Our alerting mechanism just got upgraded. Logentries has supported simple real-time alerts for some time now, however they were rather simplistic and while they served a need for our users we wanted to make them even more useful. We’ve now enhanced alerting with user-configurable limitations.
So here’s how it works… With the new option It must match at least you can specify how many times the pattern MUST match in order to trigger the alert. The most common option Once triggers the alert on every occurrence. A more refined option 100x/hour specifies that the pattern must match at least 100 times in the last 60 minutes. The alert is triggered when our alert counter reaches this limit. However, note that it does not trigger again if the pattern is continually matched above the threshold: the counter must drop again below the limit, and then again over the threshold to be re-triggered. This allows us to avoid flooding you with alert reports.
Another new option Report this alert at most enables you to limit the amount of alert reports you receive. You can thus easily avoid getting flooded with reports of the same alert, while making sure you still get the most important ones.
Another interesting aspect of the user-configurable alerting is that all time specifications (last hour, last day), represent a sliding window. That means the time window specified is not fixed for the current hour or day, but instead it slides with the current time and refers to last 60 minutes or 24 hours. This is a hell of a lot more convenient than a fixed-hour/day time specification – remember attacks or errors don’t respect hour or day boundaries!
Finally, our alerts are reported immediately in real-time. And by real-time we mean a fraction of a second, not minutes – that way you are notified right away so you can take immediate action!