All Products
Search

This Product

    Anti-DDoS:Use the alert monitoring feature of CloudMonitor

    Document Center

    Anti-DDoS:Use the alert monitoring feature of CloudMonitor

    Last Updated:Apr 16, 2024

    Anti-DDoS Origin can be used together with CloudMonitor. You can configure alert notifications for traffic of assets, blackhole filtering events, and scrubbing events. This way, you can handle exceptions and recover your workloads at the earliest opportunity. This topic describes how to configure the alert monitoring feature of CloudMonitor.

    Supported alert types

    • Traffic Alerts by IP Address: The system sends alerts on the inbound and outbound traffic by IP address. Units: bit/s and packet per second (pps).

    • Alerts on Blackhole Filtering Events: The system sends alerts on the blackhole filtering events of Anti-DDoS Origin, including the start time and end time of the events.

    • Alerts on Scrubbing Events: The system sends alerts on the scrubbing events of Anti-DDoS Origin, including the start time and end time of the events.

    Configure alert notifications

    1. Log on to the Traffic Security console.

    2. In the left-side navigation pane, choose Network Security > Anti-DDoS Origin > CloudMonitor Alerts.

    3. On the CloudMonitor Alerts page, click CloudMonitor Notification in the Interaction Configuration column to go to the CloudMonitor console.

    4. Configure alert contacts and an alert contact group in the CloudMonitor console.

      Note

      CloudMonitor sends alert notifications only to an alert contact group. If you already created an alert contact group, skip this step.

      1. In the left-side navigation pane, choose Alerts > Alert Contacts.

      2. On the Alert Contacts tab, click Create Alert Contact. In the Set Alert Contact panel, enter the contact information, drag the slider to complete verification, and then click OK.

      3. On the Alert Contact Group tab, click Create Alert Contact Group. In the Create Alert Contact Group panel, configure the parameters, select alert contacts, and then click Confirm.

    5. Create alert notifications.

      • Traffic Alerts by IP Address

        1. On the Alerts > Alert Rules page, click Create Alert Rule.

        2. In the Create Alert Rule panel, configure the following parameters.

          • Product: Select ddosbgp.

          • Rule Description

            Parameter

            Description

            Metric Type

            Single Metric: Select a metric and specify the threshold and alert level for the metric.

            Multiple Metrics: Select an alert level and specify alert conditions for two or more metrics.

            Dynamic Threshold: For more information about dynamic thresholds, see Overview and Create dynamic threshold-triggered alert rules.

            Note

            The dynamic threshold feature is in invitational preview. To use the feature, submit a ticket.

            Metric

            In most cases, we recommend that you set the threshold of alert notifications to 1.5 times the normal bandwidth of your service. For example, if the inbound normal bandwidth of your service is 200 Mbit/s, you can configure the threshold to send alert notifications when the bandwidth exceeds 300 Mbit/s for three consecutive cycles.

            You can configure alert notifications for the following metrics:

            • PacketRateIn

            • PacketRateOut

            • TrafficRateIn

            • TrafficRateOut

            After you receive an alert notification, you can go to the Mitigation Logs page to check whether attacks occurred on your service based on data analysis details. Then, you can configure related mitigation policies on the Mitigation Settings page.

          For more information about the parameters, see Create an alert rule.

      • Alerts on Blackhole Filtering Events and Alerts on Blackhole Filtering Events

        1. On the Event Center > System Event page, click Save as Alert Rule. image

        2. In the Create/Modify Event-triggered Alert Rule panel, configure an alert rule.

          • Product Type: Select ddosbgp.

          • Event Type: Select DDoS Attacks.

          • Event Level: Select the event level. All alerts on DDoS attacks are critical. The value is fixed as CRITICAL.

          • Event Name: Valid values are ddosbgp_event_blackhole and ddosbgp_event_clean.

          For more information about the parameters, see Manage system event-triggered alert rules (old). After you receive an alert notification, you can go to the Mitigation Logs and Attack Analysis pages to check whether attacks occurred on your service based on data analysis details. Then, you can configure related mitigation policies on the Mitigation Settings page.

    References