# -----------------------------------------------------------------------------
# make sure we collect values for each interface

template: interface_last_collected_secs
      on: net.net
    calc: $now - $last_collected_t
   units: seconds ago
   every: 10s
    warn: $this > (($status >= $WARNING)  ? ($update_every) : ( 5 * $update_every))
    crit: $this > (($status == $CRITICAL) ? ($update_every) : (60 * $update_every))
   delay: down 5m multiplier 1.5 max 1h
    info: number of seconds since the last successful data collection
      to: sysadmin


# -----------------------------------------------------------------------------
# dropped packets

# check if an interface is dropping packets
# the alarm is checked every 1 minute
# and examines the last hour of data

template: 1hour_packet_drops_inbound
      on: net.drops
  lookup: sum -1h unaligned absolute of inbound
   units: packets
   every: 1m
    warn: $this > 0
   delay: down 30m multiplier 1.5 max 1h
    info: interface inbound dropped packets in the last hour
      to: sysadmin

template: 1hour_packet_drops_outbound
      on: net.drops
  lookup: sum -1h unaligned absolute of outbound
   units: packets
   every: 1m
    warn: $this > 0
   delay: down 30m multiplier 1.5 max 1h
    info: interface outbound dropped packets in the last hour
      to: sysadmin

template: 1hour_packet_drops_ratio_inbound
      on: net.packets
  lookup: sum -1h unaligned absolute of received
    calc: (($1hour_packet_drops_inbound != nan AND $this > 0) ? ($1hour_packet_drops_inbound * 100 / $this) : (0))
   units: %
   every: 1m
    warn: $this > 0.5
    crit: $this > 3
   delay: down 30m multiplier 1.5 max 1h
    info: the ratio of inbound dropped packets vs the total number of received packets of the network interface, during the last hour
      to: sysadmin

template: 1hour_packet_drops_ratio_outbound
      on: net.packets
  lookup: sum -1h unaligned absolute of sent
    calc: (($1hour_packet_drops_outbound != nan AND $this > 0) ? ($1hour_packet_drops_outbound * 100 / $this) : (0))
   units: %
   every: 1m
    warn: $this > 0.5
    crit: $this > 3
   delay: down 30m multiplier 1.5 max 1h
    info: the ratio of outbound dropped packets vs the total number of sent packets of the network interface, during the last hour
      to: sysadmin


# -----------------------------------------------------------------------------
# FIFO errors

# check if an interface is having FIFO
# buffer errors
# the alarm is checked every 1 minute
# and examines the last hour of data

template: 1hour_fifo_errors
      on: net.fifo
  lookup: sum -1h unaligned absolute
   units: errors
   every: 1m
    warn: $this > 0
   delay: down 30m multiplier 1.5 max 1h
    info: interface fifo errors in the last hour
      to: sysadmin


# -----------------------------------------------------------------------------
# check for packet storms

# 1. calculate the rate packets are received in 1m: 1m_received_packets_rate
# 2. do the same for the last 10s
# 3. raise an alarm if the later is 10x or 20x the first
# we assume the minimum packet storm should at least have
# 10000 packets/s, average of the last 10 seconds

template: 1m_received_packets_rate
      on: net.packets
  lookup: average -1m of received
   units: packets
   every: 10s
    info: the average number of packets received during the last minute

template: 10s_received_packets_storm
      on: net.packets
  lookup: average -10s of received
    calc: $this * 100 / (($1m_received_packets_rate < 1000)?(1000):($1m_received_packets_rate))
   every: 10s
   units: %
   warn: $this > (($status >= $WARNING)?(200):(1000))
   crit: $this > (($status >= $WARNING)?(1000):(2000))
   info: the % of the rate of received packets in the last 10 seconds, compared to the rate of the last minute
     to: silent