From 777eb1f823b0637164f56946fc66241e9eb3d264 Mon Sep 17 00:00:00 2001 From: kkrumm1 Date: Wed, 20 Sep 2017 16:58:24 -0500 Subject: [PATCH] feature: Added more rules to the collection of alert rules (#7363) * Features: Updated collection of alert rules Added in the following to the Alerts Collection, Syslog, received Alert Priority Message Syslog, received Emergency Priority Message APC UPS Battery Needs Replacement APC UPS Switched to Battery Power APC UPS in Hardware Failure Bypass Mode APC UPS in Emergency Static Bypass Mode * Update alert_rules.json * Update alert_rules.json fixed changes per request. * Update alert_rules.json fixed "white spaces and spaces" * Update alert_rules.json Fixed spaces and tabs... rookie mistake. --- misc/alert_rules.json | 42 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) diff --git a/misc/alert_rules.json b/misc/alert_rules.json index d5f30f98d1..59e598a0e1 100644 --- a/misc/alert_rules.json +++ b/misc/alert_rules.json @@ -102,12 +102,10 @@ "rule": "%wireless_sensors.sensor_class = 'clients' && %wireless_sensors.sensor_current >= %wireless_sensors.sensor_limit && %wireless_sensors.sensor_alert = \"1\" && %macros.device_up = \"1\"", "name": "Too many wireless clients" }, - { "rule": "%syslog.timestamp > = %macros.past_5m && %syslog.msg ~ \"@authentication failure@\"", "name": "Syslog, Authentication failure on Device" }, - { "rule": "%services.service_status = \"1\"", "name": "Service warning" @@ -115,6 +113,46 @@ { "rule": "%services.service_status = \"2\"", "name": "Service critical" + }, + { + "rule": "%syslog.timestamp >= %macros.past_5m && %syslog.priority ~ \"alert\"", + "name": "Syslog, received Alert Priority Message" + }, + { + "rule": "%syslog.timestamp >= %macros.past_5m && %syslog.priority ~ \"emergency\"", + "name": "Syslog, received Emergency Priority Message" + }, + { + "rule": "%syslog.timestamp = %macros.past_5m && %syslog.msg ~ \"@arp table is full@\"", + "name": "Syslog, ARP table is full check on device " + }, + { + "rule": "%sensors.sensor_type = \"upsAdvBatteryReplaceIndicator\" && %sensors.sensor_current = \"2\"", + "name": "APC UPS Battery Needs Replacement" + }, + { + "rule": "%sensors.sensor_current = \"3\" && %sensors.sensor_type = \"upsBasicOutputStatus\"", + "name": "APC UPS Switched to Battery Power" + }, + { + "rule": "%sensors.sensor_current = \"10\" && %sensors.sensor_type = \"upsBasicOutputStatus\"", + "name": "APC UPS in Hardware Failure Bypass Mode" + }, + { + "rule": "%sensors.sensor_current = \"16\" && %sensors.sensor_type = \"upsBasicOutputStatus\"", + "name": "APC UPS in Emergency Static Bypass Mode" + }, + { + "rule": "%sensors.sensor_current = \"12\" && %sensors.sensor_type = \"upsBasicOutputStatus\"", + "name": "APC UPS in Smart Trim Mode" + }, + { + "rule": "%sensors.sensor_oid ~ \".1.3.6.1.4.1.11.2.14.11.1.2.6.1.4.[2-5]\" && %sensors.sensor_current = \"2\"", + "name": "HP Procurve Bad Power Supply" + }, + { + "rule": "%sensors.sensor_oid = \".1.3.6.1.4.1.11.2.14.11.1.2.6.1.4.1\" && %sensors.sensor_current = \"2\"", + "name": "HP Procurve Fan Fault" }, { "rule": "%sensors.sensor_current > %sensors.sensor_limit && %sensors.sensor_alert = \"1\" && %macros.device_up = \"1\" && %macros.sensor_port_link = \"1\"",