# Monitor Direct Connect resources
Monitoring is an important part of maintaining the reliability, availability, and performance of your Direct Connect resources. You should collect monitoring data from all of the parts of your AWS solution so that you can more easily debug a multi-point failure if one occurs. Before you start monitoring Direct Connect; however, you should create a monitoring plan that includes answers to the following questions:
+ What are your monitoring goals?
+ What resources should be monitored?
+ How often should you monitor these resources?
+ What monitoring tools can you use?
+ Who performs the monitoring tasks?
+ Who should be notified when something goes wrong?
The next step is to establish a baseline for normal Direct Connect performance in your environment, by measuring performance at various times and under different load conditions. As you monitor Direct Connect, store historical monitoring data. That way, you can compare it with current performance data, identify normal performance patterns and performance anomalies, and devise methods to address issues.
To establish a baseline, you should monitor the usage, state, and health of your physical Direct Connect connections.
**Topics**
+ [Monitoring tools](#monitoring-automated-manual)
+ [Monitor with Amazon CloudWatch](monitoring-cloudwatch.md)
## Monitoring tools
AWS provides various tools that you can use to monitor an Direct Connect connection. You can configure some of these tools to do the monitoring for you, while some of the tools require manual intervention. We recommend that you automate monitoring tasks as much as possible.
### Automated monitoring tools
You can use the following automated monitoring tools to watch Direct Connect and report when something is wrong:
+ **Amazon CloudWatch Alarms** – Watch a single metric over a time period that you specify. Perform one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The action is a notification sent to an Amazon SNS topic. CloudWatch alarms do not invoke actions simply because they are in a particular state; the state must have changed and been maintained for a specified number of periods. For information about available metrics and dimensions, see [Monitor with Amazon CloudWatch](monitoring-cloudwatch.md).
+ **AWS CloudTrail Log Monitoring** – Share log files between accounts and monitor CloudTrail log files in real time by sending them to CloudWatch Logs. You can also write log processing applications in Java and validate that your log files have not changed after delivery by CloudTrail. For more information, see [Log API calls](logging_dc_api_calls.md) and [Working with CloudTrail Log Files](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-working-with-log-files.html) in the *AWS CloudTrail User Guide*.
### Manual monitoring tools
Another important part of monitoring an Direct Connect connection involves manually monitoring those items that the CloudWatch alarms don't cover. The Direct Connect and CloudWatch console dashboards provide an at-a-glance view of the state of your AWS environment.
+ The Direct Connect console shows:
+ Connection status (see the **State** column)
+ Virtual interface status (see the **State** column)
+ The CloudWatch home page shows:
+ Current alarms and status
+ Graphs of alarms and resources
+ Service health status
In addition, you can use CloudWatch to do the following:
+ Create [customized dashboards](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CloudWatch_Dashboards.html) to monitor the services you care about.
+ Graph metric data to troubleshoot issues and discover trends.
+ Search and browse all your AWS resource metrics.
+ Create and edit alarms to be notified of problems.
# Monitor with Amazon CloudWatch
You can monitor physical Direct Connect connections, and virtual interfaces, using CloudWatch. CloudWatch collects raw data from Direct Connect, and processes it into readable metrics. By default, CloudWatch provides Direct Connect metric data in 5-minute intervals. The metric data in every interval is an aggregation of at least two samples collected during that interval.
For detailed information about CloudWatch, see the [Amazon CloudWatch User Guide](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/). You can also monitor your services CloudWatch to see what ones are using resources. For more information, see [AWS services that publish CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html).
**Topics**
+ [Direct Connect metrics and dimensions](#metrics-dimensions)
+ [View Direct Connect CloudWatch metrics](viewing-metrics.md)
+ [Create alarms to monitor connections](creating-alarms.md)
## Direct Connect metrics and dimensions
Metrics are available for Direct Connect physical connections, and virtual interfaces.
### Direct Connect Connection metrics
The following metrics are available from Direct Connect dedicated connections.
| Metric | Description |
| --- | --- |
| `ConnectionState` | The state of the connection.1 indicates **up** and 0 indicates **down**. This metric is available for dedicated and hosted connections. This metric is also available in hosted virtual interface owner accounts in addition to connection owner accounts. Units: There are no units returned for this metric. |
| `ConnectionBpsEgress` | The bitrate for outbound data from the AWS side of the connection. The number reported is the aggregate (average) over the specified time period (5 minutes by default, 1 minute minimum). You can change the default aggregate. This metric might be unavailable for a new connection, or when a device reboots. The metric starts when the connection is used to send or receive traffic. Units: Bits per second |
| `ConnectionBpsIngress` | The bitrate for inbound data to the AWS side of the connection. This metric might be unavailable for a new connection, or when a device reboots. The metric starts when the connection is used to send or receive traffic. Units: Bits per second |
| `ConnectionPpsEgress` | ` The packet rate for outbound data from the AWS side of the connection. The number reported is the aggregate (average) over the specified time period (5 minutes by default, 1 minute minimum). You can change the default aggregate. This metric might be unavailable for a new connection, or when a device reboots. The metric starts when the connection is used to send or receive traffic. Units: Packets per second |
| `ConnectionPpsIngress` | The packet rate for inbound data to the AWS side of the connection. The number reported is the aggregate (average) over the specified time period (5 minutes by default, 1 minute minimum). You can change the default aggregate. This metric might be unavailable for a new connection, or when a device reboots. The metric starts when the connection is used to send or receive traffic. Units: Packets per second |
| `ConnectionCRCErrorCount` | This count is no longer in use. Use `ConnectionErrorCount` instead. |
| `ConnectionErrorCount` | The total error count for all types of MAC level errors recorded by the AWS device. The total includes cyclic redundancy check (CRC) errors. The root cause of these errors can be on either the customer side or the AWS side. This metric is the error count that occurred since the last reported datapoint. When there are errors on the interface, the metric reports non-zero values. To get the total count of all errors for the selected interval in CloudWatch, for example, 5 minutes, apply the "sum" statistic. The metric value is set to 0 when the errors on the interface stop. This metric replaces `ConnectionCRCErrorCount`, which is no longer in use. Units: Count |
| ConnectionLightLevelTx | Indicates the health of the fiber connection for outbound (egress) traffic from the AWS side of the connection. There are two dimensions for this metric. For more information, see [Direct Connect available dimensions](#metrics-available-dimensions). Units: dBm |
| `ConnectionLightLevelRx` | Indicates the health of the fiber connection for inbound (ingress) traffic to the AWS side of the connection. There are two dimensions for this metric. For more information, see [Direct Connect available dimensions](#metrics-available-dimensions). Units: dBm |
| ConnectionEncryptionState | Indicates the connection encryption status. 1 indicates the connection encryption is `up`, and 0 indicates the connection encryption is `down`. When this metric is applied to a LAG, 1 indicates that all connections in the LAG have encryption `up`. 0 indicates at least one LAG connection encryption is `down`. |
| ConnectionDiscardsPpsEgress | The packet discard rate for outbound data from the AWS side of the connection. This metric tracks packets that are dropped due to buffer overflows, interface congestion, or other network conditions. The number reported is the aggregate (average) over the specified time period (5 minutes by default, 1 minute minimum). You can change the default aggregate. Units: Packets per second |
### Direct Connect virtual interface metrics
The following metrics are available from Direct Connect virtual interfaces.
| Metric | Description |
| --- | --- |
| `VirtualInterfaceBpsEgress` | The bitrate for outbound data from the AWS side of the virtual interface. The number reported is the aggregate (average) over the specified time period (5 minutes by default). Units: Bits per second |
| `VirtualInterfaceBpsIngress` | The bitrate for inbound data to the AWS side of the virtual interface. The number reported is the aggregate (average) over the specified time period (5 minutes by default). Units: Bits per second |
| `VirtualInterfacePpsEgress` | The packet rate for outbound data from the AWS side of the virtual interface. The number reported is the aggregate (average) over the specified time period (5 minutes by default). Units: Packets per second |
| `VirtualInterfacePpsIngress` | The packet rate for inbound data to the AWS side of the virtual interface. The number reported is the aggregate (average) over the specified time period (5 minutes by default). Units: Packets per second |
| `VirtualInterfaceBgpStatus` | The state of the BGP peering session for the virtual interface. 1 indicates **up** and 0 indicates **down**. Units: There are no units returned for this metric. |
| `VirtualInterfaceBgpPrefixesAccepted` | The number of BGP prefixes accepted from the BGP peer on the virtual interface. The number reported is the aggregate (average) over the specified time period (5 minutes by default). Units: Count |
| `VirtualInterfaceBgpPrefixesAdvertised` | The number of BGP prefixes advertised to the BGP peer on the virtual interface. The number reported is the aggregate (average) over the specified time period (5 minutes by default). Units: Count |
### Direct Connect available dimensions
You can filter the Direct Connect data using the following dimensions.
| Dimension | Description |
| --- | --- |
| `ConnectionId` | This dimension is available on the metrics for Direct Connect connection, and virtual interface. This dimension filters the data by the connection. |
| OpticalLaneNumber | This dimension filters the ConnectionLightLevelTx data and the ConnectionLightLevelRx data, and filters the data by the optical lane number of the Direct Connect connection. |
| VirtualInterfaceId | This dimension is available on the metrics for Direct Connect virtual interface, and filters the data by the virtual interface. |
**Topics**
+ [Direct Connect metrics and dimensions](#metrics-dimensions)
+ [View Direct Connect CloudWatch metrics](viewing-metrics.md)
+ [Create alarms to monitor connections](creating-alarms.md)
# View Direct Connect CloudWatch metrics
Direct Connect sends the following metrics about your Direct Connect connections. Amazon CloudWatch then aggregates these data points to 1-minute or 5-minute intervals. By default, Direct Connect metric data is written to CloudWatch at 5-minute intervals.
**Note**
When monitoring Direct Connect through CloudWatch, you can request metrics at 1-minute intervals. However, the actual update frequency is controlled by CloudWatch. Because CloudWatch controls the interval, Direct Connect can't always guarantee intervals shorter than five minutes.
You can use the following procedures to view the metrics for Direct Connect connections.
**To view metrics using the CloudWatch console**
Metrics are grouped first by the service namespace, and then by the various dimension combinations within each namespace. For more information about using Amazon CloudWatch to view Direct Connect metrics, including adding math functions or prebuilt queries, see [Using Amazon CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/working-with-metrics.html) in the *Amazon CloudWatch User Guide*.
1. Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/).
1. In the navigation pane, choose **Metrics**, and then choose **All metrics**.
1. In the **Metrics** section, choose **DX**.
1. Choose a **ConnectionId** or **Metric name**, and then choose any of the following to further define the metric:
+ **Add to search** — Adds this metric to your search results.
+ **Search for this only** — Searches only for this metric.
+ **Remove from graph** — Removes this metric from the graph.
+ **Graph this metric only** — Graphs only this metric.
+ **Graph all search results** — Graphs all metrics.
+ **Graph with SQL query** — Opens **Metric Insights -query builder**, allowing you to choose what you want to graph by creating an SQL query. For more information on using Metric Insights, see [Query your metrics with CloudWatch Metrics Insights](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/query_with_cloudwatch-metrics-insights.html) in the *Amazon CloudWatch User Guide*.
**To view metrics using the Direct Connect console**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the navigation pane, choose **Connections**.
1. Select your connection.
1. Choose the **Monitoring** tab to display the metrics for your connection.
**To view metrics using the AWS CLI**
At a command prompt, use the following command.
```
aws cloudwatch list-metrics --namespace "AWS/DX"
```
# Create Amazon CloudWatch alarms to monitor Direct Connect connections
You can create a CloudWatch alarm that sends an Amazon SNS message when the alarm changes state. An alarm watches a single metric over a time period that you specify. It sends a notification to an Amazon SNS topic based on the value of the metric relative to a given threshold over a number of time periods.
For example, you can create an alarm that monitors the state of an Direct Connect connection. It sends a notification when the connection state is **down** for five consecutive 1-minute periods. For details on what to know for creating an alarm and for more information on creating an alarm, see [Using Amazon CloudWatch Alarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html) in the *Amazon CloudWatch User Guide*.
**To create a CloudWatch alarm.**
1. Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/).
1. In the navigation pane, choose **Alarms**, and then choose **All alarms**.
1. Choose **Create Alarm**.
1. Choose **Select metric**, and then choose **DX** .
1. Choose the **Connection Metrics** metric.
1. Select the Direct Connect connection, and then choose the **Select metric** metric.
1. On the** Specify metric and conditions** page, configure the parameters for the alarm. For more specifying metrics and conditions, see [Using Amazon CloudWatch Alarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html) in the *Amazon CloudWatch User Guide*.
1. Choose **Next**.
1. Configure the alarm actions on the **Configure actions** page. For more information on configuring alarm actions, see [Alarm actions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarms-and-actions) in the *Amazon CloudWatch User Guide*.
1. Choose **Next**.
1. On the **Add name and description** page, enter a **Name** and an optional **Alarm description** to describe this alarm, and then choose **Next**.
1. Verify the proposed alarm on the **Preview and create** page.
1. If needed choose **Edit** to change any information, and then choose **Create alarm**.
The **Alarms** page displays a new row with information about the new alarm. The **Actions** status displays **Actions enabled**, indicating that the alarm is active.