blob: ae3c26ec61413b1ffc0b91d55857841497786d18 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
# you can disable an alarm notification by setting the 'to' line to: silent
# -----------------------------------------------------------------------------
# net traffic overflow
template: interface_speed
on: net.net
os: *
hosts: *
families: *
calc: ( $nic_speed_max > 0 ) ? ( $nic_speed_max) : ( nan )
units: Mbit
every: 10s
info: The current speed of the physical network interface
template: 1m_received_traffic_overflow
on: net.net
os: linux
hosts: *
families: *
lookup: average -1m unaligned absolute of received
calc: ($interface_speed > 0) ? ($this * 100 / ($interface_speed * 1000)) : ( nan )
units: %
every: 10s
warn: $this > (($status >= $WARNING) ? (80) : (85))
crit: $this > (($status == $CRITICAL) ? (85) : (90))
delay: down 1m multiplier 1.5 max 1h
info: interface received bandwidth usage over net device speed max
to: sysadmin
template: 1m_sent_traffic_overflow
on: net.net
os: linux
hosts: *
families: *
lookup: average -1m unaligned absolute of sent
calc: ($interface_speed > 0) ? ($this * 100 / ($interface_speed * 1000)) : ( nan )
units: %
every: 10s
warn: $this > (($status >= $WARNING) ? (80) : (85))
crit: $this > (($status == $CRITICAL) ? (85) : (90))
delay: down 1m multiplier 1.5 max 1h
info: interface sent bandwidth usage over net device speed max
to: sysadmin
# -----------------------------------------------------------------------------
# dropped packets
# check if an interface is dropping packets
# the alarm is checked every 1 minute
# and examines the last 10 minutes of data
template: inbound_packets_dropped
on: net.drops
os: linux
hosts: *
families: *
lookup: sum -10m unaligned absolute of inbound
units: packets
every: 1m
warn: $this >= 5
delay: down 1h multiplier 1.5 max 2h
info: interface inbound dropped packets in the last 10 minutes
to: sysadmin
template: outbound_packets_dropped
on: net.drops
os: linux
hosts: *
families: *
lookup: sum -10m unaligned absolute of outbound
units: packets
every: 1m
warn: $this >= 5
delay: down 1h multiplier 1.5 max 2h
info: interface outbound dropped packets in the last 10 minutes
to: sysadmin
template: inbound_packets_dropped_ratio
on: net.packets
os: linux
hosts: *
families: *
lookup: sum -10m unaligned absolute of received
calc: (($inbound_packets_dropped != nan AND $this > 0) ? ($inbound_packets_dropped * 100 / $this) : (0))
units: %
every: 1m
warn: $this >= 0.1
crit: $this >= 2
delay: down 1h multiplier 1.5 max 2h
info: the ratio of inbound dropped packets vs the total number of received packets of the network interface, during the last 10 minutes
to: sysadmin
template: outbound_packets_dropped_ratio
on: net.packets
os: linux
hosts: *
families: *
lookup: sum -10m unaligned absolute of sent
calc: (($outbound_packets_dropped != nan AND $this > 0) ? ($outbound_packets_dropped * 100 / $this) : (0))
units: %
every: 1m
warn: $this >= 0.1
crit: $this >= 2
delay: down 1h multiplier 1.5 max 2h
info: the ratio of outbound dropped packets vs the total number of sent packets of the network interface, during the last 10 minutes
to: sysadmin
# -----------------------------------------------------------------------------
# FIFO errors
# check if an interface is having FIFO
# buffer errors
# the alarm is checked every 1 minute
# and examines the last 10 minutes of data
template: 10min_fifo_errors
on: net.fifo
os: linux
hosts: *
families: *
lookup: sum -10m unaligned absolute
units: errors
every: 1m
warn: $this > 0
delay: down 1h multiplier 1.5 max 2h
info: interface fifo errors in the last 10 minutes
to: sysadmin
# -----------------------------------------------------------------------------
# check for packet storms
# 1. calculate the rate packets are received in 1m: 1m_received_packets_rate
# 2. do the same for the last 10s
# 3. raise an alarm if the later is 10x or 20x the first
# we assume the minimum packet storm should at least have
# 10000 packets/s, average of the last 10 seconds
template: 1m_received_packets_rate
on: net.packets
os: linux freebsd
hosts: *
families: *
lookup: average -1m unaligned of received
units: packets
every: 10s
info: the average number of packets received during the last minute
template: 10s_received_packets_storm
on: net.packets
os: linux freebsd
hosts: *
families: *
lookup: average -10s unaligned of received
calc: $this * 100 / (($1m_received_packets_rate < 1000)?(1000):($1m_received_packets_rate))
every: 10s
units: %
warn: $this > (($status >= $WARNING)?(200):(5000))
crit: $this > (($status >= $WARNING)?(5000):(6000))
options: no-clear-notification
info: the % of the rate of received packets in the last 10 seconds, compared to the rate of the last minute (clear notification for this alarm will not be sent)
to: sysadmin
|
