You can use CloudMonitor to configure monitoring and alerting for website services. This topic describes the site metrics, attack event types, and Web Application Firewall (WAF) service metrics that are supported by CloudMonitor.
Background information
CloudMonitor is a service that monitors Internet applications and Alibaba Cloud resources. CloudMonitor sends you notifications when alerts are triggered. You can configure alert rules. CloudMonitor sends alert notifications to specific contacts by using email or by using the alert callback feature when CloudMonitor detects system events. This way, you can be notified of critical events in real time after they are generated and can handle the events in an automated online O&M process.
Site metrics supported
CloudMonitor can simulate the detection requests of real users, monitor access to your service sites from all cities and provinces in China, and detect exceptions in real time.
Metric | Level | Description | Configuration method |
---|---|---|---|
Elastic Compute Service (ECS) performance monitoring | Major | Monitor the CPU utilization, memory usage, disk space usage, and bandwidth usage of ECS instances. | Configure alerts for an ECS instance |
Server Load Balancer (SLB) performance monitoring | Major | Monitor the number of connections, bandwidth usage, and packets per second (PPS) of SLB instances. | Configure alert rules for SLB instances |
Object Storage Service (OSS) sandbox status monitoring | Major | Monitor the OSS sandbox to view the status of the OSS service. | Overview |
HTTP/HTTPS | Major | Send HTTP or HTTPS requests to a specific URL or IP address to monitor the URL or IP address. |
Site monitoring is provided by CloudMonitor. The site monitoring feature does not involve WAF-related operations. You need only to log on to the CloudMonitor console by using your Alibaba Cloud account and perform the following operations: |
PING | Major | Run Internet Control Message Protocol (ICMP) ping command for a specific URL or IP address to monitor the URL or IP address. | |
TCP | Major | Send Transmission Control Protocol (TCP) requests to a specific port to monitor the port. | |
UDP | Optional | Sends User Datagram Protocol (UDP) requests to a specific port to monitor the port. | |
DNS | Optional | Send domain name system (DNS) requests to a specific domain to monitor the domain name. | |
POP3 | Optional | Send Post Office Protocol version 3 (POP3) requests to a specific URL or IP address to monitor the URL or IP address. | |
SMTP | Optional | Send Simple Mail Transfer Protocol (SMTP) requests to a specific URL or IP address to monitor the URL or IP address. | |
FTP | Optional | Send File Transfer Protocol (FTP) requests to a specific URL or IP address to monitor the URL or IP address. |
Attack events supported
The following table lists the supported attack events.
Event name | Description | Type | Status value | Event level |
---|---|---|---|---|
waf_event_aclattack | An access control event occurred. | acl | start and end | CRITICAL |
waf_event_ccattack | An HTTP flood attack occurred. | cc | start and end | CRITICAL |
waf_event_webattack | A web attack occurred. | web | start and end | CRITICAL |
waf_event_webscan | A web scan attack occurred. | webscan | start and end | CRITICAL |
WAF service metrics supported
The following table lists the supported service metrics.
Metric | Dimension | Unit | Description | Remarks |
---|---|---|---|---|
4XX_ratio | Domain name | % | The percentage of the HTTP 4xx status codes per minute (405 excluded). | The value is displayed as a decimal number. |
5XX_ratio | Domain name | % | The percentage of the HTTP 5xx status codes per minute. | The value is displayed as a decimal number. |
acl_blocks_5m | Domain name | Pieces (PCS) | The number of requests blocked by access control within the last five minutes. | None. |
acl_rate_5m | Domain name | % | The percentage of requests blocked by access control within the last five minutes. | The value is displayed as a decimal number. |
cc_blocks_5m | Domain name | PCS | The number of requests blocked by HTTP flood protection within the last five minutes. | None. |
cc_rate_5m | Domain name | % | The percentage of requests blocked by HTTP flood protection within the last five minutes. | The value is displayed as a decimal number. |
waf_blocks_5m | Domain name | PCS | The number of requests blocked by web intrusion prevention within the last five minutes. | None. |
waf_rate_5m | Domain name | % | The percentage of requests blocked by web attack protection within the last five minutes. | The value is displayed as a decimal number. |
QPS | Domain name | The queries per second. | None. | |
qps_ratio | Domain name | % | The minute-on-minute growth rate of QPS. | The value is displayed in percentage. |
qps_ratio_down | Domain name | % | The minute-on-minute decrease rate of QPS. | The value is displayed in percentage. |