Anti-DDoS Proxy is integrated with the alert monitoring feature of CloudMonitor. You can configure alert rules and real-time dashboards in the CloudMonitor console. After you configure an alert rule, CloudMonitor reports an alert when the rule is triggered. This way, you can handle exceptions and recover your business at the earliest opportunity. You can also view the monitoring details in real-time dashboards and troubleshoot exceptions. This topic describes how to configure alert rules and real-time dashboards.
Background information
CloudMonitor is a service that monitors Internet applications and Alibaba Cloud resources. For more information, see What is CloudMonitor?
Anti-DDoS Proxy (Chinese Mainland) and Anti-DDoS Proxy (Outside Chinese Mainland) are integrated with the alert monitoring feature of CloudMonitor. You can configure alert notifications and real-time dashboards for the following events in the CloudMonitor console.
Event name | Event type | Description |
IP address traffic alert | Service metric monitoring and alerting | After you configure an alert rule for a service metric, CloudMonitor reports an alert notification when the rule is triggered. This way, you can handle exceptions and recover your business at the earliest opportunity. |
Connection alerts | ||
QPS alerts | ||
Status code alerts | ||
Alerts for DDoS blackhole filtering alerts | Event monitoring and alerting | After you configure an alert rule for an event, CloudMonitor notifies you when the rule is triggered. This way, you can handle exceptions and recover your business at the earliest opportunity. The event that occurred on your Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland) instance can be a blackhole filtering event, traffic scrubbing event, event of HTTP flood attacks at Layer 4, or event of HTTP flood attacks at Layer 7. |
Alerts for DDoS mitigation events | ||
DDoS monitor dashboard | Real-time dashboard | CloudMonitor provides the dashboard feature. You can customize the monitoring data that is displayed on a dashboard and view the monitoring data on the dashboard. You can aggregate monitoring data of different services and instances that run the same type of workloads by using one dashboard. You can configure a real-time dashboard for Anti-DDoS Proxy (Chinese Mainland) and Anti-DDoS Proxy (Outside Chinese Mainland) in the CloudMonitor console. Then, you can monitor workloads of Anti-DDoS Proxy in a visualized and comprehensive manner. |
Prerequisites
An Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland) instance is purchased. For more information, see Purchase an Anti-DDoS Proxy instance.
Procedure
Log on to the Anti-DDoS Proxy console.
In the top navigation bar, select the region of your instance.
Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.
Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland) instance, select Outside Chinese Mainland.
In the left-side navigation pane, choose
.On the CloudMonitor Alerts page, find the event for which you want to configure an alert rule and click CloudMonitor Notification in the Interaction Configuration column.
Event name
Procedure
Traffic Alerts by IP Address, Connection Alerts, QPS Alerts, and Alerts on Status Codes
In the CloudMonitor console, create a threshold-triggered alert rule for Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland). For more information, see Configure event monitoring and alerting.
Alerts on Blackhole Filtering Events and Alerts on Scrubbing Events
In the CloudMonitor console, create an event-triggered alert rule for Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland). For more information, see Configure event monitoring and alerting.
DDoS Dashboard
In the CloudMonitor console, create a real-time dashboard and charts for Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland). For more information, see Configure a real-time dashboard.
Configure service metric monitoring and alerting
In the CloudMonitor console, create an alert contact. If you have created an alert group, skip this step.
In the left-side navigation pane, choose .
On the Alert Contacts tab, click Create Alert Contact.
In the Set Alert Contact panel, configure the parameters, drag the slider to complete verification, and then click OK.
Create an alert contact group. If you have created an alert group, skip this step.
NoteCloudMonitor sends alert notifications only to alert contact groups. You can add one or more alert contacts to an alert contact group.
- In the left-side navigation pane, choose .
On the Alert Contact Group tab, click Create Alert Contact Group.
In the Create Alert Contact Group panel, configure the Group Name parameter. Select the alert contact that you create from the Existing Contacts section and add the contact to the Selected Contacts section. Then, click Confirm.
Create one or more threshold-triggered alert rules.
In the left-side navigation pane, choose .
On the Alert Rules page, click Create Alert Rule.
In the Create Alert Rule panel, configure the parameters and click Confirm.
Parameter
Description
Product Type
Select Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland).
Resource Range
The range of the resources to which the alert rule applies. Valid values:
All Resources: The alert rule applies to all resources of the specified cloud service.
Application Groups: The alert rule applies to all resources in the specified application group of the specified cloud service.
Instances: The alert rule applies to the specified resources of the specified cloud service.
Rule Description
The content of the alert rule. The parameters in this section specify the conditions that trigger an alert. To specify the rule description, perform the following steps:
Click Add Rule and select a metric type from the drop-down list.
In the Configure Rule Description panel, enter a rule name in the Alert Rule field and configure the Metric Type parameter. Valid values of the Metric Type parameter:
Simple Metric: Select a metric and set the threshold and alert level for the metric.
Combined Metrics: Select an alert level and specify alert conditions for two or more metrics in the Multi-metric Alert Condition section.
NoteIf a multi-metric alert rule is configured, the desired resource must have data on each metric. An alert can be triggered only if the related conditions are met. For example, if a multi-metric alert rule includes Internet metrics but the ECS instance is not configured with an elastic IP address (EIP), alerts cannot be triggered.
Expression: Select an alert level and then configure an alert expression.
Dynamic Threshold: For more information about dynamic thresholds, see Overview and Create dynamic threshold-triggered alert rules.
NoteThe dynamic threshold feature is in invitational preview. To use the feature, you must submit a ticket.
Click OK.
NoteFor more information about how to specify complex alert conditions, see Alert rule expressions.
Mute For
The interval at which CloudMonitor resends alert notifications before an alert is cleared. Valid values: 5 Minutes, 15 Minutes, 30 Minutes, 60 Minutes, 3 Hours, 6 Hours, 12 Hours, and 24 Hours.
If a metric value reaches the threshold, CloudMonitor sends an alert notification. If the metric value reaches the threshold again within the mute period, CloudMonitor does not resend an alert notification. If the alert is not cleared after the mute period ends, CloudMonitor resends an alert notification.
For example, if the Mute For parameter is set to 12 Hours and the alert is not cleared, CloudMonitor resends an alert notification after 12 hours.
Effective Period
The period during which the alert rule is effective. CloudMonitor sends alert notifications based on the alert rule only within the effective period.
NoteIf an alert rule is not effective, no alert notification is sent. However, the alert history is still displayed on the Alert History page.
Alert Contact Group
Select the alert contact groups to which you want to send alert notifications.
Tag
The tag of the alert rule. A tag consists of a tag key and a tag value.
NoteYou can set a maximum of six tags.
Alert Callback
The callback URL that can be accessed over the Internet. CloudMonitor sends HTTP POST requests to push alert notifications to the specified URL. Only HTTP requests are supported. For more information about how to configure alert callback, see Use the alert callback feature to send notifications about threshold-triggered alerts.
To test the connectivity of an alert callback URL, perform the following steps:
Click Test next to the callback URL.
In the Webhook Test panel, you can check and troubleshoot the connectivity of the alert callback URL based on the returned status code and test result details.
NoteTo obtain the details of the test result, configure the Test Template Type and Language parameters and click Test.
Click Close.
NoteYou can click Advanced Settings to configure this parameter.
Auto Scaling
You do not need to specify this parameter. For more information, see Create an alert rule.
Log Service
SMQ
Function Compute
Configure event monitoring and alerting
In the CloudMonitor console, create an alert contact. If you have created an alert group, skip this step.
In the left-side navigation pane, choose .
On the Alert Contacts tab, click Create Alert Contact.
In the Set Alert Contact panel, configure the parameters, drag the slider to complete verification, and then click OK.
Create an alert contact group. If you have created an alert group, skip this step.
NoteCloudMonitor sends alert notifications only to alert contact groups. You can add one or more alert contacts to an alert contact group.
- In the left-side navigation pane, choose .
On the Alert Contact Group tab, click Create Alert Contact Group.
In the Create Alert Contact Group panel, configure the Group Name parameter. Select the alert contact that you create from the Existing Contacts section and add the contact to the Selected Contacts section. Then, click Confirm.
Create one or more event-triggered alert rules.
In the left-side navigation pane, choose .
On the Event Monitoring tab, click Old Event Alarm Rules in the upper-right corner and then click Create Alert Rule.
In the Create/Modify Event-triggered Alert Rule panel, configure the parameters and click OK.
Section
Parameter
Description
Basic Info
Alert Rule Name
Enter a name for the alert rule.
Event-triggered Alert Rules
Product Type
Select Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland).
Event Type
Select the type of event for which you want to send alert notifications. Valid values:
DDoS Blackhole Filtering: blackhole filtering events
DDoS Traffic Scrubbing: traffic scrubbing events
Layer 4 Flood Attack: events of flood attacks at Layer 4
Layer 7 HTTP Flood Attack: events of HTTP flood attacks at Layer 7
Event Level
Select the level of event for which you want to send alert notifications. Only CRITICAL is supported for the preceding types of events.
Event Name
Select the event for which you want to send alert notifications. The valid values of this parameter vary based on the value of the Event Type parameter. The following list describes the events of each event type:
Blackhole filtering events: ddosdip_event_blackhole_add or ddoscoo_event_blackhole_add and ddosdip_event_blackhole_end or ddoscoo_event_blackhole_end
Traffic scrubbing events: ddosdip_event_defense_add or ddoscoo_event_defense_add and ddosdip_event_defense_end or ddoscoo_event_defense_end
Events of flood attacks at Layer 4: ddosdip_event_cc4_add or ddoscoo_event_cc4_add and ddosdip_event_cc4_end or ddoscoo_event_cc4_end
Events of HTTP flood attacks at Layer 7: ddosdip_event_cc7_add or ddoscoo_event_cc7_add and ddosdip_event_cc7_end or ddoscoo_event_cc7_end
Keyword Filtering
The keywords that are used to filter the alert rule. Valid values:
Contains any of the keywords: If the alert rule contains any one of the specified keywords, CloudMonitor sends an alert notification.
Does not contain any of the keywords: If the alert rule does not contain any one of the specified keywords, CloudMonitor sends an alert notification.
NoteFor more information about how to view the content of an event, see View system events.
SQL Filter
The SQL statement that is used to filter the alert rule.
You can use the
and
andor
operators. For example, if you set this parameter toWarn and i-hp368focau7dp0hw****
, CloudMonitor sends alert notifications only when the event content contains the instancei-hp368focau7dp0hw****
and the alert levelWarn
.Resource Range
Select All Resources.
Notification Method
Alert Contact Group
Select the alert contact groups to which you want to send alert notifications.
Alert Notification
Specify the severity level and notification method of the event alert. Valid values:
Critical (Email + Webhook)
Warning (Email + Webhook)
Info (Email +Webhook)
Simple Message Queue (formerly MNS)
You do not need to specify this parameter. For more information, see Manage system event-triggered alert rules (previous version).
Function Compute
URL Callback
Log Service
Mute For
Specify the period during which an alert is muted. This parameter specifies the interval at which an alert notification is sent to the specified contacts again if the alert is not cleared.
Optional. Query the events that recently occurred on Anti-DDoS Proxy in the CloudMonitor console.
On the Event Monitoring tab of the System Event page, select Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland), specify the event type and the time range, and then click Search.
In the event list, click Details in the Actions column to view the details of an event.
Configure a real-time dashboard
In the left-side navigation pane of the CloudMonitor console, click Dashboard.
On the Custom Dashboard page, click Add Dashboard.
In the Add Dashboard Group dialog box, specify a dashboard name and click Confirm.
After the dashboard is created, you can view the dashboard on the Custom Dashboard tab.
Click the name of the dashboard and click Add View. In the Add Chart panel, configure a chart.
Select a chart type. The following chart types are supported: Line, Area, Table, Heat Map, and Pie Chart.
For more information, see Manage the monitoring charts of a custom dashboard.
Configure one or more metrics. Click the Dashboards tab and select Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland). Then, configure the Metric Name and Resource parameters.
Metric Name: Select the metrics that you want to monitor.
Resource: Select Apply Group, Cloud product instance, or Monitoring Instance based on your business requirements. Then, select the Anti-DDoS Proxy instance and the IP address of the asset that you want to monitor.
NoteClick Add Metric if you want to add more metrics.
Click OK to create the chart.
You can repeat the preceding steps to add more charts to the dashboard.