Create an Anti-DDoS alert rule

This topic describes how to create Anti-DDoS Pro & Premium alert rules and add contact groups in the CloudMonitor console. Anti-DDoS alert notifications provide you with up-to-date information about traffic and connection exceptions. You can troubleshoot errors and restore workloads as soon as possible.

1. Log on to the CloudMonitor console.
2. Optional:Add an alert recipient. If you have already specified a recipient, you can skip this step.
   1. In the left-side navigation pane, choose Alarms > Alarm Contacts.
   2. On the Alarm Contacts tab, click Create Alarm Contact in the upper-right corner.
   3. In the Set Alarm Contact dialog box that appears, enter the required contact information. Verify the Phone or Email ID, and then click Save.
      The alert recipient is saved.
3. Optional:Create an alert contact group. If you have already created an alert contact group, you can skip this step.
   Note The recipients of alert notifications must be contact groups. You can add one or more recipients to a contact group.
   1. In the left-side navigation pane, choose Alarms > Alarm Contacts.
   2. On the Alarm Contact Group tab, click Create Alarm Contact Group in the upper-right corner.
   3. In the Create Alarm Contact Group dialog box that appears, enter a group name in the Group Name field. Select recipients from the left-side Existing Contacts list and add them to the right-side Selected Contacts list. Click OK.
      The contact group is created.
4. Create an alert rule
   1. In the left-side navigation pane, choose Alarms > Alarm Rules.
   2. On the Threshold Value Alarm tab, click Create Alarm Rule.
   3. On the Create Alarm Rule page, set the parameters and click Confirm. The following table lists the parameters and descriptions.

      Category	Parameter	Description
      Related Resource	Product	Select NewBGPDDoS (indicates Anti-DDoS Pro) or ddosdip (indicates Anti-DDoS Premium).
      	Resource Range	The resources to which the alert rule is applied. You can select All Resources or Instances. All Resources: The alert rule is applied to all Anti-DDoS Pro or Premium instances. An alert is triggered when any of the Anti-DDoS instances matches the specified rule. Instances: The alert rule is applied to selected Anti-DDoS Pro or Premium instances. An alert is triggered when one of the selected instances matches the specified rule.
      Set Alert Rules	Alarm Rule	Specify a name for the alert rule.
      	Rule Description	Set the conditions that are used to control how the alert rule is triggered. Note We recommend that you set the threshold of metrics based on your actual business requirements. For more information, see Table 1. A low threshold may frequently trigger alerts and negatively impact user experience. A high threshold may leave insufficient time for you to manage attacks. Default condition: An Anti-DDoS metric generates a data point every 60 seconds. In the following examples, the Anti-DDoS metrics generate five data points every five-minute detection period. Sample rule description: New connection, 5 minute cycle, 3 periods, once, and > 200. In this rule, the detection period is set to five minutes. CloudMonitor checks the data points (number of new connections) generated within three detection periods in a row, which are 15 data points in total. If any data point shows that the number of new connections has exceeded 200, an alert is triggered. Sample rule description: Out traffic, 5 minute cycle, 3 periods, and ≥ 50 Mbit/s. In this rule, the detection period is set to five minutes. CloudMonitor checks the data points (outbound data transfer rate) generated within three detection periods in a row, which are 15 data points in total. If any data point shows that the outbound data transfer rate has exceeded 50 Mbit/s, an alert is triggered. You can click Add Alarm Rule to add more alert rules. Specify a name and rule description for each alert rule.
      	Mute for	Set a mute period. If the alert is not cleared within the mute period, a new alert notification is sent when the mute period ends. The minimum value is 5 minutes and the maximum value is 24 hours.
      	Effective Period	The time period during which the alert rule remains effective. The system only sends alerts within the effective period. The system records alerts if they occur during a non-effective period.
      Notification Method	Notification Contact	The contact group that receives alerts.
      	Notification Methods	Alert levels include critical, warning, and info. Different levels of alerts are sent by using different methods. Phone + Text Message + Email + DingTalk (Critical) Note You can select this notification method only after you purchase a notification plan that supports phone calls. Test Message + Email + DingTalk (Warning) Email + DingTalk (Info)
      	Auto Scaling	After you specify a scaling rule, the specified scaling rule is triggered when an alert occurs. In this example, do not set this parameter.
      	Email Remark	Optional. You can add remarks to email notifications. Remarks is included in email notifications.
      	HTTP Callback	CloudMonitor uses a POST request to push an alert to the specified public URL address. Currently, only HTTP requests are supported.

      
      The Anti-DDoS alert rule is created. When the Anti-DDoS metric fits the alert rule description, an alert is sent to the specified contact group.