bottlerocket icon indicating copy to clipboard operation
bottlerocket copied to clipboard
verified publisher icon bottlerocket-os

SSM session data is not logged on the host

Open vigh-m opened this issue 1 year ago • 2 comments

Are sessions opened by ssm-agent suppose to be getting logged in journald? I would expect to see those under control-container logs, but they don't show up.

bash-5.1# journalctl -u  [email protected]
-- No entries --

Originally posted by @hi-artem in https://github.com/bottlerocket-os/bottlerocket/discussions/2432

vigh-m avatar Jan 22 '25 21:01 vigh-m

I need that too. I'm looking for a way to collect the SSM Session Logs. I understand there are limitations due to the nature of the Bottlerocket AMI setup, like the SSM Agent running as a control container.

However, I need a workaround to collect user activity under the admin container.

VolodymyrSmahliuk avatar Jul 22 '25 09:07 VolodymyrSmahliuk

Found the reference (https://github.com/bottlerocket-os/bottlerocket-project-website/issues/29#issuecomment-1430442281) to a similar problem:

Especially with host containers, it can be hard to figure out where something like the admin container's ssh logs live (is it mounted on the host somewhere, or do we have to enter the container to get it?).

VolodymyrSmahliuk avatar Jul 22 '25 09:07 VolodymyrSmahliuk