```
For Windows:
```
aws elasticache create-replication-group ^
--replication-group-id test-slow-log ^
--replication-group-description test-slow-log ^
--engine redis ^
--cache-node-type cache.r5.large ^
--num-cache-clusters 2 ^
--log-delivery-configurations '{
"LogType":"slow-log",
"DestinationType":"cloudwatch-logs",
"DestinationDetails":{
"CloudWatchLogsDetails":{
"LogGroup":"my-log-group"
}
},
"LogFormat":"json"
}'
```
Modify a replication group to deliver slow log to CloudWatch Logs
For Linux, macOS, or Unix:
```
aws elasticache modify-replication-group \
--replication-group-id test-slow-log \
--apply-immediately \
--log-delivery-configurations '
{
"LogType":"slow-log",
"DestinationType":"cloudwatch-logs",
"DestinationDetails":{
"CloudWatchLogsDetails":{
"LogGroup":"my-log-group"
}
},
"LogFormat":"json"
}'
```
For Windows:
```
aws elasticache modify-replication-group ^
--replication-group-id test-slow-log ^
--apply-immediately ^
--log-delivery-configurations '
{
"LogType":"slow-log",
"DestinationType":"cloudwatch-logs",
"DestinationDetails":{
"CloudWatchLogsDetails":{
"LogGroup":"my-log-group"
}
},
"LogFormat":"json"
}'
```
Modify a replication group to disable slow log delivery
For Linux, macOS, or Unix:
```
aws elasticache modify-replication-group \
--replication-group-id test-slow-log \
--apply-immediately \
--log-delivery-configurations '
{
"LogType":"slow-log",
"Enabled":false
}'
```
For Windows:
```
aws elasticache modify-replication-group ^
--replication-group-id test-slow-log ^
--apply-immediately ^
--log-delivery-configurations '
{
"LogType":"slow-log",
"Enabled":false
}'
```
**Engine Log**
Create a replication group with engine log delivery to CloudWatch Logs.
For Linux, macOS, or Unix:
```
aws elasticache create-replication-group \
--replication-group-id test-slow-log \
--replication-group-description test-slow-log \
--engine redis \
--cache-node-type cache.r5.large \
--num-cache-clusters 2 \
--log-delivery-configurations '{
"LogType":"engine-log",
"DestinationType":"cloudwatch-logs",
"DestinationDetails":{
"CloudWatchLogsDetails":{
"LogGroup":"my-log-group"
}
},
"LogFormat":"json"
}'
```
For Windows:
```
aws elasticache create-replication-group ^
--replication-group-id test-slow-log ^
--replication-group-description test-slow-log ^
--engine redis ^
--cache-node-type cache.r5.large ^
--num-cache-clusters 2 ^
--log-delivery-configurations '{
"LogType":"engine-log",
"DestinationType":"cloudwatch-logs",
"DestinationDetails":{
"CloudWatchLogsDetails":{
"LogGroup":"my-log-group"
}
},
"LogFormat":"json"
}'
```
Modify a replication group to deliver engine log to Firehose
For Linux, macOS, or Unix:
```
aws elasticache modify-replication-group \
--replication-group-id test-slow-log \
--apply-immediately \
--log-delivery-configurations '
{
"LogType":"engine-log",
"DestinationType":"kinesis-firehose",
"DestinationDetails":{
"KinesisFirehoseDetails":{
"DeliveryStream":"test"
}
},
"LogFormat":"json"
}'
```
For Windows:
```
aws elasticache modify-replication-group ^
--replication-group-id test-slow-log ^
--apply-immediately ^
--log-delivery-configurations '
{
"LogType":"engine-log",
"DestinationType":"kinesis-firehose",
"DestinationDetails":{
"KinesisFirehoseDetails":{
"DeliveryStream":"test"
}
},
"LogFormat":"json"
}'
```
Modify a replication group to switch to engine format
For Linux, macOS, or Unix:
```
aws elasticache modify-replication-group \
--replication-group-id test-slow-log \
--apply-immediately \
--log-delivery-configurations '
{
"LogType":"engine-log",
"LogFormat":"json"
}'
```
For Windows:
```
aws elasticache modify-replication-group ^
--replication-group-id test-slow-log ^
--apply-immediately ^
--log-delivery-configurations '
{
"LogType":"engine-log",
"LogFormat":"json"
}'
```
Modify a replication group to disable engine log delivery
For Linux, macOS, or Unix:
```
aws elasticache modify-replication-group \
--replication-group-id test-slow-log \
--apply-immediately \
--log-delivery-configurations '
{
"LogType":"engine-log",
"Enabled":false
}'
```
For Windows:
```
aws elasticache modify-replication-group ^
--replication-group-id test-slow-log ^
--apply-immediately ^
--log-delivery-configurations '
{
"LogType":"engine-log",
"Enabled":false
}'
```