Monitoring and logging

Network Intelligence Service

Alibaba Cloud Network Intelligence Service (NIS) is an intelligent, self-service platform that provides planning, deployment, and operations and maintenance (O&M) capabilities for your cloud networks. NIS provides reference data for network planning and helps you identify and resolve network issues.

VPN Gateway is integrated with NIS. You can use NIS to diagnose VPN Gateway instances and analyze traffic paths to ensure that your services run as expected.

Instance diagnosis

The instance diagnosis feature detects the configuration and status of a VPN Gateway instance and provides quick fixes for any detected issues. For more information about the supported diagnostic items and how to use this feature, see Diagnose a VPN Gateway instance.

Path analysis

You can use the path analysis feature to diagnose network connectivity between resources. This helps ensure that your services run as expected. For more information, see Use path analysis.

Self-service troubleshooting

The self-service troubleshooting feature helps you troubleshoot issues, such as abnormal instance statuses and access exceptions. This feature helps you understand the running status of your VPN Gateway instances and promptly identify and resolve issues.

Alibaba Cloud health status monitoring

You can check the health status of your cloud resources in real time. This lets you take appropriate action if an issue occurs. For more information, see the Alibaba Cloud Status home page.

On the Alibaba Cloud Status page, you can view the real-time status of Alibaba Cloud services in each region and subscribe to RSS feeds for service status updates.

CloudMonitor Basic

VPN Gateway is integrated with CloudMonitor Basic, which is a free service. You can use CloudMonitor Basic to monitor system events and metrics for VPN Gateway in real time. You can use this information to determine whether your VPN Gateway is running as expected. You can also set alert rules for system events and metrics. This lets you receive notifications and promptly resolve issues when the system runs abnormally.

System event monitoring

The event monitoring feature of CloudMonitor automatically collects data about cloud service faults and O&M events. It provides a unified entry point for you to query and analyze system events for various Alibaba Cloud services. This helps you understand the status of your services. After you classify resources into application groups, system events that are generated by Alibaba Cloud services are automatically associated with the resources in the groups. This helps you integrate various types of monitoring information to quickly analyze and locate faults.

CloudMonitor also provides an alert feature for events. You can configure alerts based on event severity and receive notifications by text message, email, or DingTalk. You can also set an alert callback. This ensures that you are immediately aware of critical events and can handle them promptly, which creates a closed loop for automated online O&M.

For more information about the system events that CloudMonitor can collect for VPN Gateway and how to set alert rules for these events, see Monitor system events for an IPsec-VPN connection.

Monitoring metrics

The cloud service monitoring feature of CloudMonitor automatically retrieves metric data for the cloud resources under your Alibaba Cloud account. You can view monitoring charts for each Alibaba Cloud service to understand the running status of your resources. You can also set alert rules to help you monitor the status of your resources. When an alert rule is triggered, CloudMonitor automatically sends an alert notification, which lets you stay informed about the status of your resources.

VPN Gateway provides different metrics for different resources. For more information about the metrics supported by each resource in VPN Gateway and how to set alert rules for these metrics, see the following documents:

• Monitor a VPN gateway instance

• Monitor an IPsec-VPN connection

References

• Dashboard

  You can customize monitoring dashboards to display specified metrics. For more information, see Manage charts in custom dashboards.

• Alert blacklist

  The alert blacklist feature lets you block alert notifications for a specific metric. For more information, see Manage an alert blacklist policy.

Cloud resource configuration audit

Cloud Config is a resource audit service that tracks cloud resource configuration history and performs compliance audits. It helps you monitor the compliance of your cloud resources and ensure the continuous compliance of your infrastructure.

VPN Gateway is integrated with Cloud Config, which is a free service. Cloud Config supports only some Alibaba Cloud services. Therefore, the resource list in Cloud Config contains only a subset of your resources. For more information about the VPN Gateway resource types that are supported by Cloud Config, see Supported Alibaba Cloud Services.

Cloud Config can record the operations of the current Alibaba Cloud account and all RAM users. By default, it records resource configuration changes every 10 minutes.

You can view the operation records for VPN Gateway resources in the Cloud Config console. For more information, see View the resource list.

Cloud Config delivers the configuration history and non-compliance event data of cloud resources to a specified Logstore in Simple Log Service (SLS). This lets you use SLS to query and analyze log data from a central location to ensure the continuous compliance of your VPN Gateway. For more information, see Deliver data to Simple Log Service.

VPN Gateway logs

VPN Gateway provides a logging feature for IPsec-VPN connections and SSL-VPN connections. You can use the log information to understand how these connections are established and troubleshoot related issues.

IPsec-VPN connection logs

IPsec-VPN connection logs provide detailed information about IPsec protocol negotiation, Dead Peer Detection (DPD) negotiation, and NAT traversal negotiation. You can use these logs to understand the IPsec-VPN connection deployment process.

• When you create an IPsec-VPN connection, the system automatically generates logs for the connection. You can view logs that are generated within the last 180 days. The maximum time range for a single query is 10 minutes. For more information, see View IPsec-VPN connection logs.

• If you use an IPsec server to establish IPsec-VPN connections, the system automatically generates logs after the server is created. The logs for the IPsec server are retained for the last month. The maximum time range for a single query is 10 minutes. For more information, see View IPsec server logs.

For information about how to troubleshoot issues using IPsec-VPN connection logs, see Troubleshoot IPsec-VPN connection issues.

SSL-VPN connection logs

SSL-VPN connection logs provide detailed information about SSL-VPN negotiation and client connections. You can use these logs to understand how clients establish SSL-VPN connections with the VPN gateway.

After you create an SSL server, the system automatically generates SSL-VPN connection logs. You can view the log information for both the SSL server and SSL clients. You can view logs that are generated within the last 180 days. The maximum time range for a single query is 10 minutes. For more information, see View SSL-VPN connection logs.

For information about how to troubleshoot issues using SSL-VPN connection logs, see Troubleshoot SSL-VPN connection issues.