Amazon Web Services CloudWatch

Information About Amazon Web Services CloudWatch Support

The Amazon Web Services (AWS) cloud platform offers a service named CloudWatch, which facilitates the monitoring and observability of server system logs, metrics, and events. By integrating CloudWatch on AWS Elastic Compute Cloud (EC2) instances and on on-premise servers, you can efficiently transmit their logs, events, and metrics to the AWS CloudWatch server. The AWS CloudWatch service allows you to gain insights into applications, resources, and services running on the AWS infrastructure. It helps to ensure performance, troubleshoot issues, and effectively maintain the overall health of the controllers.

When the AWS CloudWatch agent is active on the controller, it gathers the system logs from the controller and transmits them to the AWS CloudWatch server. The AWS CloudWatch service is disabled by default.

The AWS CloudWatch agent helps you to do the following:

  • Collect internal system-level metrics from AWS EC2 instances across operating systems.

  • Collect system-level metrics from on-premise devices.

Benefits of Using Amazon Web Services CloudWatch Service

  • A unified monitoring and observability platform: All device logs are consolidated in a single location, facilitating easy event monitoring and seamless action using the cloud services tools.

  • Enhanced operational efficiency and resource optimization: Automate the processes and establish alarms for specific events or logs, thereby improving operational performance and resource management.

  • Gain valuable insights from logs: Analyze and visualize the logs, allowing you to take appropriate actions based on the events and logs.

The AWS CloudWatch feature is supported on the following controllers: Cisco Catalyst 9800-40, 9800-80, 9800-L, and 9800-CL (private [VMware ESXI, KVM, Hyper-V] and public cloud [AWS C9800-CL instances only] platforms).

Configuring Amazon Web Services CloudWatch Profile

The AWS CloudWatch agent transmits buffered syslog messages to the AWS CloudWatch service. The agent scans and retrieves logs recorded in files within a designated directory, which can be a single file or a wildcard pattern to encompass multiple files. You can specify the storage location of the files in the AWS CloudWatch agent profile. As and when files are updated, the AWS CloudWatch agent dynamically reads their content.

Before you begin

  • Create CloudWatch group and streams in AWS.

  • Create access credentials in AWS.

  • Set a Private Configuration Key for Password Encryption

  • Ensure that you have the AWS Identity and Access Management (IAM) access key ID and the secret key.

  • You can run the optional logging buffered and logging persistent commands to log syslogs to AWS CloudWatch.

  • Ensure that DNS is configured.

For information about how to create CloudWatch group and streams, see the AWS documentation at: https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

cloud-services aws cloudwatch profile profile-name

Example:

Device(config)# cloud-services aws cloudwatch profile test-profile

Configures an AWS CloudWatch profile.

Step 3

description profile-description

Example:

Device(config-cloudwatch-profile)# description test-controller

(Optional) Adds a description to the AWS CloudWatch profile.

Step 4

proxy https-server url-ip port port-num

Example:

Device(config-cloudwatch-profile)# proxy https-server 192.0.2.1 port 12

(Optional) Configures HTTP or HTTPS server URL or IP address, along with the port details.

Step 5

vrf mgmt-intf

Example:

Device(config-cloudwatch-profile)# vrf mgmt-Intf

(Optional) Configures the management interface as the VRF interface.

Use this option if the agent traffic has to be sent through management interface. By default, data port interface is used.

Do not use this command where the management interface is not available, for example, in C9800-CL public cloud instances.

Step 6

access-key key-id iam-id secret-key {0| 8}secret-key

Example:

Device(config-cloudwatch-profile)# access-key key-id iam-key-id secret-key 0 ******

Configures the AWS CloudWatch access credentials.

Use the same access key ID and the secret key created for the IAM user on the AWS console.

Step 7

region region

Example:

Device(config-cloudwatch-profile)# region us-west-1

Specifies the AWS region where CloudWatch server is running on the cloud provider.

Step 8

log group-name group-name stream-name stream-name [file-path file-path ]

Example:

Device(config-cloudwatch-profile)# log group-name 
techgroup stream-name techstream file-path /home/test/statusReport 

Specifies the AWS CloudWatch log group name, log stream name, and an optional log file path. If log file path is not provided, the default syslog path (/bootflash/syslog/*) is used.

The log group and log stream used here must be the same as those created on the AWS CloudWatch server.

The log file path, if specified, need not be the same as the buffered logging persistent storage path directory or file name.

Step 9

no shutdown

Example:

Device(config-cloudwatch-profile)# no shutdown

Saves the configuration and enables it for AWS CloudWatch services.

Step 10

exit

Example:

Device(config-cloudwatch-profile)# exit

Returns to global configuration mode.

Verifying AWS CloudWatch Configuration

To view summary of AWS CloudWatch profiles, run the following command:

Device# show cloud-services aws cloudwatch summary

Profile Name                      Profile Status  Service Status   
-----------------------------------------------------------------
demo3                             Started         Active           

demo4                             Started         Active  

To view details of a specific AWS CloudWatch profile, run the following command:

Device# show cloud-services aws cloudwatch profile demo3

Profile Details

Profile Name          : demo3
VRF                   : Global
Region                : ap-northeast-1

CloudWatch Service Details

Service Status        : Active
Service PID           : 31785
Service Log Level     : Notice

Log Details

Log Group Name                            Log Stream Name                           Log File                   
-------------------------------------------------------------------------------------------------------------
test                                      katar2