Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
© 2022 Yandex.Cloud LLC
Yandex Audit Trails
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Uploading audit logs to a log group
      • Organization
      • Cloud
      • Folders
    • Uploading audit logs to a data stream
      • Organization
      • Cloud
      • Folders
    • Uploading audit logs to a bucket
      • Organization
      • Cloud
      • Folders
  • Practical guidelines
    • Searching a bucket
    • Searching a log group
    • Setting up alerts in Yandex Monitoring
    • Configuring a response in Cloud Functions
  • Concepts
    • Overview
    • Trail
    • Audit log of events
    • Event reference
    • Exporting to SIEM systems
    • Quotas and limits
    • Metrics
  • Access management
  • Pricing policy
  1. Practical guidelines
  2. Setting up alerts in Yandex Monitoring

Alert settings in Yandex Monitoring

Written by
Yandex Cloud
  • Before you begin
  • Deactivating a trail
  • Stopping delivery of audit logs to destination object
  • Modifying the number of trails
  • Nearing cloud trail quota
  • Unauthorized access attempts

For more information about how to create alerts and about alert parameters, see the Yandex Monitoring documentation.

Before you begin

Create a notification channel in Yandex Monitoring. For more information about creating a notification channel, see the Yandex Monitoring documentation.

Deactivating a trail

This scenario describes the parameters of an alert that sends a notification that its configured trail is being deactivated.

  1. Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
  2. In the Title field, enter a name for the alert.
  3. Under Metrics, specify the following values:
    1. service = Audit Trails.
    2. name = trail.status.
    3. status != ACTIVE.
    4. trail = <trail name>.
  4. Under Alert settings, specify the following values:
    1. Trigger condition: Not equal.
    2. Alarm: 0.
  5. Under Notification channels, select a notification channel.
  6. Click Create alert.

The alert is created.

Stopping delivery of audit logs to destination object

The alert will send notification that its configured trail has stopped uploading audit logs to its destination object, for example, because there is a shortage of free space in a bucket.

The "Evaluation window" parameter depends on the specific trail since the type and number of resources within the audit trail logging scope will define the frequency for uploading audit logs to the destination object.

  1. Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
  2. In the Title field, enter a name for the alert.
  3. Under Metrics, specify the following values:
    1. service = Audit Trails.
    2. name = trail.delivered_events_count.
    3. trail = <trail name>.
  4. Under Alert settings, specify the following values:
    1. Trigger condition: Equal.
    2. Alarm: 0.
    3. Evaluation window: <trail value>.
  5. Under Notification channels, select a notification channel.
  6. Click Create alert.

The alert is created.

Modifying the number of trails

The alert will send a notification that the number of trails in a cloud has changed.

  1. Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
  2. In the Title field, enter a name for the alert.
  3. Under Metrics, specify the following values:
    1. service = Audit Trails.
    2. name = trail.quota_usage_count.
  4. Under Alert settings, specify the following values:
    1. Trigger condition: Not equal.
    2. Alarm: <number of trails>.
  5. Under Notification channels, select a notification channel.
  6. Click Create alert.

The alert is created.

Nearing cloud trail quota

The alert will send a notification that the number of trails in a cloud has fallen below 80% of the quota.

  1. Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
  2. In the Title field, enter a name for the alert.
  3. Under Metrics, specify the following values:
    1. service = Audit Trails.
    2. name = trail.quota_usage_count.
  4. Under Alert settings, specify the following values:
    1. Trigger condition: Greater than.
    2. Alarm: <number equal to 80% of quota>.
  5. Under Notification channels, select a notification channel.
  6. Click Create alert.

The alert is created.

Unauthorized access attempts

The alert will send a notification that an unauthorized request has been sent to one of the resources that are within its audit logging scope.

  1. Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
  2. In the Title field, enter a name for the alert.
  3. Under Metrics, specify the following values:
    1. service = Audit Trails.
    2. name = trail.unauthorized_events_count.
  4. Under Alert settings, specify the following values:
    1. Trigger condition: Greater than.
    2. Alarm: 0.
  5. Under Notification channels, select a notification channel.
  6. Click Create alert.

The alert is created.

Was the article helpful?

Language / Region
© 2022 Yandex.Cloud LLC
In this article:
  • Before you begin
  • Deactivating a trail
  • Stopping delivery of audit logs to destination object
  • Modifying the number of trails
  • Nearing cloud trail quota
  • Unauthorized access attempts