ActionTrail provides built-in alert rules and allows you to create custom alert rules to detect abnormal events in the cloud. You can enable, disable, pause, query, follow, and delete alert rules as needed, or disable alert notifications. You can also update or copy a custom alert rule.
Background information

ActionTrail allows you to create custom alert rules. For more information, see Create a custom alert rule.
Enable an alert rule
Disable an alert rule
After you disable an alert rule, ActionTrail does not send alert notifications to the specified users or user groups if an event meets the condition of the alert rule. For example, if you disable the VPC Network Route Change Alert rule, no alert is triggered when the configuration of a virtual private cloud (VPC) route changes.
After you disable an alert rule, the alert instances generated before the alert rule is disabled are not affected, only that alert notifications are not sent.
Pause and resume an alert rule
When you pause an alert rule, you can specify a pause period. During the pause period, ActionTrail does not send alert notifications to the specified users or user groups if an event meets the condition of the alert rule. For example, you pause the VPC Network Route Change Alert rule, and set the pause period to 5 minutes. If the configuration of a VPC route changes within 5 minutes, no alert is triggered. If the configuration of a VPC route changes 5 minutes later, an alert is triggered.
You can resume an alert rule during the pause period. In this case, ActionTrail continues to inspect events based on the alert rule.
Query details of an alert rule
You can query details of an alert rule. The details include the point in time when the alert rule was created, check frequency, whether the alert rule is enabled, whether alert notifications are enabled for the alert rule, and the alert history of the alert rule.
- On the Alert Rules/Incidents tab of the Event Alerting page, find the alert rule whose details that you want to query and click View in the Actions column.
- On the details tab of the alert rule, view the basic information and statistics of the alert rule.
Follow and unfollow an alert rule
You can follow an alert rule. This allows you to view the alert rule on the page of the current project or on the homepage of the Log Service console.
Delete an alert rule
If you want to delete all alert instances generated for an alert rule, you can delete the alert rule. Then, ActionTrail does not inspect events based on the alert rule.
Enable and disable alert notifications for an alert rule
After an alert rule is enabled, you can disable alert notifications and specify the period for disabling alert notifications. During this period, ActionTrail still inspects events based on the alert rule, but does not send alert notifications to the specified users or user groups if an event meets the condition of the alert rule.
Update a custom alert rule
You can update the information of a custom alert rule as needed. For example, you can update the query statistics and action policy of a custom alert rule.
Copy a custom alert rule
You can copy a custom alert rule to other projects.
- On the Alert Rules/Incidents tab of the Event Alerting page, find the custom alert rule that you want to copy and click Copy in the Actions column.
- In the Target Project dialog box, select the projects to which you want to apply the custom alert rule.
- In the {Number of selected projects}Items section, set the name, status, and ID of the new custom alert rule.
- Click OK.
- In the dialog box that appears, view the result of the copy operation and close the dialog box.