SQL database monitored (GCP) Test

Tyler Jones

Having trouble getting the GCP monitoring related tests to pass.

  • SQL database CPU monitored (GCP)
  • SQL database memory utilization monitored (GCP)
  • SQL database I/O monitored (GCP)
  • SQL database free storage space monitored (GCP)
  • Intrusion detection system notifications configured (GCP)

I have created alert policies, but am not able to get them to satisfy the test. I have attached the JSON spec of the policy below. Having the exact conditions the test is matching on would be helpful, the How to fix is not very informative. I think "alarms" is the AWS term should be "alert policy" for GCP.

SQL CPU (using metadata.system_labels.name)

{
  "name": "projects/PROJECT/alertPolicies/ID",
  "displayName": "db-DB_NAME-cpu",
  "documentation": {},
  "userLabels": {},
  "enabled": true,
  "combiner": "OR",
  "conditions": [
    {
      "name": "projects/PROJECT/alertPolicies/ID/conditions/ID",
      "displayName": "Cloud SQL Database - CPU utilization",
      "conditionThreshold": {
        "aggregations": [
          {
            "alignmentPeriod": "60s",
            "perSeriesAligner": "ALIGN_MAX"
          }
        ],
        "comparison": "COMPARISON_GT",
        "duration": "0s",
        "filter": "resource.type = \"cloudsql_database\" AND metadata.system_labels.name = \"DB_NAME\" AND metric.type = \"cloudsql.googleapis.com/database/cpu/utilization\"",
        "thresholdValue": 0.8,
        "trigger": {
          "count": 1
        }
      }
    }
  ],
  "alertStrategy": {},
  "notificationChannels": [
    "projects/PROJECT/notificationChannels/ID"
  ]
}

SQL Memory (using resource.labels.database_id)

{
"name": "projects/PROJECT/alertPolicies/ID",
"displayName": "db-DB_NAME-memory",
  "documentation": {},
  "userLabels": {},
  "enabled": true,
"combiner": "OR",
  "conditions": [
    {
    "name": "projects/PROJECT/alertPolicies/ID/conditions/ID",
      "displayName": "Cloud SQL Database - Memory utilization",
      "conditionThreshold": {
        "aggregations": [
          {
            "alignmentPeriod": "60s",
            "perSeriesAligner": "ALIGN_MAX"
          }
        ],
        "comparison": "COMPARISON_GT",
        "duration": "0s",
      "filter": "resource.type = \"cloudsql_database\" AND resource.labels.database_id = \"PROJECT:DB_NAME\" AND metric.type = \"cloudsql.googleapis.com/database/memory/utilization\"",
        "thresholdValue": 0.8,
        "trigger": {
          "count": 1
        }
      }
    }
  ],
"alertStrategy": {},
  "notificationChannels": [
  "projects/PROJECT/notificationChannels/ID"
]
}
Intrusion detection system notifications configured (GCP)
{
"name": "projects/PROJECT/alertPolicies/ID",
  "displayName": "ids-threat-high",
  "documentation": {},
  "userLabels": {},
  "conditions": [
    {
    "name": "projects/PROJECT/alertPolicies/ID/conditions/ID",
      "displayName": "IDS Threat",
      "conditionThreshold": {
        "aggregations": [
          {
            "alignmentPeriod": "60s",
            "crossSeriesReducer": "REDUCE_SUM",
            "perSeriesAligner": "ALIGN_COUNT"
          }
        ],
        "comparison": "COMPARISON_GT",
        "duration": "0s",
        "filter": "resource.type = \"ids.googleapis.com/Endpoint\" AND metric.type = \"logging.googleapis.com/user/ids/threat-high\"",
        "trigger": {
          "count": 1
        }
      }
    }
  ],
  "alertStrategy": {},
  "combiner": "OR",
  "enabled": true,
  "notificationChannels": [
  "projects/PROJECT/notificationChannels/ID"
]
}
with logging.googleapis.com/user/ids/threat-high
Type: Counter
Log scope: Project logs
Units: 1
Filter:
logName="projects/badge-main/logs/ids.googleapis.com%2Fthreat"
AND resource.type="ids.googleapis.com/Endpoint"
AND jsonPayload.alert_severity=("HIGH" OR "CRITICAL")
 

Comments

2 comments

  • Comment author
    Mani Birdy

    I seem to be having a similar issue, were you able to get a response from the support team?

     

    0
  • Comment author
    Tyler Jones

    I reached out to the support team and they were able to get it sorted out. There are some debugging interfaces they provided access to.

    0

Please sign in to leave a comment.