WAF is integrated with CloudMonitor. This allows you to configure alert notification rules for metrics supported by Web Application Firewall (WAF) and attack events detected by WAF in the CloudMonitor console. This topic describes how to use CloudMonitor to configure monitoring and alerting for WAF.

Prerequisites

The domain name of your website is added to WAF. For more information, see Add a domain name.

Supported metrics and attack events

For more information about the WAF-related metrics and attack events that can be monitored by CloudMonitor, see Supported monitoring types and service metrics.

Configure alert contacts

After you configure an alert contact, CloudMonitor sends notifications for the alerts that you configure to the contact. The alert contact must check the alert notifications in time and handle the alerts at the earliest opportunity.

You can log on to the CloudMonitor console to create alert contacts, create alert contact groups, and add alert contacts to alert contact groups in batches. For more information, see Create an alert contact or alert contact group.

Configure monitoring and alerting for attack events

After you configure monitoring and alerting for attack events, CloudMonitor sends alert notifications based on the rules you configure when WAF detects attacks such as web and HTTP flood attacks. The rules cover the severities of attack events and the methods to receive alert notifications. For more information about the attack events that can be monitored by CloudMonitor, see Attack events supported.

You can log on to the CloudMonitor console and create alert rules for WAF attacks. You must select WAF for the Product parameter when you create alert rules. For more information, see Create a system event-triggered alert rule.

After you configure the alert rule for attack events, the contacts in the alert rule can receive alert notifications when specific attacks are detected on the domain names added to WAF.

You can also query recent attack events detected by WAF in the CloudMonitor console. Event Monitor tab

Configure monitoring and alerting for metrics

After you configure monitoring and alerting for metrics, CloudMonitor sends alert notifications to the contacts in the alert rules that you configure. Alerts are triggered when WAF detects exceptions in the metrics of domain names that are added to WAF. The exceptions include minute-to-minute decrease in queries per second (QPS) and surges in error codes and blocked attacks. For more information about the metrics that can be monitored by CloudMonitor, see WAF service metrics supported.

You can log on to the CloudMonitor console and create alert rules for metrics. You must select WAF for the Product parameter when you create alert rules. For more information, see Create an alert rule.

After you configure the alert rule for metrics, alert notifications are sent to the specified alert group if WAF-related metrics meet the conditions described in the alert rule.

Configure monitoring and alerting for custom metrics

You can use Log Service to configure monitoring and alerting for custom metrics. For more information, see Use Log Service to configure monitoring and alerting.