Alert settings in Yandex Monitoring
In this tutorial, you will learn how to track the status of trails using alerts.
To start tracking the status of trails:
If you no longer need the alerts, delete them.
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console and log in to Yandex Cloud or create an account if you do not have one yet.
- On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the
ACTIVEorTRIAL_ACTIVEstatus. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page to create or select a folder for your infrastructure to operate in.
Learn more about clouds and folders.
Create a notification channel
To get notifications about a triggered alert:
- In the management console, select the folder where you want to create a notification channel.
- Select Monitoring.
- In the left-hand panel, select Notification channels.
- In the top-right corner, click Create channel.
- Specify the channel parameters:
- In the Name field, specify
alerts-channel. - In the Method field, specify the notification method.
- In the Recipients field, list notification recipients.
- In the Name field, specify
- Click Create.
The channel will appear in the list.
Set up alerts
You can set up one or more alerts.
For more information about how to create alerts and about alert parameters, see the Yandex Monitoring documentation.
Deactivating a trail
The alert will send a notification that the trail is being deactivated.
- In the management console, select the folder where you want to create an alert.
- Select Monitoring.
- In the left-hand panel, select Alerts.
- In the top-right corner, click Create alert.
- In the Name field, specify
deactivating-trail-alert. - In the Metrics section to the right of the folder name, click and specify:
service = Audit Trailsname = trail.statusstatus != ACTIVEtrail = <trail_name>
- Under Alert parameters, specify:
- Condition:
Not equals to - Alarm:
0
- Condition:
- Under Notification channels, click Add channel and select the previously created notification channel.
- Click Create alert.
The alert is created.
Stopping delivery of audit logs to destination object
The alert will send notification that the trail has stopped uploading audit logs to its destination object, for example, due to a lack of free space in the bucket.
The Evaluation window parameter depends on the specific trail. The type and number of resources within the audit trail logging section will define the frequency for uploading audit logs to the destination object.
- In the management console, select the folder where you want to create an alert.
- Select Monitoring.
- In the left-hand panel, select Alerts.
- In the top-right corner, click Create alert.
- In the Name field, specify
stopping-logs-alert. - In the Metrics section to the right of the folder name, click and specify:
service = Audit Trailsname = trail.delivered_events_counttrail = <trail_name>
- Under Alert parameters, specify:
- Condition:
Equals to - Alarm:
0 - Evaluation window:
<trail_value>
- Condition:
- Under Notification channels, click Add channel and select the previously created notification channel.
- Click Create alert.
The alert is created.
Modifying the number of trails
The alert will send a notification that the number of trails in a cloud has changed.
- In the management console, select the folder where you want to create an alert.
- Select Monitoring.
- In the left-hand panel, select Alerts.
- In the top-right corner, click Create alert.
- In the Name field, specify
number-trails-alert. - In the Metrics section to the right of the folder name, click and specify:
service = Audit Trailsname = quota.trails_count.usage
- Under Alert parameters, specify:
- Condition:
Not equals to - Alarm:
<number_of_trails>
- Condition:
- Under Notification channels, click Add channel and select the previously created notification channel.
- Click Create alert.
The alert is created.
Nearing cloud trail quota
The alert will send a notification that the number of trails used per cloud consumed over 80% of the quota.
- In the management console, select the folder where you want to create an alert.
- Select Monitoring.
- In the left-hand panel, select Alerts.
- In the top-right corner, click Create alert.
- In the Name field, specify
trail-quota-alert. - In the Metrics section to the right of the folder name, click and specify:
service = Audit Trailsname = quota.trails_count.usage
- Under Alert parameters, specify:
- Condition:
Greater than - Alarm:
<number_amounting_to_80%_of_quota>
- Condition:
- Under Notification channels, click Add channel and select the previously created notification channel.
- Click Create alert.
The alert is created.
Unauthorized access attempts
The alert will send a notification that an unauthorized request has been sent to one of the trail resources.
- In the management console, select the folder where you want to create an alert.
- Select Monitoring.
- In the left-hand panel, select Alerts.
- In the top-right corner, click Create alert.
- In the Name field, specify
unauthorized-access-alert. - In the Metrics section to the right of the folder name, click and specify:
service = Audit Trailsname = trail.unauthorized_events_count
- Under Alert parameters, specify:
- Condition:
Greater than - Alarm:
0
- Condition:
- Under Notification channels, click Add channel and select the previously created notification channel.
- Click Create alert.
The alert is created.
How to delete the resources you created
To stop tracking the status of trails, delete the respective alert.