Monitoring Google Cloud Armor Security Policies

Google Cloud Armor exports monitoring data from security policies to Stackdriver. You can use monitoring metrics to check whether your policies are working as intended or to troubleshoot problems. For example, you can view the traffic that was blocked or allowed for each backend service. You can monitor the metrics of a single security policy (which can be applied to multiple backend services) or a single backend service.

In addition to the predefined dashboards in Stackdriver, you can create custom dashboards, set up alert policies, and query the metrics through the Stackdriver monitoring API.

On the Stackdriver monitoring dashboard, Open Incidents are drive by the alerting policies you configure. Alerts appear as incidents on the dashboard when the alert is triggered. These are general functions of Stackdriver.

For complete information on Stackdriver monitoring, see Stackdriver Monitoring Documentation.

Viewing the monitoring dashboard

  1. Go to Stackdriver in the Google Cloud Platform Console.
    Go to Stackdriver
  2. Select Resources > Network Security Policies.
  3. Click the name of your policy.

When you access the dashboard, you see overall metrics, such as per-policy breakdowns and metrics, on the right. When you click on a policy, you see details about the policy.

Defining Stackdriver alerts

You can define Stackdriver alerts over various Network Security Policy metrics:

  1. Go to Stackdriver in the Google Cloud Platform Console.
    Go to Stackdriver
  2. Select Alerting > Create a Policy.
  3. Click Add Condition and select condition type.
  4. Select metrics and filters. For metrics, the resource type is Network Security Policy.
  5. Click Save Condition.
  6. Enter a policy name in the Name this policy field and click Save Policy.

Defining Stackdriver custom dashboards

You can create custom Stackdriver dashboards over Network Security Policy metrics:

  1. Go to Stackdriver in the Google Cloud Platform Console.
    Go to Stackdriver
  2. Select Dashboards > Create Dashboard.
  3. Click Add Chart.
  4. Give the chart a title.
  5. Select metrics and filters. For metrics, the resource type is Network Security Policy.
  6. Click Save.

Metric reporting frequency and retention

Metrics for the Google Cloud Armor security policies are exported to Stackdriver in 1-minute granularity batches. Monitoring data is retained for six weeks. The dashboard provides data analysis in the following default intervals:

  • 1H (one hour)
  • 6H (six hours)
  • 1D (one day)
  • 1W (one week)
  • 6W (six weeks)

Using the controls in the upper-right hand corner of the Stackdriver monitoring page, you can manually request analysis in any interval from 6W to 1 minute.

Monitoring metrics for Google Cloud Armor security policies

The following metrics are reported on the Google Cloud Armor security policies dashboard:

Metric Description
Request count The number of requests processed by a Google Cloud Armor security policy.
Preview request count The number of requests that match preview-mode rules. Preview requests are logged, but the corresponding action is not enforced.
The preview request counts are included in the above request count metric, because all requests are expected to match a configured non-preview rule or the default rule.

Filtering dimension for Google Cloud Armor security policies

Metrics are aggregated for each Google Cloud Armor security policy. You can filter aggregated metrics by the following dimensions:

Dimension Description
backend_target_name Track requests based on the backend target (service) that the traffic was destined to.
blocked Track requests based on whether they were allowed or blocked by the Google Cloud Armor security policy rules.
¿Te ha resultado útil esta página? Enviar comentarios:

Enviar comentarios sobre...

Google Cloud Armor Documentation