HW3 Question 1

# HW3 Question 1 1. Monitor / Logging - 針對vm-pa-1 設定CPU Alert - 當三分鐘內的CPU 平均超過80% 觸發告警 - 通知和名稱選擇要通知的相關人員的電子郵件 - 設定郵件預設內容(Documentation) - Application Load Balancer 設定RPS Alert - 一分鐘內的RPS(Rate)超過50次觸發告警 - 要把所有的url_map_name 都加總 - 通知和名稱選擇要通知的相關人員的電子郵件 - 設定郵件預設內容(Documentation) - MIG 設定Email Alert - 建立MIG Policy 快訊 - 針對Instance group size 做監控警告，其它設定預設 - 設定觸發條件高於門檻，門檻值為5 ，其它設定預設 - 通知和名稱選擇要通知的相關人員的電子郵件 - 設定郵件預設內容(Documentation) - 如何查詢Cloud Armor 的Deny Log - 在記錄中搜尋欄位輸入 jsonPayload.enforcedSecurityPolicy.outcome="DENY" 查詢拒絕請求記錄 - 時間欄位可調整至記錄的發生時間點 - 如何查詢OS Login 的Log - 在記錄中搜尋欄位輸入 protoPayload.serviceName="oslogin.googleapis.com" - 時間欄位可調整至記錄的發生時間點 ### steps 1. 針對vm-pa-1 設定CPU Alert - 前置作業：vm-pa-1 要裝 ops-agent，可以用按的呢！！ install ops agent 給他點下去！！ ![image](https://hackmd.io/_uploads/H1YWR49OT.png) - 路徑：monitoring > alert > create policy - alerts condition: - select a metric: cpu utilization - add filters: name=vp-pa-1 - transform data: custom 3 mins mean ![image](https://hackmd.io/_uploads/B10mo4qOa.png) - configure alert trigger: threshold 80% ![image](https://hackmd.io/_uploads/BJo0jNqu6.png) - alerts details: - 新增 notification channel: email ![image](https://hackmd.io/_uploads/r1W2O45_T.png) - Notification subject line: Caution!! CPU utilization for vm-pa-1 is over 80% - Policy Severity Level: warning - Documentation: 自己隨意寫一些內文啦XD ex: The CPU usage of vm-pa-1 has exceeded 80% for three consecutive minutes. Please check the VM to determine the cause of the high CPU usage. - Name the alert policy: CPU Alert for vm-pa-1 - 來看一下 review alert 囉！ (因為安裝 ops agent 所以突然 cpu 飆很高後來就低了！) ![image](https://hackmd.io/_uploads/HkDAbS9u6.png) - 信長得像這樣 ![image](https://hackmd.io/_uploads/H11bXrq_6.png) - 也可以點進去創建的 aler 看 incidents ![image](https://hackmd.io/_uploads/By5DXS5ua.png) 2. Application Load Balancer 設定RPS Alert - 路徑：monitoring > alert > create policy - alert condition: - select a metric: Global External Application Load Balancer Rule/https/Request count - add filter: project_id=esun-user10-pa-1211 - transform data: 1 min, mean - across time series: sum, url_map_name ![image](https://hackmd.io/_uploads/rkltgO0_T.png) - configure alert trigger: threshold value -> 50 - alert details - Notification subject line: Caution!! RPS rates for load-balancer is over 50 - Policy Severity Level: warning - Documentation: The RPS of all url_map_name has exceeded 50 for one minute.Please check the load balancer to determine the cause of the high RPS. - Name the alert policy: RPS Alert for load-balancer - review alert: ![image](https://hackmd.io/_uploads/Hku7FH9Oa.png) 3. MIG 設定Email Alert - 路徑：compute engine > instance groups > mig-vm-pa-1 > monitoring > create alerting policy 很方便的做法！會自動帶入 filter 條件！metric 也自動選好了 instance group size! ![image](https://hackmd.io/_uploads/Hyl7bRScda.png) - alert conditions: - 讚讚的前面幾乎都帶好了，只要去 configure trigger 設定 threshold = 5 - alert details - Notification subject line: Caution!! instance-group-size for mig-vm-pa-1 is over 5 - Policy Severity Level: warning - Documentation: The instance group size for mig-vm-pa-1 has exceeded the threshold of 5. Please check the mig-vm-pa-1 to determine the cause of the high group size. - Name the alert policy: instance-group-size Alert for mig-vm-pa-1 - review alert: ![image](https://hackmd.io/_uploads/HkFkbUcuT.png) 4. 如何查詢 Cloud Armor 的 Deny Log - logs explorer query 輸入：jsonPayload.enforcedSecurityPolicy.outcome=“DENY” ![image](https://hackmd.io/_uploads/S1LTML5d6.png) - 也可以用這種方法找到log，路徑：network security > cloud armor > cloud armor policies > ib-policy > logs ![image](https://hackmd.io/_uploads/B1bfzU9_a.png) - 拒絕請求記錄 ![image](https://hackmd.io/_uploads/Sym9QLqu6.png) 5. 如何查詢OS Login 的Log - logs explorer query 輸入: protoPayload.serviceName="oslogin.googleapis.com" (我把時間拉大概 12/29 左右) ![image](https://hackmd.io/_uploads/B1JQII9_6.png) - log 裡的內容： ![image](https://hackmd.io/_uploads/r1FHw85O6.png)