]> arthur.barton.de Git - netdata.git/commitdiff
projects / netdata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2033c08)
add alarm for TCP/AttemptsFail spikes
authorCosta Tsaousis (ktsaou) <costa@tsaousis.gr>
Fri, 6 Jan 2017 19:59:28 +0000 (21:59 +0200)
committerCosta Tsaousis (ktsaou) <costa@tsaousis.gr>
Sat, 7 Jan 2017 16:50:16 +0000 (18:50 +0200)
conf.d/health.d/tcp_resets.conf patch | blob | history
configs.signatures patch | blob | history

diff --git a/conf.d/health.d/tcp_resets.conf b/conf.d/health.d/tcp_resets.conf
index a7cb325f136c878b019fc3d6877a9ff66e9c2b46..4655e68c421be712044f963d06903847d1d2c317 100644 (file)
--- a/conf.d/health.d/tcp_resets.conf
+++ b/conf.d/health.d/tcp_resets.conf
@@ -12,21 +12,41 @@
       to: sysadmin
 
 # -----------------------------------------------------------------------------
+# tcp resets this host sends
 
-   alarm: 1m_ipv4_tcp_resets
+   alarm: 1m_ipv4_tcp_resets_sent
       on: ipv4.tcphandshake
   lookup: average -1m at -10s unaligned absolute of OutRsts
    units: tcp resets/s
    every: 10s
     info: average TCP RESETS this host is sending, over the last minute
 
-   alarm: 10s_ipv4_tcp_resets
+   alarm: 10s_ipv4_tcp_resets_sent
       on: ipv4.tcphandshake
   lookup: average -10s unaligned absolute of OutRsts
    units: tcp resets/s
    every: 10s
-    warn: $this > ((($1m_ipv4_tcp_resets < 5)?(5):($1m_ipv4_tcp_resets)) * (($status >= $WARNING)  ? (1) : (4)))
+    warn: $this > ((($1m_ipv4_tcp_resets_sent < 5)?(5):($1m_ipv4_tcp_resets_sent)) * (($status >= $WARNING)  ? (1) : (4)))
    delay: up 0 down 60m multiplier 1.2 max 2h
     info: average TCP RESETS this host is sending, over the last 10 seconds (this can be an indication that a port scan is made, or that a service running on this host has crashed)
       to: silent
 
+# -----------------------------------------------------------------------------
+# tcp resets this host receives
+
+   alarm: 1m_ipv4_tcp_resets_received
+      on: ipv4.tcphandshake
+  lookup: average -1m at -10s unaligned absolute of AttemptFails
+   units: tcp resets/s
+   every: 10s
+    info: average TCP RESETS this host is sending, over the last minute
+
+   alarm: 10s_ipv4_tcp_resets_received
+      on: ipv4.tcphandshake
+  lookup: average -10s unaligned absolute of AttemptFails
+   units: tcp resets/s
+   every: 10s
+    warn: $this > ((($1m_ipv4_tcp_resets_received < 5)?(5):($1m_ipv4_tcp_resets_received)) * (($status >= $WARNING)  ? (1) : (4)))
+   delay: up 0 down 60m multiplier 1.2 max 2h
+    info: average TCP RESETS this host is sending, over the last 10 seconds (this can be an indication that a port scan is made, or that a service running on this host has crashed)
+      to: silent
diff --git a/configs.signatures b/configs.signatures
index aa922b0a3a31af64dfc78a4d96e911f5cd3a24ae..ed8ee6c8601d662125c359825c764b23dc0d470e 100644 (file)
--- a/configs.signatures
+++ b/configs.signatures
@@ -278,6 +278,7 @@ declare -A configs_signatures=(
   ['c9b792755de59d842ba95f8c315d94c8']='health.d/swap.conf'
   ['ca026d7c779f0a7cb7787713c5be5c47']='charts.d.conf'
   ['ca08a9b18d38ae0a0f5081a7cdc96863']='health.d/swap.conf'
+  ['ca0eb92bdd3de67582ea6db37462895f']='health.d/tcp_resets.conf'
   ['ca249db7a0637d55abb938d969f9b486']='python.d/postfix.conf'
   ['cb178b15427274d7def5b14bc4c09441']='health.d/net.conf'
   ['cb60badf376d246ad8ec9d3f524db430']='health.d/disks.conf'
NetData