added alarm for monitoring the percentage used of connection tracker table

diff --git a/conf.d/Makefile.am b/conf.d/Makefile.am
index 529dedbd90a33680f2fa16444b6c868d460f890b..2acaf801daa7adfec368a51fdc26d902ca561542 100644 (file)
--- a/conf.d/Makefile.am
+++ b/conf.d/Makefile.am
@@ -61,6 +61,7 @@ dist_healthconfig_DATA = \
     health.d/mysql.conf \
     health.d/named.conf \
     health.d/net.conf \
+    health.d/netfilter.conf \
     health.d/nginx.conf \
     health.d/postgres.conf \
     health.d/qos.conf \

diff --git a/conf.d/health.d/netfilter.conf b/conf.d/health.d/netfilter.conf
new file mode 100644 (file)
index 0000000..3dd6a67
--- /dev/null
+++ b/conf.d/health.d/netfilter.conf
@@ -0,0 +1,23 @@
+
+   alarm: netfilter_last_collected_secs
+      on: netfilter.conntrack_sockets
+    calc: $now - $last_collected_t
+   units: seconds ago
+   every: 10s
+    warn: $this > (($status >= $WARNING)  ? ($update_every) : ( 5 * $update_every))
+    crit: $this > (($status == $CRITICAL) ? ($update_every) : (60 * $update_every))
+   delay: down 5m multiplier 1.5 max 1h
+    info: number of seconds since the last successful data collection
+      to: sysadmin
+
+   alarm: netfilter_conntrack_full
+      on: netfilter.conntrack_sockets
+  lookup: max -10s unaligned of connections
+    calc: $this * 100 / $netfilter.conntrack.max
+   units: %
+   every: 10s
+    warn: $this > (($status >= $WARNING)  ? (70) : (80))
+    crit: $this > (($status == $CRITICAL) ? (80) : (90))
+   delay: down 5m multiplier 1.5 max 1h
+    info: the number of connections tracked by the netfilter connection tracker, as a percentage of the connection tracker table size
+      to: sysadmin

diff --git a/src/proc_net_stat_conntrack.c b/src/proc_net_stat_conntrack.c
index 5c1ae20103e72e38d6de3efa0260528fad7a276f..dd3f8ec9e38358af932add35e4dd3c927762eeeb 100644 (file)
--- a/src/proc_net_stat_conntrack.c
+++ b/src/proc_net_stat_conntrack.c
@@ -7,7 +7,7 @@ int do_proc_net_stat_conntrack(int update_every, unsigned long long dt) {
     static procfile *ff = NULL;
     static int do_sockets = -1, do_new = -1, do_changes = -1, do_expect = -1, do_search = -1, do_errors = -1;
     static unsigned long long get_max_every = 10 * 1000000ULL, usec_since_last_max = 0;
-    static int read_count = 1, read_full = 1;
+    static int read_full = 1;
     static char *nf_conntrack_filename, *nf_conntrack_count_filename, *nf_conntrack_max_filename;
     static RRDVAR *rrdvar_max = NULL;
 
@@ -33,21 +33,21 @@ int do_proc_net_stat_conntrack(int update_every, unsigned long long dt) {
         do_search = config_get_boolean("plugin:proc:/proc/net/stat/nf_conntrack", "netfilter connection searches", read_full);
         do_errors = config_get_boolean("plugin:proc:/proc/net/stat/nf_conntrack", "netfilter errors", read_full);
 
-        read_count = !read_full;
-        if(read_count) {
+        do_sockets = 1;
+        if(!read_full) {
             snprintfz(filename, FILENAME_MAX, "%s%s", global_host_prefix, "/proc/sys/net/netfilter/nf_conntrack_count");
             nf_conntrack_count_filename = config_get("plugin:proc:/proc/sys/net/netfilter/nf_conntrack_count", "filename to monitor", filename);
 
             if(read_single_number_file(nf_conntrack_count_filename, &aentries))
-                read_count = 0;
+                do_sockets = 0;
         }
 
-        do_sockets = config_get_boolean("plugin:proc:/proc/net/stat/nf_conntrack", "netfilter connections", read_count);
+        do_sockets = config_get_boolean("plugin:proc:/proc/net/stat/nf_conntrack", "netfilter connections", do_sockets);
 
-        if(!read_count && !read_full)
+        if(!do_sockets && !read_full)
             return 1;
 
-        rrdvar_max = rrdvar_custom_host_variable_create(&localhost, "nf.conntrack.max");
+        rrdvar_max = rrdvar_custom_host_variable_create(&localhost, "netfilter.conntrack.max");
     }
 
     if(likely(read_full)) {