Denied Requests Per Minute Event Source
Purpose
Triggers an alert both when the number of denied requests per second on a cluster node exceeds the given upper limit, and when it later goes below the given lower limit.
ATTENTION
The limit must be exceeded for some time before vWAF triggers the alert (hysteresis characteristics). Therefore, there are no alerts for individual minutes where the number of denied requests is high just by coincidence.Requests Per Minute Event Source is a corresponding event (all requests). Denied Requests Per IP Per Severity Per Timeframe Per App. Ev. Source is a corresponding event (denied requests from a given IP).
For more information regarding adding and editing Event Sources, see Editing Event Sources.
Attributes
Attribute | Meaning |
---|---|
upper limit |
vWAF triggers an alert if for some time there's an average of more denied requests per minute on any cluster node than stated here. |
lower limit |
If an alert has been triggered for a cluster node, vWAF doesn't trigger any additional alerts for the same node until the average of denied requests per minute for this node goes below the limit stated here. When the number of denied requests has fallen below this limit for some time, there's a second alert. |
msg prefix |
Here you can enter some text, which is added to the beginning of the issued alerts when the upper limit is exceeded. The default text here is "Denied requests per minute on the following nodes are over the configured limit:". |
msg under prefix |
Here you can enter some text, which is added to the beginning of the issued alerts when the lower limit is reached again. The default text is "Denied requests per minute on the following nodes are under the configured limit:". |