This topic describes how to create Anti-DDoS Pro & Premium alert rules and add contact groups in the CloudMonitor console. Anti-DDoS alert notifications provide you with up-to-date information about traffic and connection exceptions. You can troubleshoot errors and restore workloads as soon as possible.

Background information

CloudMonitor is a service that monitors applications and Alibaba Cloud resources. It sends you notifications when alerts are triggered. You can customize alert rules to specify how the alert system checks the monitoring data and when it sends alert notifications. After you set alert rules for important metrics, you are notified when exceptions are detected in these metrics. This enables you to manage exceptions quickly.

The alert feature provided by CloudMonitor is compatible with Anti-DDoS. You can create and customize alert rules in the CloudMonitor console. CloudMonitor supports the following Anti-DDoS Pro & Premium metrics.

Note Anti-DDoS back-to-origin traffic refers to the workload traffic that is scrubbed by Anti-DDoS before it is forwarded to the origin server.
Table 1. Anti-DDoS Pro & Premium metrics
Metric Dimension Unit
Anti-DDoS outbound traffic Instance and IP address bit/s
Anti-DDoS inbound traffic Instance and IP address bit/s
Anti-DDoS back-to-origin traffic Instance and IP address bit/s
Active connections Instance and IP address Count
Inactive connections Instance and IP address Count
New connections Instance and IP address Count

Procedure

  1. Log on to the CloudMonitor console.
  2. Optional:Add an alert recipient. If you have already specified a recipient, you can skip this step.
    1. In the left-side navigation pane, choose Alarms > Alarm Contacts.
    2. On the Alarm Contacts tab, click Create Alarm Contact in the upper-right corner.Add a recipient
    3. In the Set Alarm Contact dialog box that appears, enter the required contact information. Verify the Phone or Email ID, and then click Save.Specify contact information
      The alert recipient is saved.
  3. Optional:Create an alert contact group. If you have already created an alert contact group, you can skip this step.
    Note The recipients of alert notifications must be contact groups. You can add one or more recipients to a contact group.
    1. In the left-side navigation pane, choose Alarms > Alarm Contacts.
    2. On the Alarm Contact Group tab, click Create Alarm Contact Group in the upper-right corner.Create a contact group
    3. In the Create Alarm Contact Group dialog box that appears, enter a group name in the Group Name field. Select recipients from the left-side Existing Contacts list and add them to the right-side Selected Contacts list. Click OK.Specify contact information
      The contact group is created.
  4. Create an alert rule
    1. In the left-side navigation pane, choose Alarms > Alarm Rules.
    2. On the Threshold Value Alarm tab, click Create Alarm Rule.Create an alert rule
    3. On the Create Alarm Rule page, set the parameters and click Confirm. The following table lists the parameters and descriptions.
      Category Parameter Description
      Related Resource Product Select NewBGPDDoS (indicates Anti-DDoS Pro) or ddosdip (indicates Anti-DDoS Premium).
      Resource Range The resources to which the alert rule is applied. You can select All Resources or Instances.
      • All Resources: The alert rule is applied to all Anti-DDoS Pro or Premium instances. An alert is triggered when any of the Anti-DDoS instances matches the specified rule.
      • Instances: The alert rule is applied to selected Anti-DDoS Pro or Premium instances. An alert is triggered when one of the selected instances matches the specified rule.
      Set Alert Rules Alarm Rule Specify a name for the alert rule.
      Rule Description Set the conditions that are used to control how the alert rule is triggered.
      Note We recommend that you set the threshold of metrics based on your actual business requirements. For more information, see Table 1. A low threshold may frequently trigger alerts and negatively impact user experience. A high threshold may leave insufficient time for you to manage attacks.
      Default condition: An Anti-DDoS metric generates a data point every 60 seconds. In the following examples, the Anti-DDoS metrics generate five data points every five-minute detection period.
      • Sample rule description: New connection, 5 minute cycle, 3 periods, once, and > 200. In this rule, the detection period is set to five minutes. CloudMonitor checks the data points (number of new connections) generated within three detection periods in a row, which are 15 data points in total. If any data point shows that the number of new connections has exceeded 200, an alert is triggered.
      • Sample rule description: Out traffic, 5 minute cycle, 3 periods, and ≥ 50 Mbit/s. In this rule, the detection period is set to five minutes. CloudMonitor checks the data points (outbound data transfer rate) generated within three detection periods in a row, which are 15 data points in total. If any data point shows that the outbound data transfer rate has exceeded 50 Mbit/s, an alert is triggered.

      You can click Add Alarm Rule to add more alert rules. Specify a name and rule description for each alert rule.

      Examples
      Mute for Set a mute period. If the alert is not cleared within the mute period, a new alert notification is sent when the mute period ends. The minimum value is 5 minutes and the maximum value is 24 hours.
      Effective Period The time period during which the alert rule remains effective. The system only sends alerts within the effective period. The system records alerts if they occur during a non-effective period.
      Notification Method Notification Contact The contact group that receives alerts.
      Notification Methods Alert levels include critical, warning, and info. Different levels of alerts are sent by using different methods.
      • Phone + Text Message + Email + DingTalk (Critical)
        Note You can select this notification method only after you purchase a notification plan that supports phone calls.
      • Test Message + Email + DingTalk (Warning)
      • Email + DingTalk (Info)
      Auto Scaling After you specify a scaling rule, the specified scaling rule is triggered when an alert occurs. In this example, do not set this parameter.
      Email Remark Optional. You can add remarks to email notifications. Remarks is included in email notifications.
      HTTP Callback CloudMonitor uses a POST request to push an alert to the specified public URL address. Currently, only HTTP requests are supported.
      Sample alert rule
      The Anti-DDoS alert rule is created. When the Anti-DDoS metric fits the alert rule description, an alert is sent to the specified contact group.