# Configure resource logging for AWS IoT Wireless resources
By default, if you create the IAM role, `IoTWirelessLogsRole`, as described in [Create logging role and policy for AWS IoT Wireless monitoring](create-logging-role-policy.md), you'll see CloudWatch logs in the AWS Management Console that have a default log level of `ERROR`. To change the default log level for all your resources or for specific resources, you can configure the logging settings.
To configure logging for AWS IoT Wireless resources, you can use the AWS IoT console, the AWS IoT Wireless API, or the AWS CLI. The following section shows the various logging API and how to use them to configure logging for your wireless resources.
**Topics**
+ [Configure log levels of resources (console)](#configure-logging-console)
+ [Configure log levels of resources (CLI)](#configure-logging-api)
+ [Next Steps](#configure-logging-next-steps)
## Configure log levels of resources (console)
To configure logging for AWS IoT Wireless resources from the console, first go to the [AWS IoT Core for LoRaWAN hub](https://console.aws.amazon.com/iot/home#/wireless/landing) page, and then perform the following steps.
1. Go to the hub page of the resources for which you want to configure logging. Depending on whether you want to monitor wireless devices, gateways, or FUOTA tasks, go to the [Devices hub](https://console.aws.amazon.com/iot/home#/wireless/devices), [Gateways hub](https://console.aws.amazon.com/iot/home#/wireless/gateways), or the [FUOTA tasks](https://console.aws.amazon.com/iot/home#/wireless/fuotaTasks) page.
1. Choose the **Settings** tabs of the resources for which you want to configure logging, and specify whether to configure logging at the account level, or to configure the log-level overrides at the resource level.
1. If you choose the **Manage account log levels** setting, it goes to the [Manage service logs](https://console.aws.amazon.com/iot/home#/settings/logging) page in the AWS IoT console where you can manage logging for your resources at the account level. For information about account-level logging, see [Configure AWS IoT logging](https://docs.aws.amazon.com/iot/latest/developerguide/configure-logging.html) in the *AWS IoT Core developer guide*.
1. If you choose the **Manage log level overrides** setting, you can add the event type for which you want to configure logging, and the log levels for the events. The log levels can be error (less verbose) or informational (more detailed), or you can disable logging. For information about the event types for various wireless resources, see [Events and resource types](cwl-format.md#cwl-format-events-resources).
## Configure log levels of resources (CLI)
This section describes how to configure log levels for AWS IoT Wireless resources by using the API or AWS CLI. To use the AWS CLI, you must create the following IAM policy to perform the logging API operations. You also need the Amazon Resource Name (ARN) of the role that you want to use. If you need to create a role to use for logging, see [Create logging role and policy for AWS IoT Wireless monitoring](create-logging-role-policy.md).
**Topics**
+ [Sample IAM policy for AWS IoT Wireless logging API actions](#logging-api-roles)
+ [How to configure logging using the AWS CLI](#configure-logging-api-how)
### Sample IAM policy for AWS IoT Wireless logging API actions
Before you use the CLI, you must create the IAM policy for the API operations for which you want to run the CLI commands.
You can use the following API actions to configure logging of resources. The table also shows a sample IAM policy that you must create for using the API actions. The following section describes how you can use the APIs to configure log levels of your resources.
**Logging API actions**
| API name | Description | Sample IAM policy |
| --- | --- | --- |
| [GetLogLevelsByResourceTypes](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_GetLogLevelsByResourceTypes.html) | Returns current default log levels, or log levels by resource types, which can include log options for wireless devices, wireless gateways, or FUOTA tasks. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/iot-wireless/latest/developerguide/configure-resource-logging.html) |
| [GetResourceLogLevel](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_GetResourceLogLevel.html) | Returns the log-level override for a given resource identifier and resource type. The resource can be a wireless device, a wireless gateway, or a FUOTA task. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/iot-wireless/latest/developerguide/configure-resource-logging.html) |
| [PutResourceLogLevel](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_PutResourceLogLevel.html) | Sets the log-level override for a given resource identifier and resource type. The resource can be a wireless gateway, a wireless device, or a FUOTA task. This API has a limit of 200 log-level overrides per account. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/iot-wireless/latest/developerguide/configure-resource-logging.html) |
| [ResetAllResourceLogLevels](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_ResetAllResourceLogLevels.html) | Removes the log-level overrides for all resources, which includes wireless gateways, wireless devices, and FUOTA tasks. This API doesn't affect the log levels that are set using the `UpdateLogLevelsByResourceTypes` API. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/iot-wireless/latest/developerguide/configure-resource-logging.html) |
| [ResetResourceLogLevel](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_ResetResourceLogLevel.html) | Removes the log-level override for a given resource identifier and resource type. The resource can be a wireless gateway or a wireless device. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/iot-wireless/latest/developerguide/configure-resource-logging.html) |
| [UpdateLogLevelsByResourceTypes](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_UpdateLogLevelsByResourceTypes.html) | Set default log level, or log levels by resource types. You can use this API for log options for wireless devices, wireless gateways, or FUOTA tasks, and control the log messages that'll be displayed in CloudWatch. Events are optional and the event type is tied to the resource type. For more information, see [Events and resource types](cwl-format.md#cwl-format-events-resources). | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/iot-wireless/latest/developerguide/configure-resource-logging.html) |
You've learned how to create a logging role to log your AWS IoT Wireless resources. By default, logs have a log level of `ERROR`, so if you want to see only error information, go to [View CloudWatch AWS IoT Wireless log entries](cwl-format.md) to monitor your wireless resources by viewing the log entries.
If you want more information in the log entries, you can configure the default log level for your resources or for different event types, such as setting the log level to `INFO`. For information about configuring logging for your resources, see [Configure resource logging for AWS IoT Wireless resources](#configure-resource-logging).
### How to configure logging using the AWS CLI
The API actions can be categorized into the following types depending on whether you want to configure log levels for all resources or for specific resources:
+ API actions `GetLogLevelsByResourceTypes` and `UpdateLogLevelsByResourceTypes` can retrieve and update the log levels for all resources in your account that are of a specific type, such as a wireless gateway, FUOTA task, or a LoRaWAN or Sidewalk device.
+ API actions `GetResourceLogLevel`, `PutResourceLogLevel`, and `ResetResourceLogLevel` can retrieve, update, and reset log levels of individual resources that you specify using a resource identifier.
+ API action `ResetAllResourceLogLevels` resets the log-level override to `null` for all resources for which you specified a log-level override using the `PutResourceLogLevel` API.
**To use the CLI to configure resource-specific logging for AWS IoT**
**Note**
You can also perform this procedure with the API by using the methods in the AWS API that correspond to the CLI commands shown here.
1. By default, all resources have log level set to `ERROR`. To set the default log levels, or log levels by resource types for all resources in your account, use the [https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iotwireless/update-log-levels-by-resource-types.html](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iotwireless/update-log-levels-by-resource-types.html) command. The following example shows how you can create a JSON file, `Input.json`, and provide it as an input to the CLI command. You can use this command to selectively disable logging or override the default log level for specific types of resources and events.
```
{
"DefaultLogLevel": "INFO",
"FuotaTaskLogOptions":
[
{
"Type": "LoRaWAN",
"LogLevel": "INFO",
"Events": [
{
"Event": "Fuota",
"LogLevel": "DISABLED"
},
]
},
],
"WirelessDeviceLogOptions":
[
{
"Type": "Sidewalk",
"LogLevel": "INFO",
"Events":
[
{
"Event": "Registration",
"LogLevel": "DISABLED"
}
]
},
{
"Type": "LoRaWAN",
"LogLevel": "INFO",
"Events":
[
{
"Event": "Join",
"LogLevel": "DISABLED"
},
{
"Event": "Rejoin",
"LogLevel": "ERROR"
}
]
}
],
"WirelessGatewayLogOptions":
[
{
"Type": "LoRaWAN",
"LogLevel": "INFO",
"Events":
[
{
"Event": "CUPS_Request",
"LogLevel": "DISABLED"
},
{
"Event": "Certificate",
"LogLevel": "ERROR"
}
]
}
]
}
```
where:
**FuotaTaskLogOptions**
The list of log options for a FUOTA task. Each log option includes the FUOTA task type (LoRaWAN), and a list of FUOTA task event log options. Each FUOTA task event log option can optionally include the event type and its log level.
**WirelessDeviceLogOptions**
The list of log options for a wireless device. Each log option includes the wireless device type (Sidewalk or LoRaWAN), and a list of wireless device event log options. Each wireless device event log option can optionally include the event type and its log level.
**WirelessGatewayLogOptions**
The list of log options for a wireless gateway. Each log option includes the wireless gateway type (LoRaWAN), and a list of wireless gateway event log options. Each wireless gateway event log option can optionally include the event type and its log level.
**DefaultLogLevel**
The log level to use for all your resources. Valid values are: `ERROR`, `INFO`, and `DISABLED`. The default value is `INFO`.
**LogLevel**
The log level you want to use for individual resource types and events. These log levels override the default log level, such as the log level `INFO` for the LoRaWAN gateway, and log levels `DISABLED` and `ERROR` for the two event types.
Run the following command to provide the `Input.json` file as input to the command. This command doesn't produce any output.
```
aws iotwireless update-log-levels-by-resource-types \
--cli-input-json Input.json
```
If you want to remove the log options for wireless devices and wireless gateways, run the following command.
```
{
"DefaultLogLevel":"DISABLED",
"WirelessDeviceLogOptions": [],
"WireslessGatewayLogOptions":[]
}
```
1. The **update-log-levels-by-resource-types** command doesn't return any output. Use the [https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iotwireless/get-log-levels-by-resource-types.html](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iotwireless/get-log-levels-by-resource-types.html) command to retrieve resource-specific logging information. The command returns the default log level, and the wireless device and wireless gateway log options.
**Note**
The **get-log-levels-by-resource-types** command can't directly retrieve the log levels in the CloudWatch console. You can use the **get-log-levels-by-resource-types** command to get the latest log-level information that you've specified for your resources using the **update-log-levels-by-resource-types** command.
```
aws iotwireless get-log-levels-by-resource-types
```
When you run the following command, it returns the latest logging information you specified with **update-log-levels-by-resource-types**. For example, if you remove the wireless device and FUOTA task log options, then running the **get-log-levels-by-resource-types** will return these values as `null`.
```
{
"DefaultLogLevel": "INFO",
"WirelessDeviceLogOptions": null,
"FuotaTaskLogOptions": null,
"WirelessGatewayLogOptions":
[
{
"Type": "LoRaWAN",
"LogLevel": "INFO",
"Events":
[
{
"Event": "CUPS_Request",
"LogLevel": "DISABLED"
},
{
"Event": "Certificate",
"LogLevel": "ERROR"
}
]
}
]
}
```
1. To control log levels for individual wireless gateways or wireless device resources, use the following CLI commands:
+ [https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iotwireless/put-resource-log-level.html](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iotwireless/put-resource-log-level.html)
+ [https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iotwireless/get-resource-log-level.html](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iotwireless/get-resource-log-level.html)
+ [https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iotwireless/reset-resource-log-level.html](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iotwireless/reset-resource-log-level.html)
For an example for when to use these CLIs, say that you have a large number of wireless devices or gateways in your account that are being logged. If you want to troubleshoot errors for only some of your wireless devices, you can disable logging for all wireless devices by setting the `DefaultLogLevel` to `DISABLED`, and use the **put-resource-log-level** to set the `LogLevel` to `ERROR` for only those devices in your account.
```
aws iotwireless put-resource-log-level \
--resource-identifier
--resource-type WirelessDevice
--log-level ERROR
```
In this example, the command sets the log level to `ERROR` only for the specified wireless device resource and the logs for all other resources are disabled. This command doesn't produce any output. To retrieve this information and verify that the log levels were set, use the **get-resource-log-level** command.
1. In the previous step, after you've debugged the issue and resolved the error, you can run the **reset-resource-log-level** command to reset the log level for that resource to `null`. If you used the `put-resource-log-level` command to set the log-level override for more than one FUOTA task, wireless device, or gateway resource, such as for troubleshooting errors for multiple devices, you can reset the log-level overrides back to `null` for all those resources using the [https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iotwireless/reset-all-resource-log-levels.html](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iotwireless/reset-all-resource-log-levels.html) command.
```
aws iotwireless reset-all-resource-log-levels
```
This command doesn't produce any output. To retrieve the logging information for the resources, run the **get-resource-log-level** command.
## Next Steps
You've learned how to create the logging role and use the AWS IoT Wireless API to configure logging for your AWS IoT Core for LoRaWAN resources. Next, to learn about monitoring your log entries, go to [Monitor AWS IoT Wireless using CloudWatch Logs](cloud-watch-logs.md).