RDS Audit Center provides built-in alert rules. You can enable the alert instances of alert rules to monitor databases in RDS Audit Center in real time. This topic describes how to configure alerts.

Prerequisites

The data access configuration is complete. For more information, see Enable the log collection feature.

Background information

RDS Audit Center provides the following built-in resources for alerting: alert rules, alert policy, action policy, user group, and alert template. Before you use the built-in resources, take note of the following items:
  • You can specify the built-in alert policy in an alert rule.
    Note The built-in alert rules that are provided by RDS Audit Center are associated with the built-in alert policy. You cannot disassociate the built-in alert policy from the alert rules or associate other alert policies with the alert rules.
  • You can specify the built-in action policy in the built-in alert policy.
  • You can specify the built-in user group and built-in alert template in the built-in action policy.

You can use built-in resources or custom resources to configure alerts. This topic uses built-in resources as an example. For more information about how to use custom resources, see Log Audit Service.

Step 1: Create users

  1. Log on to the Log Service console.
  2. In the Log Application section, click RDS Audit Center.
  3. In the left-side navigation pane, click Alerts.
  4. On the Alerts tab, choose Alert Management > User Management.
  5. Create users.
    For more information, see Create users and user groups.

Step 2: Add users to the built-in user group

  1. On the Alerts tab, choose Alert Management > User Group Management.
  2. In the User Groups list, find the built-in user group whose ID is sls.app.audit.builtin and click Edit in the Actions column.
  3. In the Edit User Group dialog box, add the users that you create from the Available Members section to the Selected Members section. Then, click OK.

Step 3: Enable alert instances

  1. On the Alerts tab, click Alert Rules/Incidents.
  2. In the alert rule list, find the alert rule that you want to use and click Enable in the Actions column.
    After you enable an alert instance, Log Service monitors databases in RDS Audit Center in real time. If you want to enable multiple alert instances, click Add.

    For more information about the parameters of an alert rule, see Security of RDS instances.

References

Operation Description
Configure whitelists You can configure whitelists for alert rules. This way, alerts are not triggered by specific users, instance IDs, or IP addresses.

The whitelist configurations vary based on alert rules. For more information, see Security of RDS instances.

Disable alert instances If you disable an alert instance, the status in the Status column of the alert instance changes to Not Enabled, and alerts are no longer triggered based on the alert instance.

The configurations of the alert rule are not deleted. If you want to enable the alert instance again, you do not need to reconfigure the parameters of the alert rule.

Pause alert instances If you pause an alert instance, alerts are not triggered based on the alert instance for a specified period of time.
Resume alert instances You can resume paused alert instances.
Delete alert instances If you delete an alert instance, the status in the Status column of the alert instance changes to Not Created.

The configurations of the alert rule are deleted. The configurations include the Alibaba Cloud account that created the alert rule. If you want to enable the alert instance again, you must reconfigure the parameters of the alert rule.

Upgrade alert instances If a major upgrade is released for alert rules or if additional configurations are required after alert rules are upgraded, you are prompted to upgrade alert rules. In most cases, Log Service automatically upgrades alert rules.
Initialize alert assets If the assets generated during alert initialization are deleted by mistake or if the alert assets fail to be initialized for the first time, you can perform this operation to forcibly initialize the alert assets.