日志管理的预定义告警
预定义告警(或默认告警)是一种基于 AppLog 搜索查询的预配置通知,在创建受支持的日志类型时自动生成。默认情况下,告警配置为每天(24 小时)的频率,阈值大于或等于零(≥0)。一旦已配置的查询在指定时间范围内违反阈值,即会触发告警。
受支持日志类型的默认告警
以下是您可以启用和自定义的三种告警类型:
- 趋势告警:当在配置的天数内出现异常峰值或下降时发送告警。
- 计数告警:当日志条目数量违反阈值时发送告警。
- 新数据检测告警:当指定时间范围内没有出现新日志条目时发送告警。
以下是受支持的日志类型列表:
ActiveMQ 日志
以下是为 ActiveMQ 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="ActiveMQ Logs" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby sourcefilename |
Akamai 日志
以下是可为 Akamai 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="Akamai Logs" and statuscode>=400 and statuscode<500 groupby url |
| New 5xx Failure Requests Detected | logtype="Akamai Logs" and statuscode>=500 and statuscode<600 groupby url |
Apache Access 日志
以下是可为 Apache Access 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Apache Slow Requests | logtype="Apache Access Logs" and status<400 groupby requesturi limit 100 |
| Apache Access Logs 500 Errors | logtype="Apache Access Logs" and status=500 | |
| Apache Access Logs 404 Errors | logtype="Apache Access Logs" and status=404 | |
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="Apache Access Logs" and status>=400 and status<500 groupby requesturi |
| New 5xx Failure Requests Detected | logtype="Apache Access Logs" and status>=500 and status<600 groupby requesturi | |
| New Requests Detected with Significant Data Sent in Response | logtype="Apache Access Logs" and responsesize>1000000 groupby requesturi | |
| 趋势告警 | 500 Errors Trend | logtype="Apache Access Logs" and status=500 groupby requesturi |
| Time Taken Trend | logtype="Apache Access Logs"avg(timetaken) groupby requesturi |
Auth0 日志
以下是为 Auth0 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Blocked IP | logtype="Auth0" and type="limit_mu" |
| Blocked Account | logtype="Auth0" and (type="limit_wc" or type="limit_sul") | |
| Breached password | logtype="Auth0" and type="pwd_leak" |
AWS API Gateway 日志
以下是为 AWS API Gateway 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Slow Requests | logtype="AWS API Gateway Logs" and status<400 groupby resourcepath limit 100 |
| Internal Server Error | logtype="AWS API Gateway Logs" and status=500 | |
| Request URI Not Found | logtype="AWS API Gateway Logs" and status=404 | |
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="AWS API Gateway Logs" and status>=400 and status<500 groupby resourcepath |
| New 5xx Failure Requests Detected | logtype="AWS API Gateway Logs" and status>=500 and status<600 groupby resourcepath |
Caddy Access 日志
以下是为 Caddy Access 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Slow Requests | logtype="Caddy Access Logs" and status<400 groupby uri limit 100 |
| Internal Server Error | logtype="Caddy Access Logs" and status=500 | |
| Request URI Not Found | logtype="Caddy Access Logs" and status=404 | |
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="Caddy Access Logs" and status>=400 and status<500 groupby uri |
| New 5xx Failure Requests Detected | logtype="Caddy Access Logs" and status>=500 and status<600 groupby uri | |
| New Requests Detected with Significant Latency | logtype="Caddy Access Logs" and latency>1000 groupby uri | |
| 趋势告警 | 500 Errors Trend | logtype="Caddy Access Logs" and status=500 groupby uri |
Caddy Error 日志
以下是为 Caddy Error 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="Caddy Error Logs" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby path |
| New 4xx Failure Requests Detected | logtype="Caddy Error Logs" and status>=400 and status<500 groupby path | |
| New 5xx Failure Requests Detected | logtype="Caddy Error Logs" and status>=500 and status<600 groupby path |
Cerberus FTP 日志
以下是为 Cerberus FTP 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | File Transfer Failed | logtype="Cerberus FTP Logs" and message contains "File transfer failed" |
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="Cerberus FTP Logs" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby clientip |
Cloud Front 日志
以下是可为 Cloud Front 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="Cloud Front Log" and statuscode>=400 and statuscode<500 groupby stemuri |
| New 5xx Failure Requests Detected | logtype="Cloud Front Log" and statuscode>=500 and statuscode<600 groupby stemuri | |
| New Requests Detected with More TimeTaken | logtype="Cloud Front Log" and timetaken>1000 groupby stemuri | |
| 趋势告警 | 500 Errors Trend | logtype="Cloud Front Log" and statuscode=500 groupby stemuri |
| Time Taken Trend | logtype="Cloud Front Log"avg(timetaken) groupby stemuri |
CodeIgniter 日志
以下是为 CodeIgniter 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Exceptions | logtype="CodeIgniter Logs" and message contains "exception" |
Django 日志
以下是为 Django 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="Django Logs" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby module |
ELB 应用日志
以下是可为 ELB 应用日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="ELB Application Log" and elbstatuscode>=400 and elbstatuscode<500 groupby request |
| New 5xx Failure Requests Detected | logtype="ELB Application Log" and elbstatuscode>=500 and elbstatuscode<600 groupby request | |
| New Requests Detected with Significant Data Sent in Response | logtype="ELB Application Log" and bytessent>1000000 groupby request |
ELB Classic 日志
以下是可为 ELB Classic 配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="ELB Classic Log" and elbstatuscode>=400 and elbstatuscode<=500 groupby request |
| New Requests Detected with Significant Data Sent in Response | logtype="ELB Classic Log" and bytessent>1000000 groupby request |
ELB Network 日志
以下是为 ELB Network 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Requests Detected with Significant Data Sent in Response | logtype="ELB Network Log" and bytessent>1000000 groupby clienthost |
Fail2Ban 日志
以下是为 Fail2Ban 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Top Banned IPs | logtype="Fail2Ban Logs" and actiontaken="Ban" groupby machineip |
Fastly 日志
以下是可为 Fastly 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="Fastly Logs" and statuscode>=400 and statuscode<500 groupby url |
| New 5xx Failure Requests Detected | logtype="Fastly Logs" and statuscode>=500 and statuscode<600 groupby url | |
| New Requests Detected with Significant Data Sent in Response | logtype="Fastly Logs" and response_body_size>1000000 groupby url |
GCP Kubernetes 节点日志
以下是为 GCP Kubernetes 节点日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Nodes Contain Failure | logtype="GCP Kubernetes Node Log" and (message CONTAINS "delete" or message CONTAINS "killing") groupby resource_labels_node_name |
Gitlab Runner 日志
以下是可为 Gitlab Runner 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Deployments Contain Failure | logtype="Gitlab Runner Logs" and (deploymentstatus="failed") groupby projectname |
| New Builds Contain Failure | logtype="Gitlab Runner Logs" and (status="failed") groupby buildname |
Gunicorn 日志
以下是可为 Gunicorn 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Gunicorn Access Logs 500 Errors | logtype="Gunicorn Logs" and status=500 |
| Gunicorn Access Logs 404 Errors | logtype="Gunicorn Logs" and status=404 | |
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="Gunicorn Logs" and status>=400 and status<500 groupby requesturi |
| New 5xx Failure Requests Detected | logtype="Gunicorn Logs" and status>=500 and status<600 groupby requesturi | |
| New Requests Detected with Significant Data Sent in Response | logtype="Gunicorn Logs" and bytessent>1000000 groupby requesturi | |
| New Error Logs Contain Traceback or Exceptions | logtype="Gunicorn Logs" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby remoteaddress | |
| 趋势告警 | 500 Errors Trend | logtype="Gunicorn Logs" and status=500 groupby requesturi |
HAProxy 日志
以下是可为 HAProxy 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="HAProxy Logs" and status>=400 and status<500 groupby requesturi |
| New 5xx Failure Requests Detected | logtype="HAProxy Logs" and status>=500 and status<600 groupby requesturi | |
| New Requests Detected with More TimeTaken | logtype="HAProxy Logs" and timetaken>1000 groupby requesturi | |
| 趋势告警 | 500 Errors Trend | logtype="HAProxy Logs" and status=500 groupby requesturi |
| Time Taken Trend | logtype="HAProxy Logs"avg(timetaken) groupby requesturi |
Heroku 日志
以下是可为 Heroku 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Slow Requests | logtype="Heroku Logs" and message_statuscode<400 groupby message_path limit 100 |
| Internal Server Error | logtype="Heroku Logs" and message_statuscode=500 | |
| Request URI Not Found | logtype="Heroku Logs" and message_statuscode=404 | |
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="Heroku Logs" and message_statuscode>=400 and message_statuscode<=500 groupby message_path |
IIS Access 日志
以下是可为 IIS Access 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | IIS Slow Requests | logtype="IIS Access Logs" and statuscode<400 avg(timetaken) groupby stemuri limit 100 |
| IIS Access Logs 500 Errors | logtype="IIS Access Logs" and statuscode=500 | |
| Time Taken Trend | logtype="IIS Access Logs" and statuscode=404 | |
| 趋势告警 | 500 Errors Trend | logtype="IIS Access Logs" and statuscode=500 groupby stemuri |
| Time Taken Trend | logtype="IIS Access Logs"avg(timetaken) groupby stemuri | |
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="IIS Access Logs" and statuscode>=400 and statuscode<500 groupby stemuri |
| New 5xx Failure Requests Detected | logtype="IIS Access Logs" and statuscode>=500 and statuscode<600 groupby stemuri | |
| New Requests Detected with More TimeTaken | logtype="IIS Access Logs" and timetaken>1000 groupby stemuri |
IIS HTTP Error 日志
以下是可为 IIS HTTP Error 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="IIS HTTP Error Logs" and statuscode>=400 and statuscode<500 groupby requesturi |
| New 5xx Failure Requests Detected | logtype="IIS HTTP Error Logs" and statuscode>=500 and statuscode<600 groupby requesturi | |
| 趋势告警 | 500 Errors Trend | logtype="IIS HTTP Error Logs" and statuscode=500 groupby requesturi |
Java 日志
以下是为 Java 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="Java Log" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby classname |
Jenkins 应用日志
以下是为 Jenkins 应用日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="Jenkins Application Logs" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby classname |
Kafka 日志
以下是为 Kafka 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="Kafka Logs" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby sourcefilename |
Kiwi Syslogs
以下是为 Kiwi Syslogs 配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="Kiwi SysLogs" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby host |
Kong API Gateway 日志
以下是可为 Kong API Gateway 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Internal Server Error | logtype="Kong API Gateway Logs" and statuscode=500 |
| Request URI Not Found | logtype="Kong API Gateway Logs" and statuscode=404 |
Kubernetes 审计日志
以下是可为 Kubernetes 审计日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="Kubernetes Audit Logs" and responsestatus_code>=400 and responsestatus_code<500 groupby requesturi |
| New 5xx Failure Requests Detected | logtype="Kubernetes Audit Logs" and responsestatus_code>=500 and responsestatus_code<600 groupby requesturi |
Laravel 日志
以下是为 Laravel 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Exceptions | logtype="Laravel Logs" and message contains "exception" |
Log4J 日志
以下是为 Log4J 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="Log4J" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby sourcefilename |
Log4Net 日志
以下是为 Log4Net 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="Log4Net" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby sourcefilename |
LogBack 日志
以下是为 LogBack 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="LogBack" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby sourcefilename |
Magento 日志
以下是为 Magento 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Security Problems | logtype="Magento Logs" and message contains "Security problem" |
Nginx 日志
以下是可为 Nginx 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Nginx Access Logs 500 Errors | logtype="Nginx Logs" and status=500 |
| Nginx Access Logs 404 Errors | logtype="Nginx Logs" and status=404 | |
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="Nginx Logs" and status>=400 and status<500 groupby requesturi |
| New 5xx Failure Requests Detected | logtype="Nginx Logs" and status>=500 and status<600 groupby requesturi | |
| New Requests Detected with Significant Data Sent in Response | logtype="Nginx Logs" and bytessent>1000000 groupby requesturi | |
| 趋势告警 | 500 Errors Trend | logtype="Nginx Logs" and status=500 groupby requesturi |
NLogs
以下是为 NLogs 配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="NLog" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby sourcefilename |
OneLogin 日志
以下是可为 OneLogin 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Login Failures | logtype="OneLogin Logs" and event_type_id in (6,9,77,154,901,905,906) groupby event_type_id |
| App User Limit Reached | logtype="OneLogin Logs" and event_type_id=20 count |
Opsgenie 日志
以下是可为 Opsgenie 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Escalation Alert | logtype="Opsgenie Logs" and action="Escalate" |
| P1 Incident Alert | logtype="Opsgenie Logs" and priority="P1" |
PagerDuty 日志
以下是可为 PagerDuty 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Escalation Alert | logtype="PagerDuty Logs" and eventtype="incident.escalated" |
| P1 Incident Alert | logtype="PagerDuty Logs" and priority="P1" |
PHP-FPM Slow 日志
以下是为 PHP-FPM Slow 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="PHP-FPM Slow Logs" and (backtrace CONTAINS "traceback" or backtrace CONTAINS "exception" or backtrace CONTAINS "error") groupby scriptfilename |
PostgreSQL 日志
以下是为 PostgreSQL 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="PostgreSql Logs" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby host |
Puppet Server Access 日志
以下是可为 Puppet Server Access 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="Puppet Server Access Logs" and status>=400 and status<500 groupby requesturi |
| New 5xx Failure Requests Detected | logtype="Puppet Server Access Logs" and status>=500 and status<600 groupby requesturi | |
| New Requests Detected with More TimeTaken | logtype="Puppet Server Access Logs" and timetaken>1000 groupby remoteip | |
| 趋势告警 | 500 Errors Trend | logtype="Puppet Server Access Logs" and status=500 groupby requesturi |
| Time Taken Trend | logtype="Puppet Server Access Logs"avg(timetaken) groupby requesturi |
RubyOnRails 日志
以下是为 RubyOnRails 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Exceptions | logtype="RubyOnRails" and message contains "exception" |
Squid Proxy 日志
以下是可为 Squid Proxy 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | IIS Slow Requests | logtype="Squid Proxy Logs"groupby url limit 100 |
| Requests Denied | logtype="Squid Proxy Logs" and code contains"DENIED" | |
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="Squid Proxy Logs" and status>=400 and status<500 groupby url |
| New 5xx Failure Requests Detected | logtype="Squid Proxy Logs" and status>=500 and status<600 groupby url | |
| New Requests Detected with Significant Data Sent in Response | logtype="Squid Proxy Logs" and bytessent>1000000 groupby url |
Syslogs
以下是为 Syslogs 配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Failed SSH Login | logtype="SysLog" and application="sshd" and (message CONTAINS "Failed" or message CONTAINS "Invalid user") |
Tomcat Access 日志
以下是可为 Tomcat Access 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="Tomcat Access Logs" and status>=400 and status<500 groupby requesturi |
| New 5xx Failure Requests Detected | logtype="Tomcat Access Logs" and status>=500 and status<600 groupby requesturi | |
| New Requests Detected with Significant Data Sent in Response | logtype="Tomcat Access Logs" and bytessent>1000000 groupby requesturi | |
| 趋势告警 | 500 Errors Trend | logtype="Tomcat Access Logs" and status=500 groupby requesturi |
Varnish 日志
以下是为 Varnish 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Internal Server Error | logtype="Varnish Log" and status=500 |
| Request URI Not Found | logtype="Varnish Log" and status=404 | |
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="Varnish Log" and status>=400 and status<500 groupby requesturi |
| New 5xx Failure Requests Detected | logtype="Varnish Log" and status>=500 and status<600 groupby requesturi | |
| New Requests Detected with Significant Data Sent in Response | logtype="Varnish Log" and bytessent>1000000 groupby requesturi | |
| 趋势告警 | 500 Errors Trend | logtype="Varnish Log" and status=500 groupby requesturi |
VPC Flow 日志
以下是为 VPC Flow 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Requests Detected with Significant Data Sent in Response | logtype="VPC Flow Log" and bytes>1000000 groupby srcaddr |
WebLogic 日志
以下是可为 WebLogic 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Internal Server Error | logtype="WebLogic Log" and status=500 |
| Request URI Not Found | logtype="WebLogic Log" and status=404 | |
| 新数据检测告警 | New 4xx Failure Requests Detected | logtype="WebLogic Log" and status>=400 and status<500 groupby url |
| New 5xx Failure Requests Detected | logtype="WebLogic Log" and status>=500 and status<600 groupby url | |
| New Requests Detected with Significant Data Sent in Response | logtype="WebLogic Log" and bytes>1000000 groupby url |
WebSphere 日志
以下是为 WebSphere 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="WebSphere" (message CONTAINS "traceback" or message CONTAINS "exception") groupby classname |
Wildfly 日志
以下是为 Wildfly 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 新数据检测告警 | New Error Logs Contain Traceback or Exceptions | logtype="Wildfly Logs" and (message CONTAINS "traceback" or message CONTAINS "exception") groupby classname |
Windows 事件日志
以下是可为 Windows 事件日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Audit Logs Cleared | logtype="Windows Event Log" and level CONTAINS "Information" and message contains "The audit log was cleared" |
| Unsuccessful Login Attempts | logtype="Windows Event Log" and source CONTAINS "Microsoft-Windows-Security-Auditing" and (eventid=529 or eventid=4625) | |
| Audit Policy Changed | logtype="Windows Event Log" and source CONTAINS "Microsoft-Windows-Security-Auditing" and (eventid=612 or eventid=4719) | |
| Successful Password Resets | logtype="Windows Event Log" and source CONTAINS "Microsoft-Windows-Security-Auditing" and (eventid=628 or eventid=4724) | |
| System Resources Exhausted | logtype="Windows Event Log" and source CONTAINS "Microsoft-Windows-Security-Auditing" and (eventid=516 or eventid=4612) | |
| Account Database Change | logtype="Windows Event Log" and eventid=640 | |
| User Account Disabled | logtype="Windows Event Log" and source CONTAINS "Microsoft-Windows-Security-Auditing" and (eventid=629 or eventid=4725) | |
| Domain Policy Change | logtype="Windows Event Log" and source CONTAINS "Microsoft-Windows-Security-Auditing" and (eventid=643 or eventid=4739) | |
| Computer Account Deleted | logtype="Windows Event Log" and source CONTAINS "Microsoft-Windows-Security-Auditing" and (eventid=647 or eventid=4743) | |
| 计数告警 | Insufficient Memory Available | logtype="Windows Event Log" and source CONTAINS "MSSQLSERVER" and eventid=17052 |
| Replacing System File Attempted | logtype="Windows Event Log" and eventid=64001 and source="Windows File Protection" | |
| Bad Disk Sector Detected | logtype="Windows Event Log" and eventid=7 and source="Disk" | |
| Application Uninstalled | logtype="Windows Event Log" and eventid=11724 and source="MsiInstaller" | |
| Chassis Intrusion Detected | logtype="Windows Event Log" and eventid=1 and source="OMCI" | |
| Unexpected Shutdown | logtype="Windows Event Log" and (eventid=6008 or eventid=41) |
Zoom Events 日志
以下是可为 Zoom Events 日志配置的预定义告警:
| 告警类型 | 告警名称 | 告警查询 |
|---|---|---|
| 计数告警 | Meeting Issues | logtype="Zoom Events" and event="meeting.alert" |
| Webinars Issues | logtype="Zoom Events" and event="webinar.alert" | |
| Room Alerts | logtype="Zoom Events" and event="zoomroom.alert" |
许可证
由于这些告警是系统自动生成的,默认情况下不消耗任何许可证。但是,如果将检查频率设置为少于一天,这些告警将受许可证约束,每个告警的权重为 0.1,即 10 个搜索查询计为一个基础监视器。创建受支持的日志类型时,Site24x7 会自动生成相应的预定义告警并设置 AppLog 监视器,而不会消耗许可证。