Set up alarms for log data using Connector Hub, Logging, and Monitoring services.
This scenario involves creating a connector and an alarm. The connector (Connector Hub) processes and moves log data from Logging to Monitoring while the alarm fires when triggered by received log data.
Required IAM Policy
If you're a member of the Administrators group, you already have the required access to execute this scenario. Otherwise, you need access to Monitoring and Notifications.
The workflow for creating the connector includes a default policy when needed to provide permission for writing to the target service. If you're new to policies, see Getting Started with Policies and Common Policies.
Setting Up This Scenario 🔗
Setup is easy in the Console. Alternatively, you can use
the Oracle Cloud Infrastructure CLI or API, which lets you execute the
individual operations yourself.
Using the Console 🔗
This section walks through creating a connector and an alarm using the Console and then updating the topic created with the alarm.
Note
Another workflow for this scenario involves creating your topic and subscriptions first, then selecting this topic when you create your alarm.
This example walks through using the Console to create a connector that filters VCN flow log from Logging for rejected traffic and then moves this log data to a new metric in Monitoring.
Open the navigation menu and select Analytics & AI. Under Messaging, select Connector Hub.
Choose the Compartment where you want to create the service
connector.
Select Create connector.
On the Create connector page, filter VCN flow log to a new metric:
Type a Connector name such as "VCN Flow Log Errors." Avoid entering confidential information.
Select the Resource compartment where you want to store the new connector.
Under Configure connector, select your source and target services to move log data to a metric:
Source: Logging
Target: Monitoring
Under Configure source connection, select your VCN flow log:
Compartment name: The compartment containing the VCN flow log data.
Log group: The log group containing the VCN flow log data.
Logs: The log object name for your VCN flow logs.
Under Log filter task, filter the log data to rejected traffic:
Property:
data.action
Operator: =
Value: REJECT
If you are interested in rejected traffic for a particular port or
address, add another filter. For example, select the property
data.destinationPort or
data.destinationAddress.
Under Configure target connection, enter the metric
namespace and metric name that you want to use for the filtered log data:
Select the Compartment where you want to store the metric data points corresponding to the VCN flow log data for rejected traffic.
This example walks through using the Console to create an alarm that sends a message when Monitoring receives metric data points corresponding to VCN flow log data for rejected traffic. During this process, you'll create a topic and an email subscription.
Open the navigation menu and select Observability & Management. Under Monitoring, select Alarm Definitions.
Select Create Alarm.
On the Create Alarm page, under Define
alarm, set up your threshold:
Metric description:
Compartment: (select the compartment specified in the
previous task, where you are storing the metric data points
corresponding to the VCN flow log data)
Metric namespace: (enter the metric namespace
that you specified in the connector)
Metric name: (enter the metric name that you
specified in the connector)
Interval: 1m
Statistic: Count
Trigger rule:
Operator: greater
than
Value: 0
Trigger delay minutes: 1
Under Notifications, Destinations, set
up an email notification:
Create an alarm that defines the error threshold and references this topic as the
destination: Open a command prompt and run the oci monitoring alarm
create command:
POST /20181201/topics
Host: notification.us-phoenix-1.oraclecloud.com
<authorization and other headers>
{
"name": "Alarm Topic",
"compartmentId": "<compartment_OCID>"
}
CreateSubscription: To this topic, add a subscription referencing
your email address.