From 1ee0c09c5742557e037df5421ca62abddb90ae22 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 19 May 2021 14:33:38 +0200
Subject: Merging upstream version 1.31.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 health/health.d/tcp_listen.conf | 110 ++++++++++++++++++++++------------------
 1 file changed, 61 insertions(+), 49 deletions(-)

(limited to 'health/health.d/tcp_listen.conf')

diff --git a/health/health.d/tcp_listen.conf b/health/health.d/tcp_listen.conf
index dad462ebf..51a0e461c 100644
--- a/health/health.d/tcp_listen.conf
+++ b/health/health.d/tcp_listen.conf
@@ -18,33 +18,39 @@
 # -----------------------------------------------------------------------------
 # tcp accept queue (at the kernel)
 
-   alarm: 1m_tcp_accept_queue_overflows
-      on: ip.tcp_accept_queue
-      os: linux
-   hosts: *
-  lookup: average -60s unaligned absolute of ListenOverflows
-   units: overflows
-   every: 10s
-    warn: $this > 1
-    crit: $this > (($status == $CRITICAL) ? (1) : (5))
-   delay: up 0 down 5m multiplier 1.5 max 1h
-    info: average number of overflows in the TCP accept queue over the last minute
-      to: sysadmin
+    alarm: 1m_tcp_accept_queue_overflows
+       on: ip.tcp_accept_queue
+    class: System
+component: Network
+     type: Workload
+       os: linux
+    hosts: *
+   lookup: average -60s unaligned absolute of ListenOverflows
+    units: overflows
+    every: 10s
+     warn: $this > 1
+     crit: $this > (($status == $CRITICAL) ? (1) : (5))
+    delay: up 0 down 5m multiplier 1.5 max 1h
+     info: average number of overflows in the TCP accept queue over the last minute
+       to: sysadmin
 
 # THIS IS TOO GENERIC
 # CHECK: https://github.com/netdata/netdata/issues/3234#issuecomment-423935842
-   alarm: 1m_tcp_accept_queue_drops
-      on: ip.tcp_accept_queue
-      os: linux
-   hosts: *
-  lookup: average -60s unaligned absolute of ListenDrops
-   units: drops
-   every: 10s
-    warn: $this > 1
-    crit: $this > (($status == $CRITICAL) ? (1) : (5))
-   delay: up 0 down 5m multiplier 1.5 max 1h
-    info: average number of dropped packets in the TCP accept queue over the last minute
-      to: sysadmin
+    alarm: 1m_tcp_accept_queue_drops
+       on: ip.tcp_accept_queue
+    class: System
+component: Network
+     type: Workload
+       os: linux
+    hosts: *
+   lookup: average -60s unaligned absolute of ListenDrops
+    units: drops
+    every: 10s
+     warn: $this > 1
+     crit: $this > (($status == $CRITICAL) ? (1) : (5))
+    delay: up 0 down 5m multiplier 1.5 max 1h
+     info: average number of dropped packets in the TCP accept queue over the last minute
+       to: sysadmin
 
 
 # -----------------------------------------------------------------------------
@@ -55,30 +61,36 @@
 # enabled or not. In both cases this probably indicates a SYN flood attack,
 # so i guess a notification should be sent.
 
-   alarm: 1m_tcp_syn_queue_drops
-      on: ip.tcp_syn_queue
-      os: linux
-   hosts: *
-  lookup: average -60s unaligned absolute of TCPReqQFullDrop
-   units: drops
-   every: 10s
-    warn: $this > 1
-    crit: $this > (($status == $CRITICAL) ? (0) : (5))
-   delay: up 10 down 5m multiplier 1.5 max 1h
-    info: average number of SYN requests was dropped due to the full TCP SYN queue over the last minute \
-          (SYN cookies were not enabled)
-      to: sysadmin
+    alarm: 1m_tcp_syn_queue_drops
+       on: ip.tcp_syn_queue
+    class: System
+component: Network
+     type: Workload
+       os: linux
+    hosts: *
+   lookup: average -60s unaligned absolute of TCPReqQFullDrop
+    units: drops
+    every: 10s
+     warn: $this > 1
+     crit: $this > (($status == $CRITICAL) ? (0) : (5))
+    delay: up 10 down 5m multiplier 1.5 max 1h
+     info: average number of SYN requests was dropped due to the full TCP SYN queue over the last minute \
+           (SYN cookies were not enabled)
+       to: sysadmin
 
-   alarm: 1m_tcp_syn_queue_cookies
-      on: ip.tcp_syn_queue
-      os: linux
-   hosts: *
-  lookup: average -60s unaligned absolute of TCPReqQFullDoCookies
-   units: cookies
-   every: 10s
-    warn: $this > 1
-    crit: $this > (($status == $CRITICAL) ? (0) : (5))
-   delay: up 10 down 5m multiplier 1.5 max 1h
-    info: average number of sent SYN cookies due to the full TCP SYN queue over the last minute
-      to: sysadmin
+    alarm: 1m_tcp_syn_queue_cookies
+       on: ip.tcp_syn_queue
+    class: System
+component: Network
+     type: Workload
+       os: linux
+    hosts: *
+   lookup: average -60s unaligned absolute of TCPReqQFullDoCookies
+    units: cookies
+    every: 10s
+     warn: $this > 1
+     crit: $this > (($status == $CRITICAL) ? (0) : (5))
+    delay: up 10 down 5m multiplier 1.5 max 1h
+     info: average number of sent SYN cookies due to the full TCP SYN queue over the last minute
+       to: sysadmin
 
-- 
cgit v1.2.3