A log metric filter and alert should exist for VPC network changes

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Description

It is recommended that a metric filter and alarm be set up for Virtual Private Cloud (VPC) network changes.

Rationale

It is possible to have more than one VPC within a project. In addition, it is also possible to create a peer connection between two VPCs to enable network traffic routing between VPCs.

Monitoring changes to a VPC helps to ensure that VPC traffic flow is not getting impacted.

Impact

Enabling logging may result in your project being charged for the additional logs usage.

Remediation

From the console

Create the prescribed log metric

  1. Go to Logging/Logs-based Metrics by visiting https://console.cloud.google.com/logs/metrics and click CREATE METRIC.
  2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
  3. Clear any text and add:
   resource.type="gce_network"
   AND (protoPayload.methodName:"compute.networks.insert"
   OR protoPayload.methodName:"compute.networks.patch"
   OR protoPayload.methodName:"compute.networks.delete"
   OR protoPayload.methodName:"compute.networks.removePeering"
   OR protoPayload.methodName:"compute.networks.addPeering")
  1. Click Submit Filter. Display logs appear based on the filter text entered by the user.
  2. In the Metric Editor menu on the right, fill out the name field. Set Units to 1 (default) and Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
  3. Click Create Metric.

Create the prescribed alert policy

  1. Go to https://console.cloud.google.com/logs/metrics. Under the User-defined Metrics section, identify the newly created metric.
  2. Click the kebab icon in the rightmost column for the new metric and select Create alert from Metric.
  3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user’s organization. For example, a threshold of zero(0) for the most recent value ensures that a notification is triggered for every owner change in the project:
   Set `Aggregator` to `Count`
   Set `Configuration`:
   - Condition: above
   - Threshold: 0
   - For: most recent value
  1. Configure the desired notifications channels in the section Notifications.
  2. Name the policy and click Save.

From the command line

  1. Create the prescribed log metric using the following command:
    gcloud logging metrics create
    Reference for command usage
  2. Create the prescribed alert policy using the following command:
    gcloud alpha monitoring policies create
    Reference for command usage

References

  1. https://console.cloud.google.com/logs/metrics
  2. https://cloud.google.com/monitoring/custom-metrics/
  3. https://cloud.google.com/monitoring/alerts/
  4. https://cloud.google.com/logging/docs/reference/tools/gcloud-logging
  5. https://cloud.google.com/vpc/docs/overview
  6. https://cloud.google.com/sdk/gcloud/reference/beta/logging/metrics/create
  7. https://cloud.google.com/sdk/gcloud/reference/alpha/monitoring/policies/create