Logging Scenario - Sending Local Logs to CloudWatch

Scenario: you want to save gateway/relay logs to Amazon CloudWatch. This guide presents a simple method to send all gateway/relay logs to a CloudWatch log group.

Note: As with all gateway/relay logs, the logs stored on the gateway/relay will not include web UI activities, which can be accessed via the sdm audit activities command.

Setting up the export

  1. Enable relay logging in the web UI under Settings / Log Encryption & Storage. Ensure logging is set to FILE.

  2. Generate an AWS access key and AWS secret access key from the AWS GUI. Ensure the key has the AWSAppSyncPushToCloudWatchLogs permission.

  3. Install the Amazon CloudWatch logs agent on the gateway/relay following these directions. If you already have this agent running, skip to the next step for the lines to add to your /var/awslogs/etc/awslogs.conf file.

    1. For the path, enter /home/<user>/.sdm/sdm.log*

    2. For the destination log group name, call it SDM-logs or similar. If you have multiple gateways, ensure they all use the same log group name.

    3. Under the timestamp format, use the following custom string: %Y-%m-%dT%H:%M:%SZ

    4. For initial upload position, choose From start of file.

  4. In /var/awslogs/etc/awslogs.conf, verify that you have a section that looks like this:

     [/home/ubuntu/.sdm/sdm.log*]
     datetime_format = %Y-%m-%dT%H:%M:%SZ
     file = /home/ubuntu/.sdm/sdm.log*
     buffer_duration = 5000
     log_stream_name = {instance_id}
     initial_position = start_of_file
     log_group_name = SDM-gateway
    
  5. Check /var/log/awslogs.log to ensure there are no errors.

  6. Go to the CloudWatch console and verify that there is a log group by the name you specified above.

  7. Look at logs to ensure timestamps are correct and logs are being delivered correctly.

If you have questions about this process or run into trouble, please contact strongDM support.