You can use Simple Log Service to collect and analyze logs in real time and configure custom alert rules based on your business requirements. When the system log traffic exceeds the preset threshold, an alert notification is automatically sent to O&M personnel by using different methods to quickly respond to unexpected traffic and abnormal traffic. This ensures the stability and security of applications. This topic describes how to configure a traffic protection alert based on Simple Log Service after logs are collected.
Prerequisites
Simple Log Service is activated, a Logstore is created, and log collection is complete. For more information, see "Step 1: Activate Simple Log Service" in Getting Started.
-
Enable the traffic protection feature of or Microservices Engine (MSE) Microservices Governance and configure traffic protection rules.
Traffic protection events are collected to Simple Log Service. For more information, see Report MSE traffic protection events to Simple Log Service.
Procedure
This section provides only the configuration items that you need to focus on. For more information, see Configure an alert monitoring rule in Simple Log Service.
Log on to the Simple Log Service console.
Select the project that you created or used in Report MSE traffic protection events to Simple Log Service.
In the left-side navigation pane, click the
icon to go to the Logstores page. -
Click the Logstore for which you want to configure an alert rule, and click the
icon in the upper-right corner. This icon is in the toolbar at the top of the Logstore query page, to the right of the Search & Analyze drop-down list and to the left of the gear icon, to access alert-related functions.
-
Add an alert rule query statement.
-
In the Alert Monitoring Rule panel, click the
icon next to Query Statistics. In the Query text box, enter the following query statement.* | select resource,expType,ruleId,blockNum,time,appName,namespace -
For Destination, select SLS Notification and turn on the Enable switch. For Alert Policy, select Simple Mode and configure the policy settings.
You can view the created rule in Alert Center.
-
-
Configure the content that you want to display after an alert is triggered.
-
In the left-side navigation pane, click the
icon to go to the Alert Center. -
Click the Notification Policy tab, and then click the Alert Template tab.
-
On the Alert Template tab, click Create. In the Add Alert Template dialog box, set the ID, name, and content. The following code blocks are sample templates.
-
Display data of the first triggered event.
- Alert name: {{ alert.alert_name }} - alert severity: {{ alert.severity }} - trigger condition: {{ alert.condition }} - Environment: {{ alert.annotations.namespace }} - Application: {{ alert.annotations.appName }} - Interface: {{ alert.annotations.resource }} - Type: {{ alert.annotations.expType }} - Matched rule: {{ alert.annotations.ruleId }} - Throttling QPS: {{alert.annotations.blockNum}} - Match time: {{ alert.annotations.time }} - Details: [[View Details]({{ alert.query_url }})] -
Display data of all triggered events.
- Alert name: {{ alert.alert_name }} - alert severity: {{ alert.severity }} - trigger condition: {{ alert.condition }} {%- for result in alert.fire_results %} - Application: {{ result.appName }} - Interface: {{ result.resource }} - Type: {{ result.expType }} - Matched rule: {{ result.ruleId }} - Throttling QPS: {{result.blockNum}} - Match time: {{ result.time }} {%- endfor %} - Details: [[View Details]({{ alert.query_url }})]
-
-