Slack Alert Routing Policy
Owner: Anchor MSP Operations Lead Last reviewed: 2026-04-04
Purpose
Define how alerts route from Alertmanager to Slack channels. Every alert must land in a monitored channel.
Scope
All alerts from all managed systems.
Channel Structure
| Channel | Severity | Monitoring Expectation |
|---|---|---|
#alerts-critical | Critical | Monitored 24/7. Also triggers SMS. |
#alerts-high | High | Monitored during business hours and by on-call. |
#alerts-medium | Medium | Reviewed next business day. |
#alerts-low | Low | Reviewed weekly. |
Policy
- Alertmanager routes alerts by the
severitylabel to the matching Slack channel via webhook integration. - No alert routes to a general channel, a personal DM, or an unmonitored destination.
- Every managed system must have its alerts routing to these four channels before the handoff acceptance checklist is complete.
- Critical alerts post to
#alerts-criticaland trigger SMS escalation. Both must fire. - Alert messages must include: system name, alert name, severity, description, and a link to the relevant Grafana dashboard.
- Silencing an alert in Alertmanager must be logged with a reason and an expiration time. Open-ended silences are not permitted.
Exceptions
Routing a specific alert to an additional channel (e.g., a system-specific channel) is allowed as long as it also routes to the standard severity channel. The standard channel is never bypassed.