All Products
Search

This Product

    ActionTrail:Manage an alert rule

    Document Center

    ActionTrail:Manage an alert rule

    Last Updated:Mar 08, 2024

    ActionTrail supports comprehensive alert management. You can configure and manage built-in alert rules or custom alert rules based on your business requirements to ensure real-time monitoring of anomalous events in the cloud. This topic describes how to enable, disable, and delete an alert rule. If you use a custom alert rule, you can also update and copy the alert rule.

    Background information

    You can go to the Alert Center page in the ActionTrail console and click the Alert Rules/Incidents tab to query alert rules. You can move the pointer over the 问号图标.jpg icon next to the name of an alert rule to query the details of the alert rule.

    ActionTrail allows you to create custom alert rules. For more information, see Create a custom alert rule.

    Enable an alert rule

    1. Log on to the ActionTrail console.

    2. In the left-side navigation pane, click Alerts.

    3. On the Alert Rules/Incidents tab of the Alert Center page, find the alert rule that you want to enable and click Enable in the Actions column.

      After the alert rule is enabled, the value in the Status column changes to Enabled.

    Disable an alert rule

    After you disable an alert rule, ActionTrail does not send alert notifications to the specified users or user groups if an event meets the condition of the alert rule. For example, if you disable the VPC Network Route Change Alert rule, no alert notifications are sent when the configuration of a virtual private cloud (VPC) route changes.

    After you disable an alert rule, the alerts that are generated based on the alert rule before the alert rule is disabled are not affected. Only alert notifications are not sent.

    1. On the Alert Rules/Incidents tab of the Alert Center page, find the alert rule that you want to disable and click Disable in the Actions column.

    2. In the Tip message, click OK.

      After the alert rule is disabled, the value in the Status column is changed to Created | Not Enabled.

    Pause and resume an alert rule

    When you pause an alert rule, you can specify a pause period. During the pause period, ActionTrail does not send alert notifications to the specified users or user groups if an event meets the condition of the alert rule. For example, you pause the VPC Network Route Change Alert rule, and set the pause period to 5 minutes. If the configuration of a VPC route changes within 5 minutes, no alert is triggered. If the configuration of a VPC route changes 5 minutes later, an alert is triggered.

    You can resume an alert rule during the pause period. In this case, ActionTrail continues to detect events based on the alert rule.

    1. On the Alert Rules/Incidents tab of the Alert Center page, find the alert rule that you want to manage and click Pause in the Actions column.

    2. In the Pause Settings dialog box, set Paused for.

      You can select a pause period in the console or specify a custom pause period.

    3. Click OK.

      After the alert rule is paused, the value in the Status column indicates the time when the alert rule is resumed. Example: Paused until 2021-05-20 18:34:03.

      Note

      To resume an alert rule during the pause period, click Resume in the Actions column. In the Tip message, click OK.

    Query details of an alert rule

    You can query details of an alert rule. The details include the point in time when the alert rule was created, check frequency, whether the alert rule is enabled, whether alert notifications are enabled for the alert rule, and the alert history of the alert rule.

    1. On the Alert Rules/Incidents tab of the Alert Center page, find the alert rule that you want to query and click View in the Actions column.

    2. On the Alert Overview page, view the basic information and statistical report of the alert rule.

    Follow and unfollow an alert rule

    You can follow an alert rule. This allows you to view the alert rule on the page of the current project or the homepage of the Simple Log Service console.

    1. On the Alert Rules/Incidents tab of the Alert Center page, find the alert rule that you want to follow and click Follow in the Actions column.

    2. In the Add to Watchlist dialog box, select a watchlist.

      • Add to Watchlist of Current Project: You can view the alert rule on the page of the current project in the Simple Log Service console. To view the alert rule, go to the page of the current project in the Simple Log Service console and choose 日志存储 > Watchlist.

      • Add to Global Watchlist: You can view the alert rule in the Watchlist section on the homepage of the Simple Log Service console.

    3. Click OK.

      Note

      You can click Unfollow in the Actions column to unfollow the alert rule.

    Delete an alert rule

    If you want to delete all alerts that are generated based on an alert rule, you can delete the alert rule. Then, ActionTrail does not detect events based on the alert rule.

    1. On the Alert Rules/Incidents tab of the Alert Center page, find the alert rule that you want to delete and click Delete in the Actions column.

    2. In the Tip message, click OK.

    Suspend or resume the alert notification feature for an alert

    After an alert rule is enabled, you can disable alert notifications and specify the period for which you want to disable alert notifications. During this period, ActionTrail still detects events based on the alert rule but does not send alert notifications to the specified users or user groups if an event meets the condition of the alert rule.

    1. On the Alert Rules/Incidents tab of the Alert Center page, find the alert rule that you want to manage and click View in the Actions column.

    2. On the Alert Overview page, click Modify next to Monitoring Status.

    3. In the Disable Alert Notifications panel, set Disabled Duration and click OK.

      Note

      During the specified period, the time when alert notifications are to be enabled for the alert rule is displayed in the Monitoring Status field. If you want to enable alert notifications before the scheduled time, click Modify next to Monitoring Status. In the message that appears, click OK.

    Update a custom alert rule

    You can update the information about a custom alert rule based on your business requirements. For example, you can update the query statistics and action policy of a custom alert rule.

    1. On the Alert Rules/Incidents tab of the Alert Center page, find the alert rule that you want to update and click Edit in the Actions column.

    2. In the Alert Monitoring Rule panel, configure the following parameters: Rule Name, Check Frequency, Query Statistics, Group Evaluation, Trigger Condition, Add Label, Add Annotation, Recovery Notifications, Advanced Settings, and Destination.

      For more information, see Create an alert monitoring rule for logs.

    3. Click OK.

    Copy a custom alert rule

    You can copy a custom alert rule and apply the rule to other projects.

    1. On the Alert Rules/Incidents tab of the Alert Center page, find the alert rule that you want to copy and click Copy in the Actions column.

    2. In the Target Project dialog box, select the projects to which you want to apply the custom alert rule.

    3. In the More section, configure the Destination Alert Name, Destination Alert Status, and Destination Alert ID parameters.

    4. Click OK.

    5. In the Copy Result dialog box, view the result of the copy operation and close the dialog box.