By: Ming Zhou
Read Time: 4 min
SRE and Security teams rely heavily on alerts to know whether their systems are experiencing issues and to prevent any future outages. At LogDNA, customers can set alerts that trigger when specific logs match (presence alerts) or set an alert to go off if there are expected lines that haven’t come through (absence alerts). These alerts can be set up with various channels so you can be alerted in the product of your choice (Slack, Email, PagerDuty, etc). You can learn more about LogDNA alerts here.
As a Security Officer, you can leverage LogDNA alerts as a form of threat detection. With the right alerts set, you can be notified of unusual activity in your system. Alert Insights is a summary of alerts that have been triggered in the last week or month for you to review to ensure you haven’t missed any important alerts, such as failed logins, attempted logins, root logins, etc. If you see many attempted or failed logins, it is important to know so you can investigate.
An important aspect of alert insights is knowing the change from week to week, this is why we have provided a delta section in addition to the count of how many times an alert was triggered. The delta shows the percentage of increase or decrease activity of a specific alert so you know whether what you’re reviewing is considered ‘normal’.
We understand that teams change, credentials might get rotated, and the email or Slack channel that was set up to receive alerts may change. This will usually result in alerts that are missed because LogDNA is unable to deliver the alerts due to expired/outdated credentials.
To tackle this problem, we’ve added a section called “Failed Alerts”. We provided a summary of all alerts that have been set up, triggered, but failed to deliver. Failed Alerts could occur due to various reasons, but in general it means failure to get a response from the webhook. A few common reasons include, URLs being invalid, server not responding, webhook returned non 2xx OK code, etc. This is important because your team may be missing important alerts that are triggering but failed to make it to the channel that you wanted to be notified in. Armed with this list of “Failed Alerts”, you know exactly which ones need to be updated so your team can receive important alerts again.
Main use cases:
You can find this feature under: /manage/ingestion in the Email Digest section
Check off the boxes to receive Weekly or Monthly Email digest. That’s it! No configuration necessary, we will automatically include the Alert Insights in your email digest.
AWS has a lot of services, and they all generate logs. A lot of logs. We’ve worked hard to make sure you can capture logs...
In the olden days, we used to have to get logs by putting our agent on one machine at a time, like hitching a horse...
As an engineer who has set up logging for more than one deployment or environment, you know that you usually have one logging account per...