Alert settings in Yandex Monitoring
For more information about how to create alerts and about alert parameters, see the Yandex Monitoring documentation.
Before you begin
Create a notification channel in Yandex Monitoring. For more information about creating a notification channel, see the Yandex Monitoring documentation.
Deactivating a trail
This scenario describes the parameters of an alert that sends a notification that its configured trail is being deactivated.
- Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
- In the Title field, enter a name for the alert.
- Under Metrics, specify the following values:
service = Audit Trails
.name = trail.status
.status != ACTIVE
.trail = <trail name>
.
- Under Alert settings, specify the following values:
- Trigger condition:
Not equal
. - Alarm:
0
.
- Trigger condition:
- Under Notification channels, select a notification channel.
- Click Create alert.
The alert is created.
Stopping delivery of audit logs to destination object
The alert will send notification that its configured trail has stopped uploading audit logs to its destination object, for example, because there is a shortage of free space in a bucket.
The "Evaluation window" parameter depends on the specific trail since the type and number of resources within the audit trail logging scope will define the frequency for uploading audit logs to the destination object.
- Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
- In the Title field, enter a name for the alert.
- Under Metrics, specify the following values:
service = Audit Trails
.name = trail.delivered_events_count
.trail = <trail name>
.
- Under Alert settings, specify the following values:
- Trigger condition:
Equal
. - Alarm:
0
. - Evaluation window:
<trail value>
.
- Trigger condition:
- Under Notification channels, select a notification channel.
- Click Create alert.
The alert is created.
Modifying the number of trails
The alert will send a notification that the number of trails in a cloud has changed.
- Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
- In the Title field, enter a name for the alert.
- Under Metrics, specify the following values:
service = Audit Trails
.name = trail.quota_usage_count
.
- Under Alert settings, specify the following values:
- Trigger condition:
Not equal
. - Alarm:
<number of trails>
.
- Trigger condition:
- Under Notification channels, select a notification channel.
- Click Create alert.
The alert is created.
Nearing cloud trail quota
The alert will send a notification that the number of trails in a cloud has fallen below 80% of the quota.
- Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
- In the Title field, enter a name for the alert.
- Under Metrics, specify the following values:
service = Audit Trails
.name = trail.quota_usage_count
.
- Under Alert settings, specify the following values:
- Trigger condition:
Greater than
. - Alarm:
<number equal to 80% of quota>
.
- Trigger condition:
- Under Notification channels, select a notification channel.
- Click Create alert.
The alert is created.
Unauthorized access attempts
The alert will send a notification that an unauthorized request has been sent to one of the resources that are within its audit logging scope.
- Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
- In the Title field, enter a name for the alert.
- Under Metrics, specify the following values:
service = Audit Trails
.name = trail.unauthorized_events_count
.
- Under Alert settings, specify the following values:
- Trigger condition:
Greater than
. - Alarm:
0
.
- Trigger condition:
- Under Notification channels, select a notification channel.
- Click Create alert.
The alert is created.