Amazon Web Services CloudWatch Support
A CloudWatch feature is a monitoring capability that
-
collects and aggregates system logs, metrics, and events from Amazon Elastic Compute Cloud (EC2) instances and on-premises controllers,
-
transmits these data points to the AWS CloudWatch server for centralized monitoring, and
-
provides insights into the performance, health, and operation of applications and resources running on AWS infrastructure.
Additional Information
AWS CloudWatch is a service in the Amazon Web Services (AWS) cloud platform. It monitors server system logs, metrics, and events.
Organizations can integrate CloudWatch with Amazon Elastic Compute Cloud (EC2) instances and on-premises servers. This integration enables efficient transmission of logs, events, and metrics to the AWS CloudWatch server.
The CloudWatch service enables detailed insights into applications, resources, and services running on AWS infrastructure. These insights help ensure performance, support troubleshooting, and maintain the overall health of controllers and systems.
The CloudWatch service is disabled by default and must be enabled to function.
When the AWS CloudWatch agent is active on a controller, the agent gathers system logs from the controller and transmits them securely to the AWS CloudWatch server.
Example: Using AWS CloudWatch for Monitoring
The AWS CloudWatch agent can be used to:
-
collect internal system-level metrics from Amazon Elastic Compute Cloud (EC2) instances across multiple operating systems, and
-
collect system-level metrics from on-premises devices or controllers.
Benefits of Amazon web services CloudWatch service
The AWS CloudWatch feature provides unified monitoring, operational efficiency, and actionable insights for cloud environments.
-
A unified monitoring and observability platform : All device logs are consolidated in a single location, facilitating easy event monitoring and seamless action using the cloud services tools.
-
Enhanced operational efficiency and resource optimization : Automate the processes and establish alarms for specific events or logs, thereby improving operational performance and resource management.
-
Gain valuable insights from logs : Analyze and visualize the logs, allowing you to take appropriate actions based on the events and logs.
The AWS CloudWatch feature is supported on the following controllers: Cisco Catalyst 9800-40, 9800-80, 9800-L, and 9800-CL (private [VMware ESXI, KVM, Hyper-V] and public cloud [AWS C9800-CL instances only] platforms).
Configure an AWS CloudWatch Profile (CLI)
Configure an AWS CloudWatch profile using CLI commands. This configuration enables secure streaming of syslog messages and log data to AWS CloudWatch for centralized logging and monitoring.
The AWS CloudWatch agent transmits buffered syslog messages to the AWS CloudWatch service.
The agent scans and retrieves logs from files in a designated directory. You can specify a single file or use a wildcard pattern to include multiple files.
You can specify the storage location in the AWS CloudWatch agent profile. When files are updated, the agent reads their content.
Before you begin
-
Create CloudWatch groups and streams in AWS.
-
Create access credentials in AWS.
-
Ensure that you have the AWS Identity and Access Management (IAM) access key ID and secret key.
-
You can run the optional logging buffered and logging persistent commands to send syslogs to AWS CloudWatch.
-
Ensure that DNS is configured.
To create CloudWatch groups and streams, see the AWS documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html
Procedure
|
Step 1 |
Enter global configuration mode. Example: |
|
Step 2 |
Configure an AWS CloudWatch profile. Example: |
|
Step 3 |
(Optional) Add a description to the AWS CloudWatch profile. Example: |
|
Step 4 |
(Optional) Configure the HTTP or HTTPS server URL or IP address and port. Example: |
|
Step 5 |
(Optional) Configure the management interface as the VRF interface. Example:Use this option to send agent traffic through the management interface. By default, the data port interface is used. Use this command only if the management interface is available. This interface is not available in C9800-CL public cloud instances. |
|
Step 6 |
Configure the AWS CloudWatch access credentials. Example:Use the access key ID and secret key created for the IAM user in the AWS console. |
|
Step 7 |
Specify the AWS region where the CloudWatch server is running. Example: |
|
Step 8 |
Specify the AWS CloudWatch log group name, log stream name, and optionally the log file path. Example:If you do not provide a log file path, the system uses the default syslog path: /bootflash/syslog/ The log group and log stream must match those created in AWS CloudWatch. If specified, the log file path does not need to match the buffered logging persistent storage directory or file name. |
|
Step 9 |
Save and enable the configuration for AWS CloudWatch services. Example: |
|
Step 10 |
Return to global configuration mode. Example: |
The AWS CloudWatch profile is configured and enabled. The device can now transmit syslog messages and log data to the specified AWS CloudWatch log group and stream for monitoring and integration with AWS services.
Verify AWS CloudWatch configuration
To view summary of AWS CloudWatch profiles, run this command:
Device# show cloud-services aws cloudwatch summary
Profile Name Profile Status Service Status
-----------------------------------------------------------------
demo3 Started Active
demo4 Started Active
To view details of a specific AWS CloudWatch profile, run this command:
Device# show cloud-services aws cloudwatch profile demo3
Profile Details
Profile Name : demo3
VRF : Global
Region : ap-northeast-1
CloudWatch Service Details
Service Status : Active
Service PID : 31785
Service Log Level : Notice
Log Details
Log Group Name Log Stream Name Log File
-------------------------------------------------------------------------------------------------------------
test katar2
Feedback