From: Costa Tsaousis (ktsaou) Date: Tue, 22 Nov 2016 00:35:06 +0000 (+0200) Subject: added alarm for monitoring the percentage used of connection tracker table X-Git-Tag: v1.5.0~167^2~2 X-Git-Url: https://arthur.barton.de/gitweb/?p=netdata.git;a=commitdiff_plain;h=1b3bae12d3a2fc2772cc7e4128b7f1ad6f8ef6c9 added alarm for monitoring the percentage used of connection tracker table --- diff --git a/conf.d/Makefile.am b/conf.d/Makefile.am index 529dedbd..2acaf801 100644 --- a/conf.d/Makefile.am +++ b/conf.d/Makefile.am @@ -61,6 +61,7 @@ dist_healthconfig_DATA = \ health.d/mysql.conf \ health.d/named.conf \ health.d/net.conf \ + health.d/netfilter.conf \ health.d/nginx.conf \ health.d/postgres.conf \ health.d/qos.conf \ diff --git a/conf.d/health.d/netfilter.conf b/conf.d/health.d/netfilter.conf new file mode 100644 index 00000000..3dd6a67b --- /dev/null +++ b/conf.d/health.d/netfilter.conf @@ -0,0 +1,23 @@ + + alarm: netfilter_last_collected_secs + on: netfilter.conntrack_sockets + calc: $now - $last_collected_t + units: seconds ago + every: 10s + warn: $this > (($status >= $WARNING) ? ($update_every) : ( 5 * $update_every)) + crit: $this > (($status == $CRITICAL) ? ($update_every) : (60 * $update_every)) + delay: down 5m multiplier 1.5 max 1h + info: number of seconds since the last successful data collection + to: sysadmin + + alarm: netfilter_conntrack_full + on: netfilter.conntrack_sockets + lookup: max -10s unaligned of connections + calc: $this * 100 / $netfilter.conntrack.max + units: % + every: 10s + warn: $this > (($status >= $WARNING) ? (70) : (80)) + crit: $this > (($status == $CRITICAL) ? (80) : (90)) + delay: down 5m multiplier 1.5 max 1h + info: the number of connections tracked by the netfilter connection tracker, as a percentage of the connection tracker table size + to: sysadmin diff --git a/src/proc_net_stat_conntrack.c b/src/proc_net_stat_conntrack.c index 5c1ae201..dd3f8ec9 100644 --- a/src/proc_net_stat_conntrack.c +++ b/src/proc_net_stat_conntrack.c @@ -7,7 +7,7 @@ int do_proc_net_stat_conntrack(int update_every, unsigned long long dt) { static procfile *ff = NULL; static int do_sockets = -1, do_new = -1, do_changes = -1, do_expect = -1, do_search = -1, do_errors = -1; static unsigned long long get_max_every = 10 * 1000000ULL, usec_since_last_max = 0; - static int read_count = 1, read_full = 1; + static int read_full = 1; static char *nf_conntrack_filename, *nf_conntrack_count_filename, *nf_conntrack_max_filename; static RRDVAR *rrdvar_max = NULL; @@ -33,21 +33,21 @@ int do_proc_net_stat_conntrack(int update_every, unsigned long long dt) { do_search = config_get_boolean("plugin:proc:/proc/net/stat/nf_conntrack", "netfilter connection searches", read_full); do_errors = config_get_boolean("plugin:proc:/proc/net/stat/nf_conntrack", "netfilter errors", read_full); - read_count = !read_full; - if(read_count) { + do_sockets = 1; + if(!read_full) { snprintfz(filename, FILENAME_MAX, "%s%s", global_host_prefix, "/proc/sys/net/netfilter/nf_conntrack_count"); nf_conntrack_count_filename = config_get("plugin:proc:/proc/sys/net/netfilter/nf_conntrack_count", "filename to monitor", filename); if(read_single_number_file(nf_conntrack_count_filename, &aentries)) - read_count = 0; + do_sockets = 0; } - do_sockets = config_get_boolean("plugin:proc:/proc/net/stat/nf_conntrack", "netfilter connections", read_count); + do_sockets = config_get_boolean("plugin:proc:/proc/net/stat/nf_conntrack", "netfilter connections", do_sockets); - if(!read_count && !read_full) + if(!do_sockets && !read_full) return 1; - rrdvar_max = rrdvar_custom_host_variable_create(&localhost, "nf.conntrack.max"); + rrdvar_max = rrdvar_custom_host_variable_create(&localhost, "netfilter.conntrack.max"); } if(likely(read_full)) {