|
| 1 | +# 각 도메인은 자신의 SLACK_WEBHOOK_XXX 환경변수 사용 |
| 2 | + |
| 3 | +global: |
| 4 | + resolve_timeout: 5m |
| 5 | + |
| 6 | +# 라우팅 설정 |
| 7 | +route: |
| 8 | + receiver: 'slack-auth-default' |
| 9 | + group_by: [ 'alertname', 'severity', 'domain' ] |
| 10 | + group_wait: 30s |
| 11 | + group_interval: 5m |
| 12 | + repeat_interval: 4h |
| 13 | + |
| 14 | + routes: |
| 15 | + # ==================== CRITICAL (즉시 알림) ==================== |
| 16 | + # 계정 잠금 폭증 - 공격 가능성 |
| 17 | + - match: |
| 18 | + alertname: HighAccountLockRate |
| 19 | + receiver: 'slack-security-critical' |
| 20 | + group_wait: 10s |
| 21 | + repeat_interval: 30m |
| 22 | + |
| 23 | + # 보안 위협 탐지 |
| 24 | + - match: |
| 25 | + alertname: SecurityThreatDetected |
| 26 | + receiver: 'slack-security-critical' |
| 27 | + group_wait: 10s |
| 28 | + repeat_interval: 30m |
| 29 | + |
| 30 | + # 로그인 실패 급증 - Brute Force 가능성 |
| 31 | + - match: |
| 32 | + alertname: LoginFailureSpike |
| 33 | + receiver: 'slack-security-critical' |
| 34 | + group_wait: 10s |
| 35 | + repeat_interval: 30m |
| 36 | + |
| 37 | + # ==================== WARNING ==================== |
| 38 | + # 로그인 성공률 저하 |
| 39 | + - match: |
| 40 | + alertname: LowLoginSuccessRate |
| 41 | + receiver: 'slack-auth-warning' |
| 42 | + repeat_interval: 2h |
| 43 | + |
| 44 | + # 이메일 발송 실패율 증가 |
| 45 | + - match: |
| 46 | + alertname: HighEmailFailureRate |
| 47 | + receiver: 'slack-email-warning' |
| 48 | + repeat_interval: 2h |
| 49 | + |
| 50 | + # 이메일 인증 실패 급증 |
| 51 | + - match: |
| 52 | + alertname: HighVerificationFailureRate |
| 53 | + receiver: 'slack-email-warning' |
| 54 | + repeat_interval: 2h |
| 55 | + |
| 56 | + # Rate Limit 다수 트리거 |
| 57 | + - match: |
| 58 | + alertname: RateLimitTriggered |
| 59 | + receiver: 'slack-auth-warning' |
| 60 | + repeat_interval: 1h |
| 61 | + |
| 62 | + # ==================== INFO ==================== |
| 63 | + # 회원가입/탈퇴 통계 |
| 64 | + - match: |
| 65 | + domain: member |
| 66 | + severity: info |
| 67 | + receiver: 'slack-member-info' |
| 68 | + repeat_interval: 24h |
| 69 | + |
| 70 | +# ==================== Auth 도메인 수신자 ==================== |
| 71 | +receivers: |
| 72 | + # 기본 (라우팅 안 된 알림) |
| 73 | + - name: 'slack-auth-default' |
| 74 | + slack_configs: |
| 75 | + - api_url: '${SLACK_WEBHOOK_AUTH}' |
| 76 | + channel: '#tt-auth-alerts' |
| 77 | + send_resolved: true |
| 78 | + |
| 79 | + # 보안 Critical - 즉시 대응 필요 |
| 80 | + - name: 'slack-security-critical' |
| 81 | + slack_configs: |
| 82 | + - api_url: '${SLACK_WEBHOOK_AUTH}' |
| 83 | + channel: '#tt-auth-alerts' |
| 84 | + send_resolved: true |
| 85 | + |
| 86 | + # Auth Warning - 주의 필요 |
| 87 | + - name: 'slack-auth-warning' |
| 88 | + slack_configs: |
| 89 | + - api_url: '${SLACK_WEBHOOK_AUTH}' |
| 90 | + channel: '#tt-auth-alerts' |
| 91 | + send_resolved: true |
| 92 | + |
| 93 | + # Email Warning |
| 94 | + - name: 'slack-email-warning' |
| 95 | + slack_configs: |
| 96 | + - api_url: '${SLACK_WEBHOOK_AUTH}' |
| 97 | + channel: '#tt-auth-alerts' |
| 98 | + send_resolved: true |
| 99 | + |
| 100 | + # Member 정보성 알림 (일간 리포트 등) |
| 101 | + - name: 'slack-member-info' |
| 102 | + slack_configs: |
| 103 | + - api_url: '${SLACK_WEBHOOK_AUTH}' |
| 104 | + channel: '#tt-auth-alerts' |
| 105 | + send_resolved: false |
| 106 | + |
| 107 | +# 알림 억제 규칙 |
| 108 | +inhibit_rules: |
| 109 | + # Critical 있으면 같은 alertname의 Warning 억제 |
| 110 | + - source_match: |
| 111 | + severity: 'critical' |
| 112 | + target_match: |
| 113 | + severity: 'warning' |
| 114 | + equal: [ 'alertname' ] |
| 115 | + |
| 116 | + # 전체 서비스 다운이면 개별 알림 억제 |
| 117 | + - source_match: |
| 118 | + alertname: 'ServiceDown' |
| 119 | + target_match_re: |
| 120 | + alertname: '.+' |
| 121 | + equal: [ 'instance' ] |
0 commit comments