Understand the default alerting rules

Learn how default rules are working and how to fine-tune them

Terminology

If something goes wrong CloudRadar creates an event. Events can have two severities, "alert" or "warning". The term "issue" is sometimes used as a synonym for an event.

Rules and recipients

Each account comes with default rules. Rules are responsible for triggering events (alerts or warnings). So-called recipients subscribe to these events to receive them as email, slack or via some other media.

Rules for service and website checks

All TCP/UDP port checks and the ICMP Ping checks are summarized to so-called "service checks".

There is a default rule that triggers an alert if a service check or a website check has failed three times consecutively. That means you don't get bothered by some hiccups on the wire. Only if the check has failed three times you are alerted.

If you, for example, use a check interval of 60 seconds it takes approximately 180 seconds to be alerted.

You can change it to "has failed for the first time" to get alerts faster but running the risk of getting a false alert caused by connections problems.

Default rules of a new account

Common rules for service checks and website checks

An ICMP Ping check is considered as "failed" if the ping doesn't get any response within the timeout of 1 second. This timeout cannot be changed.

A TCP/UDP service check is similar to an ICMP ping but it uses a specific protocol and a given TCP or UDP port. If the port is either closed (not in listening state) or it does not respond with the expected protocol the check is considered "failed".

Base rule for the service checks and website checks

Ping specific rules

There are two more default rules just for the ICMP Ping checks.

  1. One creates a warning if the server you are pinging, responds slowly. To avoid false alerts about just one slow ping, the average of the last 5 pings is calculated.

  2. The second rule creates an alert if the ping is answered but packets have been lost. This is a reliable indicator of an unstable connection.

Both rules can be changed to thresholds that better fit your needs. Or you can disable them completely.

specific rules for ICMP Ping checks