All Products
Search

This Product

    ActionTrail:Manage an alert rule

    Document Center

    ActionTrail:Manage an alert rule

    Last Updated:Aug 14, 2024

    ActionTrail supports comprehensive alert management. You can configure and manage built-in alert rules or custom alert rules based on your business requirements to ensure real-time monitoring of anomalous events in the cloud. This topic describes how to enable, disable, and delete an alert rule. If you use a custom alert rule, you can also update and copy the alert rule.

    Background information

    On the Alert Rules tab of the Alert Center page in the ActionTrail console, you can query alert rules. You can also click the name of an alert rule to view the details of the alert rule.

    ActionTrail allows you to create custom alert rules. For more information, see Create a custom alert rule.

    Enable an alert rule

    1. Log on to the ActionTrail console.

    2. In the left-side navigation pane, click Alerts.

    3. On the Alert Rules tab of the Alert Center page, find the alert rule that you want to manage and click Enable in the Actions column.

      After the alert rule is enabled, the value in the Status column changes to Enabled.

    Disable an alert rule

    After you disable an alert rule, ActionTrail does not send alert notifications to the specified users or user groups if an event meets the condition of the alert rule. For example, if you disable the VPC Network Route Change Alert rule, no alert notifications are sent when the configuration of a virtual private cloud (VPC) route changes.

    After you disable an alert rule, the alerts that are generated based on the alert rule before the alert rule is disabled are not affected. Only alert notifications are not sent.

    1. On the Alert Rules tab of the Alert Center page, find the alert rule that you want to manage and click Disable in the Actions column.

    2. In the Tip message, click OK.

      If Disabled is displayed in the Status column, the alert rule is disabled.

    Pause and resume an alert rule

    When you pause an alert rule, you can specify a pause period. During the pause period, ActionTrail does not send alert notifications to the specified users or user groups if an event meets the condition of the alert rule. For example, you pause the VPC Network Route Change Alert rule, and set the pause period to 5 minutes. If the configuration of a VPC route changes within 5 minutes, no alert is triggered. If the configuration of a VPC route changes 5 minutes later, an alert is triggered.

    You can resume an alert rule during the pause period. In this case, ActionTrail continues to detect events based on the alert rule.

    1. On the Alert Rules tab of the Alert Center page, find the alert rule that you want to manage, click the image icon in the Actions column, and then click Pause.

    2. In the Are you sure that you want to pause the rule? dialog box, configure the Paused for parameter.

      You can select a pause period in the console or specify a custom pause period.

    3. Click OK.

      If an alert rule is paused, Paused is displayed in the Status column. Move the pointer over Paused to view the time when the alert rule is resumed. For example, if Paused Until 2024-06-20 18:34:03 is displayed, the alert rule is paused.

      Note

      To resume an alert rule that is paused, click the image icon in the Actions column and then click Resume. In the Tip message, click OK to resume the alert rule.

    Query details of an alert rule

    You can query details of an alert rule. The details include the point in time when the alert rule was created, check frequency, whether the alert rule is enabled, whether alert notifications are enabled for the alert rule, and the alert history of the alert rule.

    1. On the Alert Rules tab of the Alert Center page, find the alert rule that you want to manage and click View in the Actions column.

    2. On the Alert Overview page, view the basic information and statistical report of the alert rule.

    Follow and unfollow an alert rule

    You can follow an alert rule. This allows you to view the alert rule on the page of the current project or the homepage of the Simple Log Service console.

    1. On the Alert Rules tab of the Alert Center page, find the alert rule that you want to manage, click the image icon in the Actions column, and then click Follow.

    2. In the Add to Watchlist dialog box, select a watchlist.

      • Add to Watchlist of Current Project: You can view the alert rule on the page of the current project in the Simple Log Service console. To view the alert rule, go to the page of the current project in the Simple Log Service console and choose 日志存储 > Watchlist.

      • Add to Global Watchlist: You can view the alert rule in the Watchlist section on the homepage of the Simple Log Service console.

    3. Click OK.

      Note

      To unfollow an alert rule, click the image icon in the Actions column and click Unfollow.

    Delete an alert rule

    If you want to delete all alerts that are generated based on an alert rule, you can delete the alert rule. Then, ActionTrail does not detect events based on the alert rule.

    1. On the Alert Rules tab of the Alert Center page, find the alert rule that you want to manage, click the image icon in the Actions column, and then click Delete.

    2. In the Tip message, click OK.

    Suspend or resume the alert notification feature for an alert

    If an alert rule is in the Enabled state, you can disable alert notifications and specify the period for disabling alert notifications. During this period, ActionTrail still detects events based on the alert rule but does not send alert notifications to the specified users or user groups if an event meets the condition of the alert rule.

    1. On the Alert Rules tab of the Alert Center page, find the alert rule that you want to manage and click View in the Actions column.

    2. On the Alert Overview page, click Modify next to Monitoring Status.

    3. In the Disable Alert Notifications panel, set Disabled Duration and click OK.

      Note

      During the specified period, the time when alert notifications are to be enabled for the alert rule is displayed in the Monitoring Status field. If you want to enable alert notifications before the scheduled time, click Modify next to Monitoring Status. In the message that appears, click OK.

    Update a custom alert rule

    You can update the information about a custom alert rule based on your business requirements. For example, you can update the query statistics and action policy of a custom alert rule.

    1. On the Alert Rules tab of the Alert Center page, find the alert rule that you want to manage and click Edit in the Actions column.

    2. In the Edit Alert panel, configure the Rule Name, Check Frequency, Query Statistics, Group Evaluation, Trigger Condition, Add Label, Add Annotation, Recovery Notifications, and Destination parameters, and the parameters in the Advanced Settings section.

      For more information, see Create an alert monitoring rule for logs.

    3. Click OK.

    Copy a custom alert rule

    You can copy a custom alert rule and apply the rule to other projects.

    1. On the Alert Rules tab of the Alert Center page, find the alert rule that you want to manage, click the image icon in the Actions column, and then click Copy.

    2. In the Target Project dialog box, select the projects to which you want to apply the custom alert rule.

    3. In the More section, configure the Destination Alert Name, Destination Alert Status, and Destination Alert ID parameters.

    4. Click OK.

    5. In the Copy Result dialog box, view the result of the copy operation and close the dialog box.