The Log Audit Service application provides built-in alert rules. You can enable alert instances next to the alert rules to monitor logs in real time. This topic describes how to enable, delete and disable alert instances. This topic also describes how to set whitelists and alert parameters.
Enable alert instances
- Log on to the Log Service console.
- In the Log Application section, click Log Audit Service.
- In the left-side navigation pane, choose .
- Find the alert rule and click the icon.Action policies are attached to the alert rules in the Log Audit Service application based on the built-in alert policy. After you enable alert instances, you can use the built-in action policy.
Log Service allows you to configure whitelists. If an account in the whitelist is used to perform operations, no alerts are triggered. The check of an ECS network type is used in this example.
- In the alert rule list, click whitelist next to ECS Network Type Check.
- In the Data Management dialog box, click Create.
- In the Add Data dialog box, set the aliuid parameter and click OK.For example, assume that you add the account 174****857602745 to the whitelist. If this account is used to create ECS instances or perform other operations on ECS instances over the classic network, no alert is triggered.
Set alert parameters
Log Service pre-defines alert rules in the Log Audit Service application and allows you to customize alert rules. Configurations check for Kubernetes is used in this example.
- In the alert rule list, click the icon next to K8s Log Audit Configuration Check.
- In the Parameter Settings dialog box, set the Min storage duration (ttl) parameter and click Save. When you collect Kubernetes logs, an alert is triggered if you set a time value that is less than the value that is specified in Step 2 .
You can perform the following operations on the alert rule tab:
|Disable alert instances||Find the alert rule and click the icon next to the alert rule.
You can also select multiple alert rules and click Disable.
|Temporarily disable alert instances||Find the alert rule and click the icon next to the alert rule.
You can also select multiple alert rules, click Pause, and then set a time range.
|Restart alert instances||You can restart alert instances that are temporarily disabled.
Find the alert rule and click the icon next to the alert rule.
You can also select multiple alert rules and click Resume.
|Delete alert instances||Find the alert rule and click the icon next to the alert rule.
You can also select multiple alert rules and click Delete.
|Upgrade alert instances||An upgrade message will be sent to you if Log Service upgrades alert rules on a large
scale and additional alert configurations are required. In most cases, Log Service
automatically upgrades alert rules.
You can select multiple alert rules that you want to upgrade and click Upgrade.