We have the option for Cloudwatch Logs, but there are no log groups being created or log files being pushed. I verified the Queen role/policy has access to Cloudwatch Logs.
This thread was automatically locked due to age.
We have the option for Cloudwatch Logs, but there are no log groups being created or log files being pushed. I verified the Queen role/policy has access to Cloudwatch Logs.
Which version and configuration are you using? I'm assuming Sohos UTM 9 with autoscaling enabled?
I'm using a standalone Sophos UTM 9 and had to jump through a few hoops to push CloudWatch metrics.
I'm not sure how the autoscaling Sophos is setup but you might have the AWS scripts installed somewhere - they might be named like mine.
1. Search for mon-get-instance-stats.pl or mon-put-instance-data.pl.
2. Test a put to memory metrics with the command: ./mon-put-instance-data.pl --mem-util --verify --verbose
3. Confirm that the correct role is being referenced or referenced at all. Roles can only be applied at instance invocation so it could be that you have a role and and policy assigned but it is not actually applied to your instance.
4. You should get a successful verification.
Hopefully this points you in the right direction.
Your CloudWatch logs aren't working probably because Sophos has jacked it up - at least in the version that I tested Firmware version: 9.408-4 and 9.409-9.
I reviewed some of their CloudFormation templates located at https://github.com/sophos-iaas/aws-cf-templates
Looking at the User Data code there is a line that sets up awslogs:
"date +'UserData awslogs agent setup start %c' >> /tmp/user_data.log\n",
"/usr/local/bin/awslogs-agent-setup.py -n -r ", { "Ref": "AWS::Region" }, " -c /etc/cloud/awslogs.conf >> /tmp/user_data.log\n"
The setup command runs fine but it actually doesn't setup awslogs because if you try to query the status of the service, you get:
Same story here:
Just another example of how this product "kind of works" on AWS but was not made for AWS.
Your CloudWatch logs aren't working probably because Sophos has jacked it up - at least in the version that I tested Firmware version: 9.408-4 and 9.409-9.
I reviewed some of their CloudFormation templates located at https://github.com/sophos-iaas/aws-cf-templates
Looking at the User Data code there is a line that sets up awslogs:
"date +'UserData awslogs agent setup start %c' >> /tmp/user_data.log\n",
"/usr/local/bin/awslogs-agent-setup.py -n -r ", { "Ref": "AWS::Region" }, " -c /etc/cloud/awslogs.conf >> /tmp/user_data.log\n"
The setup command runs fine but it actually doesn't setup awslogs because if you try to query the status of the service, you get:
Same story here:
Just another example of how this product "kind of works" on AWS but was not made for AWS.
Hi c53f35a0,
have you seen that with 9.5 the AWS logs agent is installed as an rpm and no longer via the template? We've done so in order to increase stability and to avoid error prone installations when e.g. custom templates were used but the statements were missing.
With your current installations: what is shown when doing ps ax | grep awslogs ?
Best,
Nicolas
Product Owner IaaS