How to mirror the WordPress activity log to AWS CloudWatch (Amazon)

Search Knowledge Base by Keyword

You are here:

The WP Activity Log plugin can be configured to mirror the activity log of your WordPress website(s) to AWS Cloudwatch by Amazon, so you can centralize all of your website(s) logs with all the other logs of your network. The WordPress activity log is mirrored to third party services in real time, so you can see what is happening on your site in real time directly from your third party service of choice.

This document explains how you can mirror the activity logs of your WordPress website(s) to AWS CloudWatch. In short, the process consists of the following steps:

  1. Create an access key for your IAM User on AWS
  2. Set up an AWS CloudWatch connection in the WP Activity Log plugin
  3. Configure the mirroring of the activity log to CloudWatch

1. Create an access key for your IAM User on AWS

For the plugin to be able to send logs to AWS CloudWatch you will need an access key. In this section we explain how you can create one, assuming you have access to create one and you hace access to AWS CloudWatch. Please note that the below is a basic explanation. For more detailed information about AWS CloudWatch refer to the service’s documentation.

Creating an access key on AWS CloudWatch

  1. Login to your AWS portal.
  2. Select My Security Credentials from your account’s drop down menu in the top right corner.
  3. Click the Create access key button.
  4. When prompted click the Download .csv file and click Close.

IMPORTANT: The CSV file contains the Access Key ID and the Secret access key. Store this file / details in a secure location because you will not be able to access the Secret access key again from the AWS interface.

2. Create an AWS CloudWatch connection in the plugin

To setup an AWS CloudWatch connection in the activity log plugin:

  1. Click on the Integrations node in the plugin menu.
  2. Click the Create a Connection button to launch the connection setup wizard.
  3. Select AWS CloudWatch from the Type of Connection drop down menu in the first step of the wizard.
  4. When the plugin completes the requirements test, click Next.

Create an AWS CloudWatch connection in the plugin

  1. In the third step of the wizard, in which you configure the AWS CloudWatch connection, you have to specify the following:
    • Region – where the logs should be stored
    • AWS Key – from the downloaded csv file
    • AWS Secret – from the downloaded csv file
    • AWS Session Token – this is optional
    • Log group name
    • Log stream name
    • Retention – this is the number of days that the logs should be kept on AWS CloudWatch. You can change this setting later from the settings or from the AWS CloudWatch interface.
  2. Click Next when ready. When the plugin completes the test, click Next again.
  3. Specify a name for the connection. The connection name is the friendly name that is used in the plugin. They can be up to 25 characters long and can only consist of letters, numbers and underscores.
  4. Click Save Connection to close the wizard.

Testing the AWS CloudWatch Connection

Once the connection is setup it will be listed in the Connections tab. Click the Test button to send a test message to the configured service via the plugin and confirm the configuration.

Testing the AWS CloudWatch connection

3. Configuring the mirroring of the activity log to AWS CloudWatch

Once the AWS CloudWatch connection has been configured and tested, configure the mirroring by following the below instructions:

  1. Click on the Integrations node in the plugin menu.
  2. Navigate to the Mirroring tab and click the Setup an Activity Log Mirror button.

Configuring the mirroring of the activity log to AWS CloudWatch

  1. In the first step of the wizard specify the following:
    • Friendly name for the mirror.
    • Mirror identifier in logs (this will be added to each even, so you know the source of the activity log event).
    • Select the AWS CloudWatch connection you’ve just setup from the Connection drop down menu.
  2. In the second step of the wizard specify if you want the mirroring to start right away.

Configuring filters for the activity log and Slack integration

  1. In the last step of the wizard you can configure activity log filtering rules for the mirroring connection. By default, the connection is set to  Send all events option, though if you’d like to setup any filtering rules refer to configuring filtering rules for activity log mirroring connections.
  2. Click Save mirror to save the new mirroring process.

WordPress activity log in your AWS CloudWatch

That is it. Now the plugin will send a copy of the activity log events to your AWS CloudWatch log group / instance as they happen, in real time!

WordPress activity log in your AWS CloudWatch

Restrict log writing to mirror only

Once the mirroring setup process is complete, and WP Activity Log has successfully started writing to AWS Cloudwatch, you will have the option to stop writing activity logs to the database. While this will help you prevent redundant data, do keep in mind that the plugin will only write activity logs to the configured mirror(s).

To stop writing activity logs to the database, switch off the Write activity log to database option as available in the Mirroring tab.

Write activity logs to database

More information & other Integrations

Refer to getting started mirroring the WordPress activity log for more information on the format of the logs, the third party services the plugin can mirror activity logs to and other technical details.