This topic describes how to configure an alert rule for Anti-DDoS Pro or Anti-DDoS Premium in the CloudMonitor console. After alert rules are configured, CloudMonitor notifies you of exceptions in traffic and connections on the IP addresses of your Anti-DDoS Pro or Anti-DDoS Premium instances. This allows you to handle exceptions and restore workloads at the earliest opportunity.

Background information

CloudMonitor is a service that allows you to monitor Internet applications and Alibaba Cloud resources. If alerts are triggered, CloudMonitor sends notifications. You can customize alert rules to specify how the alert system checks monitoring data. If the monitoring data meets the custom alert rules, CloudMonitor sends notifications. After you configure alert rules for important metrics, you are notified if exceptions are detected for these metrics. This allows you to handle exceptions at the earliest opportunity. For more information, see Overview.

The alerting feature provided by CloudMonitor supports Anti-DDoS Pro and Anti-DDoS Premium. You can configure alert rules for Anti-DDoS Pro and Anti-DDoS Premium in the CloudMonitor console.

The following table describes the metrics of Anti-DDoS Pro and Anti-DDoS Premium supported by CloudMonitor.

Metric Dimension Unit
Out_Traffic Instance or IP address bit/s
In_Traffic Instance or IP address bit/s
Back_Traffic (traffic that is scrubbed by Anti-DDoS Pro or Anti-DDoS Premium and is forwarded to the origin server) Instance or IP address bit/s
Active_connection Instance or IP address Count
Inactive_connection Instance or IP address Count
New_connection Instance or IP address Count
qps Domain name Count/second
qps_ratio_down Domain name %
qps_ratio_up Domain name %
resp2xx Domain name Count
resp2xx_ratio Domain name %
resp3xx Domain name Count
resp3xx_ratio Domain name %
resp404 Domain name Count
resp404_ratio Domain name %
resp4xx Domain name Count
resp4xx_ratio Domain name %
resp5xx Domain name Count
resp5xx_ratio Domain name %
upstream_resp2xx Domain name Count
upstream_resp2xx_ratio Domain name %
upstream_resp3xx Domain name Count
upstream_resp3xx_ratio Domain name %
upstream_resp404 Domain name Count
upstream_resp404_ratio Domain name %
upstream_resp4xx Domain name Count
upstream_resp4xx_ratio Domain name %
upstream_resp5xx Domain name Count
upstream_resp5xx_ratio Domain name %

Procedure

  1. Log on to the CloudMonitor console.
  2. Optional:Create an alert contact. If you have created a contact, skip this step.
    1. In the left-side navigation pane, choose Alerts > Alert Contacts.
    2. On the Alert Contacts tab, click Create Alert Contact.
    3. In the Set Alert Contact panel, configure the parameters, drag the slider to complete verification, and then click OK.
  3. Optional:Create an alert group. If you have created an alert group, skip this step.
    Note CloudMonitor sends alert notifications only to an alert group. You can add one or more alert contacts to an alert group.
    1. In the left-side navigation pane, choose Alerts > Alert Contacts.
    2. On the Alert Contact Group tab, click Create Alert Contact Group.
    3. In the Create Alert Contact Group panel, enter a group name in the Group Name field. Select the alert contact that you create from the Existing Contacts section and add the contact to the Selected Contacts section. Then, click Confirm.
  4. Create an alert rule.
    1. In the left-side navigation pane, choose Alerts > Alert Rules.
    2. On the Threshold Value Alert tab, click Create Alert Rule.
    3. On the Create Alert Rule page, configure the parameters and click Confirm.
      Create Alert Rule

      The following table describes the parameters used to create an alert rule.

      Section Parameter Description
      Related Resource Product Select NewBGPDDoS (Anti-DDoS Pro) or ddosdip (Anti-DDoS Premium).
      Resource Range Select the resources on which the alert rule takes effect. Valid values: All Resources or Instances.
      • All Resources: The alert rule takes effect on all your Anti-DDoS Pro or Anti-DDoS Premium instances. An alert notification is sent when one of the instances matches the alert rule.
      • Instances: The alert rule takes effect on the Anti-DDoS Pro or Anti-DDoS Premium instances that you select. An alert notification is sent only when all the selected instances match the alert rule.
      Set Alert Rules Alert Rule Specify the name of the alert rule.
      Rule Description Specify the conditions that are used to trigger alerts.
      Note We recommend that you specify the thresholds of metrics based on your business requirements. For more information, see Anti-DDoS Pro and Anti-DDoS Premium metrics. A low threshold may frequently trigger alerts and negatively affect user experience. A high threshold may leave insufficient time for you to handle attacks.
      Examples:
      • New_connection | 5Minute cycle | Continue for 3 periods | Once | > | 200: In this rule, the detection period is 5 minutes, and 1 data point is reported each minute. The data point indicates the number of new connections. CloudMonitor checks the data points generated within three consecutive detection periods, which are 15 data points in total. If a data point exceeds 200, an alert notification is sent.
      • Out_Traffic | 5Minute cycle | Continue for 3 periods | Once | ≥ | 50 Mbit/s: In this rule, the detection period is 5 minutes, and 1 data point is reported each minute. The data point indicates the transfer rate of outbound traffic. CloudMonitor checks the data points generated within three consecutive detection periods, which are 15 data points in total. If a data point is greater than or equal to 50 Mbit/s, an alert notification is sent.

      You can click Add Alert Rule to add more alert rules. Then, specify Alert Rule and Rule Description for each alert rule.

      Examples
      Mute for Specify a mute period. If an alert is not cleared within the mute period, the notification for the alert is sent again after the mute period elapses. The minimum value is 5 minutes, and the maximum value is 24 hours.
      Effective Period Specify the period during which the alert rule remains effective. CloudMonitor sends alert notifications within the effective period and only records alerts beyond the effective period.
      Notification Method Notification Contact Select the alert group that receives alert notifications.
      Notification Methods

      Set the value to Email + DingTalk (Info).

      Auto Scaling If you select Auto Scaling, a scaling rule is triggered when the alert is triggered.
      Log Service If you select Log Service, CloudMonitor writes alert information to Log Service.
      Email Remark Optional. Enter the information that you want to include in alert notification emails.
      HTTP CallBack Enter a public URL to which CloudMonitor sends alert notifications by using POST requests. You can enter only an HTTP URL.
      After the alert rule is created, if the monitoring data of an Anti-DDoS Pro or Anti-DDoS Premium metric matches the alert rule description, an alert notification is sent to the specified alert group by using the specified request method.