Alert Rules
更新时间:2023-02-07 18:27:47
Entrance
[Product] → [Application Services] → [Cloud Monitor] → [Alert Rules]
Cloud Monitor Practices
There are two typical practices for using Cloud Monitor:
- Real-time data monitoring to realize sudden increase or decrease of bandwidth or attack. It is mostly used for operational monitor.
- Periodic data monitors aggregated traffic/bandwidth of a period. It is mostly used for billing monitor.
Create New Alert Rules
1. Create operational alert rules
You can create operational alerts for Bandwidth, Request, Back-to-Origin Bandwidth, CC Attack QPS, WAF Attack Requests, WAF Attack Requests Rate, Bot Attack Requests, Bot Attack Requests Rate.
Below is an example of a real-time monitor on Bandwidth. In this example, we monitor consolidated traffic of all domains under Dynamic Web Acceleration service. If the bandwidth of target domains is more than 100Mbps, the system will send notification alert email to contact group 123 and contact person *laine.
![[New Feature] WAF Rule Template](https://www.wangsu.com/wos/draft/help_doc/en_us/16023/25910/1675738767618_image.png)
2. Create billing alert rules
You can create billing alert rules on Total traffic, 95% bandwidth, Daily Ave.Traffic.
Below is an example of a periodic monitor on 95% bandwidth. In this example, we monitor 95% bandwidth of all domains under Dynamic Web Acceleration service. If the 95% bandwidth value of target domains is between 100-200Mbps in successive 2 hours, the system sends notification alert email to contact group 123 every 5 mins until the alert cancelled.
![[New Feature] WAF Rule Template](https://www.wangsu.com/wos/draft/help_doc/en_us/16023/25910/1675750955876_image.png)
3. Explanation on parameters
| Configuration Item | Description |
|---|---|
| Rule Name | Enter the unique name of the Alert Rule. This will also be the subject of alert notification. |
| Data Type | It selects if to monitor real-time data for operational need or periodic data for billing monitor. Real-Time data: calculate real-time data to realize sudden change of attacks and traffic. Periodic data: calculate consolidated data within a period, often been used for billing monitor. |
| Dimensions | It configures the target domain (domain groups) to be monitored. User Dimension: monitor all domains under the user. Control Group: monitor domains under the select control group. Product Dimension: monitor domains under same product of same user, regardless of contract. |
| Statistics Type | Defines if the rule is applied based on aggregated data of all domains or by each domain. Consolidated: the rule is applied to monitor aggregated data of all selected domains. Separate: the rule is applied to monitor data of each domain. For example, if 2 domains are under monitoring and you set a trigger rule of bandwidth>100Mbps, then only when each domain bandwidth cross 100Mbps will the alert been sent. Statistics Type is not editable if Data Type=Periodic Data |
| Trigger Rule | Period: configures rule effect time during one day. If time not involved in the period, monitor task will not be conducted. For example, if period set to 00:00 to 22:00, and the overuse happens at 23:00, the alert will not be sent. Only available for real-time monitor. Continue for X periods, 1 period=1hour/minute: means when the monitored data reaches threshold successively for X period, will the alert be triggered. For example, if X=3, 1 period=1 hour, it means system calculates data every hour, if the data reaches threshold 3 times successively , the alert will be sent. Rule configuration is a bit different for Real-Time data or Periodic data |
| Alarm Frequency | It defines how the alert will be sent. For example, if Repeat alert every 5 min is selected, that means the alert notification will be sent every 5 mins until the alert been eliminated |
| Notification Method | Currently, Cloud Monitor only support to send alert via email address. Users need to maintain contact or contact group before creating alert rules. Contacts can be managed under IAM->Contact Management menu |
![[New Feature] WAF Rule Template](https://www.wangsu.com/wos/draft/help_doc/en_us/16023/25910/1675755895433_image.png)
Manage Alert Rules
Once alert rules have been created successfully, you can do Edit, Delete and Disable/Enable operation and view alert logs specifically.
- Press Edit to change the alert rules.
- Press Disable to deactivate the alert task if you don’t need and press Enable to activate it when needed.
- Press Delete to remove the alert task.
- Press Alert Logs behind each alert rules, you will see the alert logs of this rule specifically.
![[New Feature] WAF Rule Template](https://www.wangsu.com/wos/draft/help_doc/en_us/16023/25910/1675757775437_image.png)