# you can disable an alarm notification by setting the 'to' line to: silent

# -----------------------------------------------------------------------------
# net traffic overflow

 template: interface_speed
       on: net.net
       os: *
    hosts: *
 families: *
     calc: ( $nic_speed_max > 0 ) ? ( $nic_speed_max) : ( nan )
    units: Mbit
    every: 10s
     info: The current speed of the physical network interface

 template: 1m_received_traffic_overflow
       on: net.net
       os: linux
    hosts: *
 families: *
   lookup: average -1m unaligned absolute of received
     calc: ($interface_speed > 0) ? ($this * 100 / ($interface_speed * 1000)) : ( nan )
    units: %
    every: 10s
     warn: $this > (($status >= $WARNING)  ? (80) : (85))
     crit: $this > (($status == $CRITICAL) ? (85) : (90))
    delay: down 1m multiplier 1.5 max 1h
     info: interface received bandwidth usage over net device speed max
       to: sysadmin

 template: 1m_sent_traffic_overflow
       on: net.net
       os: linux
    hosts: *
 families: *
   lookup: average -1m unaligned absolute of sent
     calc: ($interface_speed > 0) ? ($this * 100 / ($interface_speed * 1000)) : ( nan )
    units: %
    every: 10s
     warn: $this > (($status >= $WARNING)  ? (80) : (85))
     crit: $this > (($status == $CRITICAL) ? (85) : (90))
    delay: down 1m multiplier 1.5 max 1h
     info: interface sent bandwidth usage over net device speed max
       to: sysadmin

# -----------------------------------------------------------------------------
# dropped packets

# check if an interface is dropping packets
# the alarm is checked every 1 minute
# and examines the last 10 minutes of data
#
# it is possible to have expected packet drops on an interface for some network configurations
# look at the Monitoring Network Interfaces section in the proc.plugin documentation for more information

template: inbound_packets_dropped
      on: net.drops
      os: linux
   hosts: *
families: *
  lookup: sum -10m unaligned absolute of inbound
   units: packets
   every: 1m
    warn: $this >= 5
   delay: down 1h multiplier 1.5 max 2h
    info: interface inbound dropped packets in the last 10 minutes
      to: sysadmin

template: outbound_packets_dropped
      on: net.drops
      os: linux
   hosts: *
families: *
  lookup: sum -10m unaligned absolute of outbound
   units: packets
   every: 1m
    warn: $this >= 5
   delay: down 1h multiplier 1.5 max 2h
    info: interface outbound dropped packets in the last 10 minutes
      to: sysadmin

template: inbound_packets_dropped_ratio
      on: net.packets
      os: linux
   hosts: *
families: *
  lookup: sum -10m unaligned absolute of received
    calc: (($inbound_packets_dropped != nan AND $this > 0) ? ($inbound_packets_dropped * 100 / $this) : (0))
   units: %
   every: 1m
    warn: $this >= 0.1
    crit: $this >= 2
   delay: down 1h multiplier 1.5 max 2h
    info: the ratio of inbound dropped packets vs the total number of received packets of the network interface, during the last 10 minutes
      to: sysadmin

template: outbound_packets_dropped_ratio
      on: net.packets
      os: linux
   hosts: *
families: *
  lookup: sum -10m unaligned absolute of sent
    calc: (($outbound_packets_dropped != nan AND $this > 0) ? ($outbound_packets_dropped * 100 / $this) : (0))
   units: %
   every: 1m
    warn: $this >= 0.1
    crit: $this >= 2
   delay: down 1h multiplier 1.5 max 2h
    info: the ratio of outbound dropped packets vs the total number of sent packets of the network interface, during the last 10 minutes
      to: sysadmin


# -----------------------------------------------------------------------------
# FIFO errors

# check if an interface is having FIFO
# buffer errors
# the alarm is checked every 1 minute
# and examines the last 10 minutes of data

template: 10min_fifo_errors
      on: net.fifo
      os: linux
   hosts: *
families: *
  lookup: sum -10m unaligned absolute
   units: errors
   every: 1m
    warn: $this > 0
   delay: down 1h multiplier 1.5 max 2h
    info: interface fifo errors in the last 10 minutes
      to: sysadmin


# -----------------------------------------------------------------------------
# check for packet storms

# 1. calculate the rate packets are received in 1m: 1m_received_packets_rate
# 2. do the same for the last 10s
# 3. raise an alarm if the later is 10x or 20x the first
# we assume the minimum packet storm should at least have
# 10000 packets/s, average of the last 10 seconds

template: 1m_received_packets_rate
      on: net.packets
      os: linux freebsd
   hosts: *
families: *
  lookup: average -1m unaligned of received
   units: packets
   every: 10s
    info: the average number of packets received during the last minute

template: 10s_received_packets_storm
      on: net.packets
      os: linux freebsd
   hosts: *
families: *
  lookup: average -10s unaligned of received
    calc: $this * 100 / (($1m_received_packets_rate < 1000)?(1000):($1m_received_packets_rate))
   every: 10s
   units: %
    warn: $this > (($status >= $WARNING)?(200):(5000))
    crit: $this > (($status >= $WARNING)?(5000):(6000))
 options: no-clear-notification
    info: the % of the rate of received packets in the last 10 seconds, compared to the rate of the last minute (clear notification for this alarm will not be sent)
      to: sysadmin