Introduction
Log-based alerts is a facility available in google cloud using which the user can be notified whenever a specific message appears in the included logs. For example, if a user wishes to know when an audit log records some particular data-access message, the user can simply create a log-based alert that will notify the user when a match with the message appears. Log-based alerts aren't a good fit always like they don't operate on excluded logs, or they can be used to derive counts from your logs.
Creating a log-based alert(Log Explorer)
Log-based alerts can be created from the Logs Explorer page in the Google Cloud console. The interface guides the user to set up some essential details, which are:
Give a name and description for the alert.
- Select the logs for which the user wants to receive notifications.
- Set the time interval between the notifications
- Set up a time for automatic closure of incidents
Steps
- Select Logging, then Logs Explorer from the Google Cloud console.
- Build a query which will match the message you want to use in your log-based alert using the Query pane.
- Click on Create alert option, which will either be in the header of the Query results pane or in the actions menu.
- Give a name and description of the alert in the alert details pane. The user can also include information that might help the notification recipient diagnose the problem.
- Click on next.
- The user can check the query as well as the results by clicking on the Preview Logs option available in the Choose logs to include in the alert pane.
- Click on Next
- The user can set up a minimum time between notifications of the alert is triggered multiple times.
- Click on Next
- Choose either one or more notification channels for the alert, if an email notification channel is configured, then the user can select it from the list, if not, then the user can click on Manage notification channels and add an email channel.
- Click save
Test the log-based alert
- If the user wants to test the log-based alert, the user needs to manually write a log entry that matches the query. Follow the below steps to write a log entry:
- Configure the log entry below by changing the Project_id variable to your project ID.
{
"entries": [
{
"logName": "projects/Project_id/logs/syslog",
"jsonPayload": {
"type": "Configuration change",
"action": "Set network address",
"result": "999.027.405.1",
},
"severity": "NOTICE",
"resource": {
"type": "generic_task",
"labels" : {
"project_id": "Project_id",
"location": "us-east1",
"namespace": "fake-task-2",
"job": "write-log-entry",
"task_id": "11",
},
},
],
}
- Click on the logEntries.write reference page
- Copy the above log entry
-
Do the following in the Try this API:
- Clear the contents of the Request body field in APIs Explorer and place the above log entry here.
- Click on Execute if the logEntries.write call is successful, then you will get an HTTP response code of 200 with an empty response body.
Once the log entry is written, the following sequence occurs:
- The Log explorer now has the new log entry. It also triggers the alert.
- An incident is opened in Cloud Monitoring.
- The user will receive a notification for the Incident, and if an email notification channel is configured, then an email is also sent.