diff options
Diffstat (limited to 'conf.d/health.d/tcp_resets.conf')
-rw-r--r-- | conf.d/health.d/tcp_resets.conf | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/conf.d/health.d/tcp_resets.conf b/conf.d/health.d/tcp_resets.conf index 8e93c4793..daf24a1cd 100644 --- a/conf.d/health.d/tcp_resets.conf +++ b/conf.d/health.d/tcp_resets.conf @@ -5,28 +5,48 @@ calc: $now - $last_collected_t units: seconds ago every: 10s - warn: $this > (($status >= $WARNING) ? (0) : ( 5 * $update_every)) - crit: $this > (($status == $CRITICAL) ? (0) : (60 * $update_every)) + warn: $this > (($status >= $WARNING) ? ($update_every) : ( 5 * $update_every)) + crit: $this > (($status == $CRITICAL) ? ($update_every) : (60 * $update_every)) delay: up 0 down 5m multiplier 1.5 max 1h info: number of seconds since the last successful data collection to: sysadmin # ----------------------------------------------------------------------------- +# tcp resets this host sends - alarm: 1m_ipv4_tcp_resets + alarm: 1m_ipv4_tcp_resets_sent on: ipv4.tcphandshake lookup: average -1m at -10s unaligned absolute of OutRsts units: tcp resets/s every: 10s info: average TCP RESETS this host is sending, over the last minute - alarm: 10s_ipv4_tcp_resets + alarm: 10s_ipv4_tcp_resets_sent on: ipv4.tcphandshake lookup: average -10s unaligned absolute of OutRsts units: tcp resets/s every: 10s - warn: $this > ((($1m_ipv4_tcp_resets < 5)?(5):($1m_ipv4_tcp_resets)) * (($status >= $WARNING) ? (1) : (4))) + warn: $this > ((($1m_ipv4_tcp_resets_sent < 5)?(5):($1m_ipv4_tcp_resets_sent)) * (($status >= $WARNING) ? (1) : (4))) delay: up 0 down 60m multiplier 1.2 max 2h info: average TCP RESETS this host is sending, over the last 10 seconds (this can be an indication that a port scan is made, or that a service running on this host has crashed) - to: sysadmin + to: silent + +# ----------------------------------------------------------------------------- +# tcp resets this host receives + + alarm: 1m_ipv4_tcp_resets_received + on: ipv4.tcphandshake + lookup: average -1m at -10s unaligned absolute of AttemptFails + units: tcp resets/s + every: 10s + info: average TCP RESETS this host is sending, over the last minute + alarm: 10s_ipv4_tcp_resets_received + on: ipv4.tcphandshake + lookup: average -10s unaligned absolute of AttemptFails + units: tcp resets/s + every: 10s + warn: $this > ((($1m_ipv4_tcp_resets_received < 5)?(5):($1m_ipv4_tcp_resets_received)) * (($status >= $WARNING) ? (1) : (4))) + delay: up 0 down 60m multiplier 1.2 max 2h + info: average TCP RESETS this host is receiving, over the last 10 seconds (this can be an indication that a service this host needs, has crashed) + to: silent |