Configuring Alerts

Alerts inform you in the case of certain events, but don’t trigger any automatic action. There are two different levels at which you can configure alerts:

• you can configure alerts for events that relate to a specific application
• you can configure alerts for events that relate to the global vWAF installation

Event Destinations

Event destinations determine the channels via which vWAF notifies you in the case of an event. For example, you can configure notification by email, you can let vWAF send an HTTP POST request to certain URIs, or you can let vWAF write an entry to a special log file. You can configure any number of event destinations.

• For information on how to configure an event destination, see Editing Event Destinations.

Event Destination Groups

Event destinations are combined into event destination groups.

When adding an event source to your configuration, you have to link it with an event destination group. vWAF sends alerts to all event destinations that are part of this group.

Event destination groups are specific to the entity for which they were created:

• If an event destination group was created for an application, it’s only available when configuring this application, but it isn’t available when configuring alerts for other applications or global alerts.
• If an event destination group was created in the global alerting configuration, it’s only available here but not when configuring alerts that relate to a specific application.

For information on how to edit event destination groups, see Editing Event Destinations.

Event sources are the occasions and conditions when vWAF alerts you. The event source Cluster State Event Source for example, triggers an alert if any cluster node goes offline.

• For information on how to configure an event source, see Editing Event Sources.

Recurring alerts are only triggered when the status changes. For example, when you define the Requests Per Minute Event Source to trigger an alert if the average number of requests per minute exceeds a given limit, you get an alert when the limit is exceeded for the first time. However, you don’t get additional alerts while this state continues. You would only get a second alert if the number went below the limit again, and then beyond again.