Alert settings in Yandex Monitoring

For more information about how to create alerts and about alert parameters, see the Yandex Monitoring documentation.

Before you begin

Create a notification channel in Yandex Monitoring. For more information about creating a notification channel, see the Yandex Monitoring documentation.

Deactivating a trail

This scenario describes the parameters of an alert that sends a notification that its configured trail is being deactivated.

1. Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
2. In the Title field, enter a name for the alert.
3. Under Metrics, specify the following values:
   1. service = Audit Trails.
   2. name = trail.status.
   3. status != ACTIVE.
   4. trail = <trail name>.
4. Under Alert settings, specify the following values:
   1. Trigger condition: Not equal.
   2. Alarm: 0.
5. Under Notification channels, select a notification channel.
6. Click Create alert.

The alert is created.

Stopping delivery of audit logs to destination object

The alert will send notification that its configured trail has stopped uploading audit logs to its destination object, for example, because there is a shortage of free space in a bucket.

The "Evaluation window" parameter depends on the specific trail since the type and number of resources within the audit trail logging scope will define the frequency for uploading audit logs to the destination object.

1. Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
2. In the Title field, enter a name for the alert.
3. Under Metrics, specify the following values:
   1. service = Audit Trails.
   2. name = trail.delivered_events_count.
   3. trail = <trail name>.
4. Under Alert settings, specify the following values:
   1. Trigger condition: Equal.
   2. Alarm: 0.
   3. Evaluation window: <trail value>.
5. Under Notification channels, select a notification channel.
6. Click Create alert.

The alert is created.

Modifying the number of trails

The alert will send a notification that the number of trails in a cloud has changed.

1. Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
2. In the Title field, enter a name for the alert.
3. Under Metrics, specify the following values:
   1. service = Audit Trails.
   2. name = trail.quota_usage_count.
4. Under Alert settings, specify the following values:
   1. Trigger condition: Not equal.
   2. Alarm: <number of trails>.
5. Under Notification channels, select a notification channel.
6. Click Create alert.

The alert is created.

Nearing cloud trail quota

The alert will send a notification that the number of trails in a cloud has fallen below 80% of the quota.

1. Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
2. In the Title field, enter a name for the alert.
3. Under Metrics, specify the following values:
   1. service = Audit Trails.
   2. name = trail.quota_usage_count.
4. Under Alert settings, specify the following values:
   1. Trigger condition: Greater than.
   2. Alarm: <number equal to 80% of quota>.
5. Under Notification channels, select a notification channel.
6. Click Create alert.

The alert is created.

Unauthorized access attempts

The alert will send a notification that an unauthorized request has been sent to one of the resources that are within its audit logging scope.

1. Go to the page for creating a new alert for Yandex Monitoring in the Yandex Cloud console.
2. In the Title field, enter a name for the alert.
3. Under Metrics, specify the following values:
   1. service = Audit Trails.
   2. name = trail.unauthorized_events_count.
4. Under Alert settings, specify the following values:
   1. Trigger condition: Greater than.
   2. Alarm: 0.
5. Under Notification channels, select a notification channel.
6. Click Create alert.

The alert is created.