Help Center> Cloud Firewall> User Guide> Auditing Logs> Log Management> Adding Alarm Notifications
Updated on 2024-04-09 GMT+08:00
View PDF

Adding Alarm Notifications

You can create alarm rules to monitor logs in real time. When a log meets the preset rules, an alarm is generated and sent to you by SMS message or email. This function can be used to monitor exceptions in real time.

Prerequisites

Logs have been dumped to LTS by configuring Log Settings.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column to go to the details page.
  5. In the navigation pane on the left, choose Log Audit > Log Management.

    Click Create Alarm Rule in the upper right corner. Creating an alarm rule describes the parameters for creating an alarm rule.

    Table 1 Parameters for creating an alarm rule

    Parameter

    Description

    Example Value

    Rule Name

    Name of the alarm rule.

    NOTE:

    Can contain only letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot start with a period or underscore, or end with a period. Can contain 1 to 64 characters.

    test

    Description

    Rule description.

    NOTE:

    Enter up to 64 characters.

    -

    Statistics

    Possible values are By keyword and By SQL.

    By keyword

    Log Group Name

    Select a log group.

    -

    Enterprise Project Name

    Select an enterprise project.

    This parameter is displayed only when the enterprise project function is enabled for the current account.

    -

    Log Stream Name

    Select a log stream.

    -

    Keywords

    Enter keywords that you want LTS to monitor in logs.

    NOTE:
    • Keywords cannot start with an asterisk (*) or question mark (?).
    • Exact and fuzzy matches are supported. A keyword is case sensitive and contains up to 1024 characters.

    _time

    Query Time Range

    Time range for the keyword query, which is one period earlier than the current time.

    • The value ranges from 1 to 60 in the unit of minutes.
    • The value ranges from 1 to 24 in the unit of hours.

    1 h

    Query Frequency

    Sets the query frequency.

    Hourly

    Matching Log Events

    When the number of log events that contain the configured keywords reaches the specified value, an alarm is triggered.

    >10

    Alarm Severity

    Possible values are critical (default), major, minor, and info.

    critical

    Send Notifications

    Possible values are No (default) and Yes.

    No

    SMN Topic

    If you select Yes for Send Notifications, you need to select a Simple Message Notification (SMN) topic, time zone, language, and message template. You can select multiple topics.

    -

  6. Confirm the information and click OK.
Parent topic: Log Management