diff options
Diffstat (limited to 'health/health.d/tcp_listen.conf')
| -rw-r--r-- | health/health.d/tcp_listen.conf | 110 |
1 files changed, 61 insertions, 49 deletions
diff --git a/health/health.d/tcp_listen.conf b/health/health.d/tcp_listen.conf index dad462ebf..51a0e461c 100644 --- a/health/health.d/tcp_listen.conf +++ b/health/health.d/tcp_listen.conf @@ -18,33 +18,39 @@ # ----------------------------------------------------------------------------- # tcp accept queue (at the kernel) - alarm: 1m_tcp_accept_queue_overflows - on: ip.tcp_accept_queue - os: linux - hosts: * - lookup: average -60s unaligned absolute of ListenOverflows - units: overflows - every: 10s - warn: $this > 1 - crit: $this > (($status == $CRITICAL) ? (1) : (5)) - delay: up 0 down 5m multiplier 1.5 max 1h - info: average number of overflows in the TCP accept queue over the last minute - to: sysadmin + alarm: 1m_tcp_accept_queue_overflows + on: ip.tcp_accept_queue + class: System +component: Network + type: Workload + os: linux + hosts: * + lookup: average -60s unaligned absolute of ListenOverflows + units: overflows + every: 10s + warn: $this > 1 + crit: $this > (($status == $CRITICAL) ? (1) : (5)) + delay: up 0 down 5m multiplier 1.5 max 1h + info: average number of overflows in the TCP accept queue over the last minute + to: sysadmin # THIS IS TOO GENERIC # CHECK: https://github.com/netdata/netdata/issues/3234#issuecomment-423935842 - alarm: 1m_tcp_accept_queue_drops - on: ip.tcp_accept_queue - os: linux - hosts: * - lookup: average -60s unaligned absolute of ListenDrops - units: drops - every: 10s - warn: $this > 1 - crit: $this > (($status == $CRITICAL) ? (1) : (5)) - delay: up 0 down 5m multiplier 1.5 max 1h - info: average number of dropped packets in the TCP accept queue over the last minute - to: sysadmin + alarm: 1m_tcp_accept_queue_drops + on: ip.tcp_accept_queue + class: System +component: Network + type: Workload + os: linux + hosts: * + lookup: average -60s unaligned absolute of ListenDrops + units: drops + every: 10s + warn: $this > 1 + crit: $this > (($status == $CRITICAL) ? (1) : (5)) + delay: up 0 down 5m multiplier 1.5 max 1h + info: average number of dropped packets in the TCP accept queue over the last minute + to: sysadmin # ----------------------------------------------------------------------------- @@ -55,30 +61,36 @@ # enabled or not. In both cases this probably indicates a SYN flood attack, # so i guess a notification should be sent. - alarm: 1m_tcp_syn_queue_drops - on: ip.tcp_syn_queue - os: linux - hosts: * - lookup: average -60s unaligned absolute of TCPReqQFullDrop - units: drops - every: 10s - warn: $this > 1 - crit: $this > (($status == $CRITICAL) ? (0) : (5)) - delay: up 10 down 5m multiplier 1.5 max 1h - info: average number of SYN requests was dropped due to the full TCP SYN queue over the last minute \ - (SYN cookies were not enabled) - to: sysadmin + alarm: 1m_tcp_syn_queue_drops + on: ip.tcp_syn_queue + class: System +component: Network + type: Workload + os: linux + hosts: * + lookup: average -60s unaligned absolute of TCPReqQFullDrop + units: drops + every: 10s + warn: $this > 1 + crit: $this > (($status == $CRITICAL) ? (0) : (5)) + delay: up 10 down 5m multiplier 1.5 max 1h + info: average number of SYN requests was dropped due to the full TCP SYN queue over the last minute \ + (SYN cookies were not enabled) + to: sysadmin - alarm: 1m_tcp_syn_queue_cookies - on: ip.tcp_syn_queue - os: linux - hosts: * - lookup: average -60s unaligned absolute of TCPReqQFullDoCookies - units: cookies - every: 10s - warn: $this > 1 - crit: $this > (($status == $CRITICAL) ? (0) : (5)) - delay: up 10 down 5m multiplier 1.5 max 1h - info: average number of sent SYN cookies due to the full TCP SYN queue over the last minute - to: sysadmin + alarm: 1m_tcp_syn_queue_cookies + on: ip.tcp_syn_queue + class: System +component: Network + type: Workload + os: linux + hosts: * + lookup: average -60s unaligned absolute of TCPReqQFullDoCookies + units: cookies + every: 10s + warn: $this > 1 + crit: $this > (($status == $CRITICAL) ? (0) : (5)) + delay: up 10 down 5m multiplier 1.5 max 1h + info: average number of sent SYN cookies due to the full TCP SYN queue over the last minute + to: sysadmin |