我创建了许多符合CIS Benchmark要求的日志记录指标和警报策略,并且在进行测试时,它运行良好。但只有一段时间。现在,当我去编辑日志记录指标时,我可以看到我执行的更改已使用我拥有的过滤器显示在结果中,但是当我去Stackdriver并查看警报策略时,它什么也没捡到。据我所知,我什么都没有改变。
以下是我用来创建所有这些命令:
gcloud beta logging metrics create vpc_firewall_changes \
--description="Actions related to VPC firewall changes (CIS 2.7)" \
--log-filter="resource.type=\"gce_firewall_rule\" AND \
jsonPayload.event_subtype=\"compute.firewalls.patch\" OR \
jsonPayload.event_subtype=\"compute.firewalls.insert\""
gcloud alpha monitoring channels create \
--type=email \
--display-name="VPC Firewall Changes" \
--description="E-mail channel for alerting VPC firewall changes" \
--channel-labels=email_address=[my email]
gcloud alpha monitoring policies create \
--notification-channels=[channel uri] \
--condition-filter="resource.type=\"global\" AND metric.type=\"logging.googleapis.com/user/vpc_firewall_changes\"" \
--aggregation="{
\"alignmentPeriod\": \"60s\", \
\"crossSeriesReducer\": \"REDUCE_COUNT\", \
\"perSeriesAligner\": \"ALIGN_RATE\" \
}" \
--condition-display-name="logging/user/vpc_firewall_changes [COUNT]" \
--duration=60s \
--if="> 0.001" \
--trigger-count=1 \
--combiner=OR \
--display-name="VPC Firewall Changes Alerts" \
--documentation="You are receiving this alert because changes have been made relating to the VPC firewall rules."
有人经历过吗?