# Send Local Logs to CloudWatch **Scenario:** You want to save gateway/relay logs to Amazon CloudWatch. This guide presents a simple method to send all gateway/relay logs to a CloudWatch log group. {% hint style="info" %} As with all gateway/relay logs, the logs stored on the gateway/relay will not include Admin UI activities, which can be accessed via the `sdm audit activities` command. {% endhint %} ### Set up the Export 1. Enable relay logging in the Admin UI under **Settings** > **Security** within the **Log Encryption & Storage** tab. Ensure logging is set to **FILE**. 2. Generate an **AWS access key** and **AWS secret access key** from the AWS GUI. Ensure the key has the **AWSAppSyncPushToCloudWatchLogs** permission. 3. Install the Amazon CloudWatch logs agent on the gateway/relay following the [Amazon Cloudwatch logs documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html) directions. If you already have this agent running, skip to the next step for the lines to add to your `/var/awslogs/etc/awslogs.conf` file. 4. For the path, enter `/home//.sdm/sdm.log*` 5. For the destination log group name, call it `SDM-logs` or similar. If you have multiple gateways, ensure they all use the same log group name. 6. Under the timestamp format, use the following custom string: `%Y-%m-%dT%H:%M:%SZ` 7. For initial upload position, choose **From start of file**. 8. In `/var/awslogs/etc/awslogs.conf`, verify that you have a section that looks like this: ```shell [/home/ubuntu/.sdm/sdm.log*] datetime_format = %Y-%m-%dT%H:%M:%SZ file = /home/ubuntu/.sdm/sdm.log* buffer_duration = 5000 log_stream_name = {instance_id} initial_position = start_of_file log_group_name = SDM-gateway ``` 9. Check `/var/log/awslogs.log` to ensure there are no errors. 10. Go to the CloudWatch console and verify that there is a log group by the name you specified above. 11. Look at logs to ensure timestamps are correct and logs are being delivered correctly.