Alert settings in Yandex Monitoring

In this tutorial, you will learn how to track the status of trails using alerts.

To start tracking the status of trails:

1. Get your cloud ready.
2. Create a notification channel.
3. Set up alerts.

If you no longer need the alerts, delete them.

Get your cloud readyGet your cloud ready

Sign up in Yandex Cloud and create a billing account:

1. Navigate to the management console and log in to Yandex Cloud or register a new account.
2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

Create a notification channelCreate a notification channel

To get notifications about a triggered alert:

1. In the management console, select the folder where you want to create a notification channel.
2. Select Monitoring.
3. In the left-hand panel, select Notification channels.
4. In the top-right corner, click Create channel.
5. Specify the channel parameters:
   • In the Name field, specify alerts-channel.
   • In the Method field, specify the notification method.
   • In the Recipients field, list notification recipients.
6. Click Create.

The channel will appear in the list.

Set up alertsSet up alerts

You can set up one or more alerts.

For more information about how to create alerts and about alert parameters, see the Yandex Monitoring documentation.

Deactivating a trailDeactivating a trail

The alert will send a notification that the trail is being deactivated.

1. In the management console, select the folder where you want to create an alert.
2. Select Monitoring.
3. In the left-hand panel, select Alerts.
4. In the top-right corner, click Create alert.
5. In the Name field, specify deactivating-trail-alert.
6. Under Metrics, click to the right of the folder name and specify:
   1. service = Audit Trails.
   2. name = trail.status.
   3. status != ACTIVE.
   4. trail = <trail_name>.
7. Under Alert parameters, specify:
   1. Condition: Not equals to
   2. Alarm: 0
8. Under Notification channels, click Add channel and select the previously created notification channel.
9. Click Create alert.

The alert is created.

Stopping delivery of audit logs to destination objectStopping delivery of audit logs to destination object

The alert will send notification that the trail has stopped uploading audit logs to its destination object, for example, due to a lack of free space in the bucket.

The Evaluation window parameter depends on the specific trail. The type and number of resources within the audit trail logging section will define the frequency for uploading audit logs to the destination object.

1. In the management console, select the folder where you want to create an alert.
2. Select Monitoring.
3. In the left-hand panel, select Alerts.
4. In the top-right corner, click Create alert.
5. In the Name field, specify stopping-logs-alert.
6. Under Metrics, click to the right of the folder name and specify:
   1. service = Audit Trails.
   2. name = trail.delivered_events_count.
   3. trail = <trail_name>.
7. Under Alert parameters, specify:
   1. Condition: Equals to
   2. Alarm: 0
   3. Evaluation window: <trail_value>
8. Under Notification channels, click Add channel and select the previously created notification channel.
9. Click Create alert.

The alert is created.

Modifying the number of trailsModifying the number of trails

The alert will send a notification that the number of trails in a cloud has changed.

1. In the management console, select the folder where you want to create an alert.
2. Select Monitoring.
3. In the left-hand panel, select Alerts.
4. In the top-right corner, click Create alert.
5. In the Name field, specify number-trails-alert.
6. Under Metrics, click to the right of the folder name and specify:
   1. service = Audit Trails.
   2. name = quota.trails_count.usage.
7. Under Alert parameters, specify:
   1. Condition: Not equals to
   2. Alarm: <number_of_trails>.
8. Under Notification channels, click Add channel and select the previously created notification channel.
9. Click Create alert.

The alert is created.

Nearing cloud trail quotaNearing cloud trail quota

The alert will send a notification that the number of trails used per cloud consumed over 80% of the quota.

1. In the management console, select the folder where you want to create an alert.
2. Select Monitoring.
3. In the left-hand panel, select Alerts.
4. In the top-right corner, click Create alert.
5. In the Name field, specify trail-quota-alert.
6. Under Metrics, click to the right of the folder name and specify:
   1. service = Audit Trails.
   2. name = quota.trails_count.usage.
7. Under Alert parameters, specify:
   1. Condition: Greater than
   2. Alarm: <number_equal_to_80%_of_quota>
8. Under Notification channels, click Add channel and select the previously created notification channel.
9. Click Create alert.

The alert is created.

Unauthorized access attemptsUnauthorized access attempts

The alert will send a notification that an unauthorized request has been sent to one of the trail resources.

1. In the management console, select the folder where you want to create an alert.
2. Select Monitoring.
3. In the left-hand panel, select Alerts.
4. In the top-right corner, click Create alert.
5. In the Name field, specify unauthorized-access-alert.
6. Under Metrics, click to the right of the folder name and specify:
   1. service = Audit Trails.
   2. name = trail.unauthorized_events_count.
7. Under Alert parameters, specify:
   1. Condition: Greater than
   2. Alarm: 0
8. Under Notification channels, click Add channel and select the previously created notification channel.
9. Click Create alert.

The alert is created.

How to delete the resources you createdHow to delete the resources you created

To stop tracking the status of trails, delete the respective alert.