CloudWatch Logs adds managed syslog ingestion
Amazon CloudWatch Logs now supports managed syslog ingestion, allowing customers to send syslog messages from infrastructure devices and servers directly into CloudWatch Logs without agents. This feature simplifies log collection and centralizes visibility by automatically parsing messages into structured fields, enabling easier querying and analysis. It is available in most commercial AWS Regions and supports various syslog formats over TCP, TCP+TLS, or UDP.
- →Managed syslog ingestion for CloudWatch Logs
- →Automatic syslog message parsing and structuring
- →Centralized log visibility and simplified operations
Features (1) ›
- Managed syslog ingestion for CloudWatch Logs
Customers can now send syslog messages directly to CloudWatch Logs from firewalls, routers, switches, and Linux servers using TCP, TCP+TLS, or UDP without managing agents. The service supports RFC 5424, RFC 3164, and Cisco FTD/ASA formats.
Enhancements (1) ›
- Automatic syslog message parsing and structuring
CloudWatch Logs automatically parses incoming syslog messages, extracting structured fields like facility, severity, hostname, and application name. This eliminates the need for custom parsing pipelines and enables immediate querying of specific log attributes.
Notes (1) ›
- Centralized log visibility and simplified operations
This feature aids in centralizing infrastructure log visibility, simplifying operational workflows, and reducing the overhead of agent deployment and maintenance across distributed environments. It allows for immediate investigation of security events or troubleshooting connectivity issues via Logs Analytics.
https://aws.amazon.com/about-aws/whats-new/2026/06/amazon-cloudwatch-syslog-ingestion/