Alibaba Cloud Firewall
Collect monitoring data from Alibaba Cloud Firewall
Configuration¶
Install Func¶
It is recommended to activate Guance Integration - Extensions - DataFlux Func (Automata)
For self-deployment of Func, refer to Self-deployment of Func
Activate Script¶
Note: Please prepare the Alibaba Cloud AK that meets the requirements in advance (for simplicity, you can directly grant the global read-only permission
ReadOnlyAccess)
Automata Activation Script¶
- Log in to the Guance console
- Click the 【Integration】 menu and select 【Cloud Account Management】
- Click 【Add Cloud Account】, select 【Alibaba Cloud】, and fill in the required information on the interface. If you have already configured the cloud account information before, ignore this step
- Click 【Test】, and if the test is successful, click 【Save】. If the test fails, please check if the relevant configuration information is correct and test again
- Click 【Cloud Account Management】, and you can see the added cloud account in the list. Click the corresponding cloud account to enter the details page
- Click the 【Integration】 button on the cloud account details page, find
Alibaba Cloud Firewallunder theNot Installedlist, and click the 【Install】 button to pop up the installation interface for installation.
Manual Activation Script¶
-
Log in to the Func console, click 【Script Market】, and enter the Guance Script Market, search for:
integration_alibabacloud_cloudfw -
Click 【Install】, then enter the corresponding parameters: Alibaba Cloud AK ID, AK Secret, and account name.
-
Click 【Deploy Startup Script】, the system will automatically create the
Startupscript set and configure the corresponding startup scripts. -
After enabling, you can see the corresponding automatic trigger configuration in 「Manage / Automatic Trigger Configuration」. Click 【Execute】 to immediately execute once without waiting for the scheduled time. After a while, you can view the execution task records and corresponding logs.
Verification¶
- In 「Manage / Automatic Trigger Configuration」, confirm whether the corresponding task has the automatic trigger configuration, and check the corresponding task records and logs for any exceptions.
- In Guance, check if there is asset information in 「Infrastructure / Custom」.
- In Guance, check if there is corresponding monitoring data in 「Metrics」.
Metrics¶
Cloud Firewall¶
| MetricName | Metric Type | Metric Description | Dimensions | Statistics | Unit |
|---|---|---|---|---|---|
| InternetAclBlockByIp | Public IP | Single IP ACL Block Count | userId,assetIp | Value | count |
| InternetAclBlockByRegion | Region | Single Region ACL Block Count | userId,regionId | Value | count |
| InternetAclBlockByUser | Global | ACL Block Count | userId | Value | count |
| InternetAclBlockPerByIp | Public IP | Single IP ACL Block Percentage | userId,assetIp | Value | % |
| InternetAclBlockPerByRegion | Region | Single Region ACL Block Percentage | userId,regionId | Value | % |
| InternetAclBlockPerByUser | Global | ACL Block Percentage | userId | Value | % |
| InternetIpsBlockByIp | Public IP | Single IP IPS Block Count | userId,assetIp | Value | count |
| InternetIpsBlockByRegion | Region | Single Region IPS Block Count | userId,regionId | Value | count |
| InternetIpsBlockByUser | Global | IPS Block Count | userId | Value | count |
| InternetIpsBlockPerByIp | Public IP | Single IP IPS Block Percentage | userId,assetIp | Value | % |
| InternetIpsBlockPerByRegion | Region | Single Region IPS Block Percentage | userId,regionId | Value | % |
| InternetIpsBlockPerByUser | Global | IPS Block Percentage | userId | Value | % |
| InternetNewConnByIp | Public IP | Single IP New Connection Count | userId,assetIp | Value | count |
| InternetNewConnByRegion | Region | Single Region New Connection Count | userId,regionId | Value | count |
| InternetNewConnByUser | Global | New Connection Count | userId | Value | count |
| InternetNewConnPerByIp | Public IP | Single IP New Connection Percentage | userId,assetIp | Value | % |
| InternetNewConnPerByRegion | Region | Single Region New Connection Percentage | userId,regionId | Value | % |
| InternetNewConnPerByUser | Global | New Connection Percentage | userId | Value | % |
Cloud Firewall-NAT¶
| MetricName | Metric Type | Metric Description | Dimensions | Statistics | Unit |
|---|---|---|---|---|---|
| NatAclBlockByInstanceId | NAT Gateway | Single NAT Firewall Instance ACL Block Count | userId,cloudInstanceId | Value | count |
| NatAclBlockByRegion | Region | Single Region ACL Block Count | userId,regionId | Value | count |
| NatAclBlockByUser | Global | ACL Block Count | userId | Value | count |
| NatAclBlockPerByInstanceId | NAT Gateway | Single NAT Firewall Instance ACL Block Percentage | userId,cloudInstanceId | Value | % |
| NatAclBlockPerByRegion | Region | Single Region ACL Block Percentage | userId,regionId | Value | % |
| NatAclBlockPerByUser | Global | ACL Block Percentage | userId | Value | % |
| NatNewConnByInstanceId | NAT Gateway | Single NAT Firewall Instance New Connection Count | userId,cloudInstanceId | Value | count |
| NatNewConnByRegion | Region | Single Region New Connection Count | userId,regionId | Value | count |
| NatNewConnByUser | Global | New Connection Count | userId | Value | count |
| NatNewConnPerByInstanceId | NAT Gateway | Single NAT Firewall Instance New Connection Percentage | userId,cloudInstanceId | Value | % |
| NatNewConnPerByRegion | Region | Single Region New Connection Percentage | userId,regionId | Value | % |
| NatNewConnPerByUser | Global | New Connection Percentage | userId | Value | % |
Cloud Firewall-VPC¶
| MetricName | Metric Type | Metric Description | Dimensions | Statistics | Unit |
|---|---|---|---|---|---|
| VpcAclBlockByCen | VPC Firewall Instance | Single VPC Firewall Instance ACL Block Count | userId,firewallId | Value | count |
| VpcAclBlockByUser | Global | ACL Block Count | userId | Value | count |
| VpcAclBlockByVpcPeer | Source-Destination VPC | Source-Destination VPC ACL Block Count | userId,vpcIdPeer | Value | count |
| VpcAclBlockPerByCen | VPC Firewall Instance | Single VPC Firewall Instance ACL Block Percentage | userId,firewallId | Value | % |
| VpcAclBlockPerByUser | Global | ACL Block Percentage | userId | Value | % |
| VpcAclBlockPerByVpcPeer | Source-Destination VPC | Source-Destination VPC ACL Block Percentage | userId,vpcIdPeer | Value | % |
| VpcNewConnByCen | VPC Firewall Instance | Single VPC Firewall Instance New Connection Count | userId,firewallId | Value | % |
| VpcNewConnByUser | Global | New Connection Count | userId | Value | count |
| VpcNewConnByVpcPeer | Source-Destination VPC | Source-Destination VPC New Connection Count | userId,vpcIdPeer | Value | % |
| VpcNewConnPerByCen | VPC Firewall Instance | Single VPC Firewall Instance New Connection Percentage | userId,firewallId | Value | % |
| VpcNewConnPerByUser | Global | New Connection Percentage | userId | Value | % |
| VpcNewConnPerByVpcPeer | Source-Destination VPC | Source-Destination VPC New Connection Percentage | userId,vpcIdPeer | Value | % |