ActionTrail provides built-in alert rules and allows you to create custom alert rules to detect abnormal events in the cloud. You can enable, disable, pause, query, follow, and delete alert rules as needed, or disable alert notifications. You can also update or copy a custom alert rule.

Background information

On the Alert Rules/Incidents tab of the Event Alerting page in the ActionTrail console, you can query alert rules. You can also move the pointer over the more icon next to the name of an alert rule to view the details of the alert rule.

ActionTrail allows you to create custom alert rules. For more information, see Create a custom alert rule.

Enable an alert rule

  1. Log on to the ActionTrail console.
  2. In the left-side navigation pane, click Event Alerting.
  3. On the Alert Rules/Incidents tab of the Event Alerting page, find the alert rule that you want to enable and click Enable in the Actions column.
    After the alert rule is enabled, the value in the Status column is changed to Enabled.

Disable an alert rule

After you disable an alert rule, ActionTrail does not send alert notifications to the specified users or user groups if an event meets the condition of the alert rule. For example, if you disable the VPC Network Route Change Alert rule, no alert is triggered when the configuration of a virtual private cloud (VPC) route changes.

After you disable an alert rule, the alert instances generated before the alert rule is disabled are not affected, only that alert notifications are not sent.

  1. On the Alert Rules/Incidents tab of the Event Alerting page, find the alert rule that you want to disable and click Disable in the Actions column.
  2. In the Tip message, click OK.
    After the alert rule is disabled, the value in the Status column is changed to Created | Not Enabled.

Pause and resume an alert rule

When you pause an alert rule, you can specify a pause period. During the pause period, ActionTrail does not send alert notifications to the specified users or user groups if an event meets the condition of the alert rule. For example, you pause the VPC Network Route Change Alert rule, and set the pause period to 5 minutes. If the configuration of a VPC route changes within 5 minutes, no alert is triggered. If the configuration of a VPC route changes 5 minutes later, an alert is triggered.

You can resume an alert rule during the pause period. In this case, ActionTrail continues to inspect events based on the alert rule.

  1. On the Alert Rules/Incidents tab of the Event Alerting page, find the alert rule that you want to pause and click Pause in the Actions column.
  2. In the Pause Settings dialog box, set the Pause for parameter.
    You can select a pause period preset in the console or customize the pause period.
  3. Click OK.
    After the alert rule is paused, the value in the Status column indicates the time when the alert rule will be resumed. Example: Paused until 2021-05-20 18:34:03.
    Note To resume an alert rule during the pause period, click Resume in the Actions column. In the Tip message, click OK.

Query details of an alert rule

You can query details of an alert rule. The details include the point in time when the alert rule was created, check frequency, whether the alert rule is enabled, whether alert notifications are enabled for the alert rule, and the alert history of the alert rule.

  1. On the Alert Rules/Incidents tab of the Event Alerting page, find the alert rule whose details that you want to query and click View in the Actions column.
  2. On the details tab of the alert rule, view the basic information and statistics of the alert rule.

Follow and unfollow an alert rule

You can follow an alert rule. This allows you to view the alert rule on the page of the current project or on the homepage of the Log Service console.

  1. On the Alert Rules/Incidents tab of the Event Alerting page, find the alert rule that you want to follow and click Follow in the Actions column.
  2. In the Add to Watchlist dialog box, select an option.
    • Add to Watchlist of Current Project: You can view the alert rule on the page of the current project in the Log Service console. To do so, go to the page of the current project in the Log Service console, click the SLS icon in the left-side navigation pane, and then click the Watchlist tab to view the alert rule.
    • Add to Global Watchlist: You can view the alert rule in the Watchlist section on the homepage of the Log Service console.
  3. Click OK.
    Note You can click Unfollow in the Actions column to unfollow the alert rule.

Delete an alert rule

If you want to delete all alert instances generated for an alert rule, you can delete the alert rule. Then, ActionTrail does not inspect events based on the alert rule.

  1. On the Alert Rules/Incidents tab of the Event Alerting page, find the alert rule that you want to delete and click Delete in the Actions column.
  2. In the Tip message, click OK.
    After the alert rule is deleted, the value in the Status column is changed to Not Created.

Enable and disable alert notifications for an alert rule

After an alert rule is enabled, you can disable alert notifications and specify the period for disabling alert notifications. During this period, ActionTrail still inspects events based on the alert rule, but does not send alert notifications to the specified users or user groups if an event meets the condition of the alert rule.

  1. On the Alert Rules/Incidents tab of the Event Alerting page, find the alert rule for which you want to disable alert notifications and click View in the Actions column.
  2. On the details tab of the alert rule, click Modify next to Monitoring Status.
  3. In the Disable Alert Notifications panel, set the period and click OK.
    Note During the specified period, the time when alert notifications are to be enabled for the alert rule is displayed in the Monitoring Status field. If you want to enable alert notifications before the scheduled time, click Modify next to Monitoring Status. In the message that appears, click OK.

Update a custom alert rule

You can update the information of a custom alert rule as needed. For example, you can update the query statistics and action policy of a custom alert rule.

  1. On the Alert Rules/Incidents tab of the Event Alerting page, find the custom alert rule that you want to update and click Edit in the Actions column.
  2. In the Alert Rule panel, modify the Rule Name, Check Frequency, Query Statistics, Group Evaluation, Trigger Condition, Add Label, Add Annotation, Recovery Notifications, Threshold of Condition Triggers, No Data Alert, Alert Policy, Action Policy, or Cycle parameter.
    For more information, see Create an alert monitoring rule for logs.
  3. Click OK.

Copy a custom alert rule

You can copy a custom alert rule to other projects.

  1. On the Alert Rules/Incidents tab of the Event Alerting page, find the custom alert rule that you want to copy and click Copy in the Actions column.
  2. In the Target Project dialog box, select the projects to which you want to apply the custom alert rule.
  3. In the {Number of selected projects}Items section, set the name, status, and ID of the new custom alert rule.
  4. Click OK.
  5. In the dialog box that appears, view the result of the copy operation and close the dialog box.