mirror of
https://github.com/librenms/librenms.git
synced 2024-09-21 10:28:13 +00:00
5733942aa2
* add a new notes field to the rule editor. use a bigger text field for sql queries to avoid mistakes... * add api doc * allow notes field from the collection * add a sample notes to the collection * lint and db schema * unmix some schema changes from a nother PR * unmix schema update No°2 * unmix schema update No°3 - silly me * add strip_tags, minor optimisation, db default value * apply linting * db_schema empty '' as default * update db_schema.yaml * default value changed as 'BLOB, TEXT, GEOMETRY or JSON column 'notes' can't have a default value' * better keep the migration in 2023... * Update 2023_12_12_171400_alert_rule_note.php * Update create-alert-item.inc.php --------- Co-authored-by: PipoCanaja <38363551+PipoCanaja@users.noreply.github.com>
788 lines
36 KiB
JSON
788 lines
36 KiB
JSON
[
|
|
{
|
|
"rule": "macros.device_down = \"1\"",
|
|
"name": "Devices up/down"
|
|
},
|
|
{
|
|
"rule": "macros.device_down = \"1\" && devices.status_reason = \"icmp\"",
|
|
"name": "Device Down! Due to no ICMP response.",
|
|
"default": true
|
|
},
|
|
{
|
|
"rule": "macros.device_down = \"1\" && devices.status_reason = \"snmp\"",
|
|
"name": "Device Down (SNMP unreachable)",
|
|
"default": true,
|
|
"notes": "Device may responds on ICMP but not on SNMP."
|
|
},
|
|
{
|
|
"rule": "devices.uptime < \"300\" && macros.device = \"1\"",
|
|
"name": "Device rebooted",
|
|
"extra": "{\"count\": 1}",
|
|
"default": true
|
|
},
|
|
{
|
|
"rule": "bgpPeers.bgpPeerState != \"established\" && macros.device_up = \"1\" && bgpPeers.bgpPeerAdminStatus != \"stop\"",
|
|
"name": "BGP Session down",
|
|
"extra": "{\"count\": 1}"
|
|
},
|
|
{
|
|
"builder": {"condition":"AND","rules":[{"id":"isis_adjacencies.isisISAdjState","field":"isis_adjacencies.isisISAdjState","type":"string","input":"text","operator":"equal","value":"down"},{"condition":"AND","rules":[{"id":"component.type","field":"component.type","type":"string","input":"text","operator":"equal","value":"ISIS"},{"condition":"AND","rules":[{"id":"component.ignore","field":"component.ignore","type":"string","input":"text","operator":"equal","value":"0"},{"id":"component.disabled","field":"component.disabled","type":"string","input":"text","operator":"equal","value":"0"}]}]},{"id":"macros.device_up","field":"macros.device_up","type":"integer","input":"radio","operator":"equal","value":"1"}],"valid":true},
|
|
"name": "ISIS Adjacency down"
|
|
},
|
|
{
|
|
"rule": "bgpPeers.bgpPeerFsmEstablishedTime < \"300\" && bgpPeers.bgpPeerState = \"established\" && macros.device_up = \"1\"",
|
|
"name": "BGP Session established",
|
|
"extra": "{\"count\": 1}"
|
|
},
|
|
{
|
|
"rule": "macros.port_down = \"1\"",
|
|
"name": "Port status up/down",
|
|
"extra": "{\"count\": 1}",
|
|
"default": true
|
|
},
|
|
{
|
|
"rule": "devices.last_ping_timetaken > \"10\"",
|
|
"name": "Ping Latency",
|
|
"default": true
|
|
},
|
|
{
|
|
"rule": "macros.port_usage_perc >= \"80\" && macros.port_up = \"1\"",
|
|
"name": "Port utilisation over threshold",
|
|
"default": true
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current > `sensors.sensor_limit` && sensors.sensor_alert = \"1\" && macros.device_up = \"1\"",
|
|
"name": "Sensor over limit - Check Device Health Settings",
|
|
"default": true
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current < `sensors.sensor_limit_low` && sensors.sensor_alert = \"1\" && macros.device_up = \"1\"",
|
|
"name": "Sensor under limit - Check Device Health Settings",
|
|
"default": true
|
|
},
|
|
{
|
|
"rule": "services.service_status != \"0\" && macros.device_up = \"1\"",
|
|
"name": "Service up/down",
|
|
"default": true
|
|
},
|
|
{
|
|
"rule": "wireless_sensors.sensor_current >= `wireless_sensors.sensor_limit` && wireless_sensors.sensor_alert = \"1\" && macros.device_up = \"1\"",
|
|
"name": "Wireless Sensor over limit",
|
|
"default": true
|
|
},
|
|
{
|
|
"rule": "wireless_sensors.sensor_current <= `wireless_sensors.sensor_limit_low` && wireless_sensors.sensor_alert = \"1\" && macros.device_up = \"1\"",
|
|
"name": "Wireless Sensor under limit",
|
|
"default": true
|
|
},
|
|
{
|
|
"rule": "wireless_sensors.sensor_type == \"arubaos\" && wireless_sensors.sensor_class == \"ap-count\" && wireless_sensors.sensor_alert = \"1\" && macros.device_up = \"1\" && wireless_sensors.sensor_current <= `wireless_sensors.sensor_limit_low_warn` && wireless_sensors.sensor_current > `wireless_sensors.sensor_limit_low`",
|
|
"name": "Aruba Wireless AP Count Low Warning",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "wireless_sensors.sensor_type == \"arubaos\" && wireless_sensors.sensor_class == \"ap-count\" && wireless_sensors.sensor_alert = \"1\" && macros.device_up = \"1\" && wireless_sensors.sensor_current <= `wireless_sensors.sensor_limit_low`",
|
|
"name": "Aruba Wireless AP Count Low Critical",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "macros.state_sensor_critical && sensors.sensor_alert = 1",
|
|
"name": "State Sensor Critical",
|
|
"default": true
|
|
},
|
|
{
|
|
"rule": "macros.state_sensor_warning && sensors.sensor_alert = 1",
|
|
"name": "State Sensor Warning"
|
|
},
|
|
{
|
|
"rule": "macros.bill_quota_over_quota >= \"75\"",
|
|
"name": "Quota bills over 75% used"
|
|
},
|
|
{
|
|
"rule": "macros.bill_cdr_over_quota >= \"75\"",
|
|
"name": "CDR bills over 75% used"
|
|
},
|
|
{
|
|
"rule": "ipsec_tunnels.tunnel_status != \"active\" && macros.device_up = \"1\"",
|
|
"name": "IPSec tunnels down"
|
|
},
|
|
{
|
|
"rule": "devices.last_polled_timetaken >= 290",
|
|
"name": "Device took too long to poll"
|
|
},
|
|
{
|
|
"rule": "macros.device_up = \"1\" && devices.os = \"asa\" && ciscoASA.data > \"5000\"",
|
|
"name": "Cisco ASA connections over 5000"
|
|
},
|
|
{
|
|
"rule": "processors.processor_usage > \"85\" && macros.device_up = \"1\"",
|
|
"name": "Processor usage over 85%"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_descr = \"Primary Unit.*\" && sensors.sensor_current = \"10\" && sensors.sensor_prev = \"9\"",
|
|
"name": "Cisco ASA Primary unit changed to standby"
|
|
},
|
|
{
|
|
"rule": "ports.ifOperStatus = \"down\" && ports.ifOperStatus_prev = \"up\" && macros.device_up = \"1\"",
|
|
"name": "Port status change from up to down"
|
|
},
|
|
{
|
|
"rule": "ports.ifOutErrors_rate >= \"100\" || ports.ifInErrors_rate >= \"100\"",
|
|
"name": "Interface Errors Rate greater than 100"
|
|
},
|
|
{
|
|
"rule": "devices.inserted >= `macros.past_60m`",
|
|
"name": "Device added within the last 60 minutes"
|
|
},
|
|
{
|
|
"rule": "eventlog.type = \"discovery\" && eventlog.message ~ \"@autodiscovered@\" && eventlog.datetime >= `macros.past_60m`",
|
|
"name": "Device discovered within the last 60 minutes"
|
|
},
|
|
{
|
|
"rule": "wireless_sensors.sensor_class = \"clients\" && wireless_sensors.sensor_current >= `wireless_sensors.sensor_limit` && wireless_sensors.sensor_alert = \"1\" && macros.device_up = \"1\"",
|
|
"name": "Too many wireless clients"
|
|
},
|
|
{
|
|
"rule": "syslog.timestamp >= `macros.past_5m` && syslog.msg ~ \"@authentication failure@\"",
|
|
"name": "Syslog, Authentication failure on Device"
|
|
},
|
|
{
|
|
"rule": "services.service_status = \"1\"",
|
|
"name": "Service warning"
|
|
},
|
|
{
|
|
"rule": "services.service_status = \"2\"",
|
|
"name": "Service critical"
|
|
},
|
|
{
|
|
"rule": "syslog.timestamp >= `macros.past_5m` && syslog.priority ~ \"alert\"",
|
|
"name": "Syslog, received Alert Priority Message"
|
|
},
|
|
{
|
|
"rule": "syslog.timestamp >= `macros.past_5m` && syslog.priority ~ \"emergency\"",
|
|
"name": "Syslog, received Emergency Priority Message"
|
|
},
|
|
{
|
|
"rule": "syslog.timestamp >= `macros.past_5m` && syslog.msg ~ \"@arp table is full@\"",
|
|
"name": "Syslog, ARP table is full check on device "
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_type = \"upsAdvBatteryReplaceIndicator\" && sensors.sensor_current = \"2\"",
|
|
"name": "APC UPS Battery Needs Replacement"
|
|
},
|
|
{
|
|
"builder": {"condition":"AND","rules":[{"id":"sensors.sensor_type","field":"sensors.sensor_type","type":"string","input":"text","operator":"equal","value":"upsAdvTestDiagnosticsResults"},{"condition":"OR","rules":[{"id":"sensors.sensor_current","field":"sensors.sensor_current","type":"string","input":"text","operator":"equal","value":"2"},{"id":"sensors.sensor_current","field":"sensors.sensor_current","type":"string","input":"text","operator":"equal","value":"3"}]}],"valid":true},
|
|
"name": "APC UPS Diagonstics Test Result"
|
|
},
|
|
{
|
|
"builder": {"condition":"AND","rules":[{"condition":"AND","rules":[{"id":"sensors.sensor_current","field":"sensors.sensor_current","type":"string","input":"text","operator":"equal","value":"3"},{"id":"sensors.sensor_type","field":"sensors.sensor_type","type":"string","input":"text","operator":"equal","value":"upsBasicOutputStatus"}]},{"condition":"AND","rules":[{"id":"sensors.sensor_current","field":"sensors.sensor_current","type":"string","input":"text","operator":"not_equal","value":"4"},{"id":"sensors.sensor_type","field":"sensors.sensor_type","type":"string","input":"text","operator":"equal","value":"upsAdvTestDiagnosticsResults"}]}],"valid":true},
|
|
"name": "APC UPS Switched to Battery Power"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current = \"10\" && sensors.sensor_type = \"upsBasicOutputStatus\"",
|
|
"name": "APC UPS in Hardware Failure Bypass Mode"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current = \"16\" && sensors.sensor_type = \"upsBasicOutputStatus\"",
|
|
"name": "APC UPS in Emergency Static Bypass Mode"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current = \"12\" && sensors.sensor_type = \"upsBasicOutputStatus\"",
|
|
"name": "APC UPS in Smart Trim Mode"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_oid ~ \".1.3.6.1.4.1.11.2.14.11.1.2.6.1.4.[2-5]\" && sensors.sensor_current = \"2\"",
|
|
"name": "HP Procurve Bad Power Supply"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_oid = \".1.3.6.1.4.1.11.2.14.11.1.2.6.1.4.1\" && sensors.sensor_current = \"2\"",
|
|
"name": "HP Procurve Fan Fault"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current > `sensors.sensor_limit` && sensors.sensor_alert = \"1\" && macros.device_up = \"1\" && macros.sensor_port_link = \"1\"",
|
|
"name": "Sensor over limit with linked port"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current < `sensors.sensor_limit_low` && sensors.sensor_alert = \"1\" && macros.device_up = \"1\" && macros.sensor_port_link = \"1\"",
|
|
"name": "Sensor under limit with linked port"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current = \"4\" && sensors.sensor_type = \"upsOutputSourceState\"",
|
|
"name": "UPS is running on the bypass"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current = \"5\" && sensors.sensor_type = \"upsOutputSourceState\"",
|
|
"name": "UPS is running on the battery"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current = \"3\" && sensors.sensor_type = \"upsBatteryStatusState\"",
|
|
"name": "UPS has a low battery"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current = \"4\" && sensors.sensor_type = \"upsBatteryStatusState\"",
|
|
"name": "UPS has a depleted battery"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_descr ~ \"Percentage load\" && sensors.sensor_current >= \"90\" && sensors.sensor_type = \"rfc1628\"",
|
|
"name": "UPS has a heavy load"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current ~ \"[3-4]\" && sensors.sensor_oid = \".1.3.6.1.4.1.232.3.2.5.1.1.37.\"",
|
|
"name": "HPE iLo Server drive degraded/failure"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current ~ \"[3-4]\" && sensors.sensor_oid = \".1.3.6.1.4.1.232.6.2.9.3.1.4.\"",
|
|
"name": "HPE iLo Server Power Supply degraded/failure"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current ~ \"[3-4]\" && sensors.sensor_oid = \".1.3.6.1.4.1.232.6.2.6.7.1.9.\"",
|
|
"name": "HPE iLo Server Fan degraded/failure"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current ~ \"[3-4]\" && sensors.sensor_oid = \".1.3.6.1.4.1.232.1.2.2.1.1.6.\"",
|
|
"name": "HPE iLo Server CPU degraded/failure"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current ~ \"[3-4]\" && sensors.sensor_oid = \".1.3.6.1.4.1.232.6.2.14.13.1.20.\"",
|
|
"name": "HPE iLo Server Memory degraded/failure"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"os-updates\" && applications.app_status >= \"10\"",
|
|
"name": "Applications OS-Updates, New Updates Available"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"hpblmos\" && sensors.sensor_type = \"hpblmos_psustate\" && sensors.sensor_current = \"[3-4]\"",
|
|
"name": "HPE BladeSystem has a bad power supply"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"hpblmos\" && sensors.sensor_type = \"hpblmos_fanstate\" && sensors.sensor_current = \"[3-4]\"",
|
|
"name": "HPE BladeSystem has a bad fan"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"axiscam\" && sensors.sensor_type = \"tempSensorStatusState\" && sensors.sensor_current = \"2\"",
|
|
"name": "AXIS camera has a failed temperature sensor"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"rittal-lcp\" && sensors.sensor_type = \"cmcIIIUnitStatus\" && sensors.sensor_current = \"2\"",
|
|
"name": "RITTAL LCP has a failed status"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"rittal-lcp\" && sensors.sensor_type = \"cmcIIIUnitStatus\" && sensors.sensor_current = \"3\"",
|
|
"name": "RITTAL LCP has an overloaded status"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"dsm\" && sensors.sensor_type = \"systemStatusState\" && sensors.sensor_current = \"2\"",
|
|
"name": "Synology NAS has a failed status"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"dsm\" && sensors.sensor_type = \"powerStatusState\" && sensors.sensor_current = \"2\"",
|
|
"name": "Synology NAS has a failed power status"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"dsm\" && sensors.sensor_type = \"systemFanStatusState\" && sensors.sensor_current = \"2\"",
|
|
"name": "Synology NAS has a failed fan status"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"dsm\" && sensors.sensor_type = \"cpuFanStatusState\" && sensors.sensor_current = \"2\"",
|
|
"name": "Synology NAS has a failed CPU fan status"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"dsm\" && sensors.sensor_type = \"upgradeAvailableState\" && sensors.sensor_current = \"1\"",
|
|
"name": "Synology NAS has a new upgrade available"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"dsm\" && sensors.sensor_type = \"raidStatusState\" && sensors.sensor_current = \"[11-12]\"",
|
|
"name": "Synology NAS has a bad RAID status"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"dsm\" && sensors.sensor_type = \"diskStatusState\" && sensors.sensor_current = \"[4-5]\"",
|
|
"name": "Synology NAS has a bad disk status"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"f5\" && sensors.sensor_type = \"sysChassisPowerSupplyStatus\" && sensors.sensor_current = \"0\"",
|
|
"name": "F5 appliance has a bad power supply"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"f5\" && sensors.sensor_type = \"sysChassisFanStatus\" && sensors.sensor_current = \"0\"",
|
|
"name": "F5 appliance has a bad fan"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"nxos\" && sensors.sensor_type = \"cefcFanTrayOperStatus\" && sensors.sensor_current = \"[3-4]\"",
|
|
"name": "Cisco NX-OS device has a bad fan"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"panos\" && sensors.sensor_type = \"panSysHAState\" && sensors.sensor_current = \"1\" && sensors.sensor_prev = \"2\"",
|
|
"name": "Palo Alto Networks passive firewall changed to active"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current = \"2\" && sensors.sensor_oid = \".1.3.6.1.4.1.25506.8.35.9.1.1.1.2\"",
|
|
"name": "Comware Fan Status failed"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current = \"2\" && sensors.sensor_oid = \".1.3.6.1.4.1.25506.8.35.9.1.2.1.2\"",
|
|
"name": "Comware PSU status failed"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current = \"9\" && sensors.sensor_oid = \".1.3.6.1.4.1.9.9.13.1.4.1.3\"",
|
|
"name": "Cisco Fan Status failed "
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current = \"8\" && sensors.sensor_oid = \".1.3.6.1.4.1.9.9.13.1.5.1.3\"",
|
|
"name": "Cisco PSU status failed"
|
|
},
|
|
{
|
|
"builder": {"condition":"AND","rules":[{"id":"sensors.sensor_alert","field":"sensors.sensor_alert","type":"string","input":"text","operator":"equal","value":"1"},{"condition":"OR","rules":[{"id":"sensors.sensor_descr","field":"sensors.sensor_descr","type":"string","input":"text","operator":"regex","value":".*Power Supply.*"},{"id":"sensors.sensor_descr","field":"sensors.sensor_descr","type":"string","input":"text","operator":"regex","value":".*PEM.*"},{"id":"sensors.sensor_descr","field":"sensors.sensor_descr","type":"string","input":"text","operator":"regex","value":".*PSU.*"}]},{"condition":"OR","rules":[{"id":"macros.state_sensor_warning","field":"macros.state_sensor_warning","type":"boolean","input":"radio","operator":"equal","value":"1"},{"id":"macros.state_sensor_critical","field":"macros.state_sensor_critical","type":"boolean","input":"radio","operator":"equal","value":"1"}]}],"valid":true},
|
|
"name": "Generic PSU status failed"
|
|
},
|
|
{
|
|
"rule": "sensors.sensor_current = \"3\" && sensors.sensor_oid = \".1.3.6.1.4.1.4413.1.1.43.1.15.1.2.1\"",
|
|
"name": "UBNT EdgeSwitch Chassis state failed"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"Netscaler\" && sensors.sensor_type = \"sysHighAvailabilityMode\" && sensors.sensor_current != `sensors.sensor_prev` && sensors.lastupdate < \"DATE_SUB(NOW(),INTERVAL 5 MINUTE)\" && macros.device_up = \"1\"",
|
|
"name": "Netscaler HA node mode change"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"Netscaler\" && sensors.sensor_type = \"haCurState\" && sensors.sensor_current ~ \"[1|8|9]\" && macros.device_up = \"1\"",
|
|
"name": "Netscaler HA node state Warning"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"Netscaler\" && sensors.sensor_type = \"haCurState\" && sensors.sensor_current ~ \"[2|4|5|7|10|11]\" && macros.device_up = \"1\"",
|
|
"name": "Netscaler HA node state Critical"
|
|
},
|
|
{
|
|
"rule": "%applications.app_type='portactivity' && %applications_metrics.ssh_total_to>'5'",
|
|
"name": "SSH Connections To"
|
|
},
|
|
{
|
|
"rule": "%applications.app_type='portactivity' && %applications_metrics.http_total_to>'100'",
|
|
"name": "HTTP Connections To"
|
|
},
|
|
{
|
|
"rule": "%applications.app_type='portactivity' && %applications_metrics.https_total_to>'100'",
|
|
"name": "HTTPS Connections To"
|
|
},
|
|
{
|
|
"rule": "%applications.app_type='portactivity' && %applications_metrics.smtp_total_from>'10'",
|
|
"name": "SMTP Connections From"
|
|
},
|
|
{
|
|
"rule": "%applications.app_type='portactivity' && %applications_metrics.smtp_total_to>'30'",
|
|
"name": "SMTP Connections To"
|
|
},
|
|
{
|
|
"rule": "%applications.app_type='portactivity' && %applications_metrics.ftp_total_to>'5'",
|
|
"name": "FTP Connections To"
|
|
},
|
|
{
|
|
"rule": "%applications.app_type='portactivity' && %applications_metrics.imap_total_to>'20'",
|
|
"name": "IMAP Connections To"
|
|
},
|
|
{
|
|
"rule": "%applications.app_type='portactivity' && %applications_metrics.imaps_total_to>'20'",
|
|
"name": "IMAPS Connections To"
|
|
},
|
|
{
|
|
"rule": "%applications.app_type='portactivity' && %applications_metrics.imaps_total_from>'0'",
|
|
"name": "IRCD Connections From"
|
|
},
|
|
{
|
|
"rule": "customoids.customoid_current >= `customoids.customoid_limit` && customoids.customoid_alert = \"1\" && macros.device_up = \"1\"",
|
|
"name": "CustomOID over limit"
|
|
},
|
|
{
|
|
"rule": "customoids.customoid_current <= `customoids.customoid_limit_low` && customoids.customoid_alert = \"1\" && macros.device_up = \"1\"",
|
|
"name": "CustomOID under limit"
|
|
},
|
|
{
|
|
"rule": "customoids.customoid_current >= `customoids.customoid_limit_warn` && customoids.customoid_alert = \"1\" && macros.device_up = \"1\"",
|
|
"name": "CustomOID over warning limit",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "customoids.customoid_current <= `customoids.customoid_limit_low_warn` && customoids.customoid_alert = \"1\" && macros.device_up = \"1\"",
|
|
"name": "CustomOID under warning limit",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ups-nut\" && state_indexes.state_name = \"UPSOnBattery\" && macros.state_sensor_warning = 1",
|
|
"name": "UPS-NUT on battery"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ups-nut\" && state_indexes.state_name = \"UPSLowBattery\" && macros.state_sensor_critical = 1",
|
|
"name": "UPS-NUT low battery"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ups-nut\" && state_indexes.state_name = \"UPSHighBattery\" && macros.state_sensor_warning = 1",
|
|
"name": "UPS-NUT high battery"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ups-nut\" && state_indexes.state_name = \"UPSBatteryReplace\" && macros.state_sensor_warning = 1",
|
|
"name": "UPS-NUT battery needs to be replaced"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ups-nut\" && state_indexes.state_name = \"UPSBatteryCharging\" && macros.state_sensor_warning = 1",
|
|
"name": "UPS-NUT battery is charging"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ups-nut\" && state_indexes.state_name = \"UPSBatteryDischarging\" && macros.state_sensor_warning = 1",
|
|
"name": "UPS-NUT battery is discharging"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ups-nut\" && state_indexes.state_name = \"UPSUPSBypass\" && macros.state_sensor_warning = 1",
|
|
"name": "UPS-NUT bypass circuit is active"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ups-nut\" && state_indexes.state_name = \"UPSRuntimeCalibration\" && macros.state_sensor_warning = 1",
|
|
"name": "UPS-NUT performing runtime calibration"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ups-nut\" && state_indexes.state_name = \"UPSOffline\" && macros.state_sensor_critical = 1",
|
|
"name": "UPS-NUT offline and is not supplying power to the load"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ups-nut\" && state_indexes.state_name = \"UPSUPSOverloaded\" && macros.state_sensor_critical = 1",
|
|
"name": "UPS-NUT overloaded"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ups-nut\" && state_indexes.state_name = \"UPSUPSBuck\" && macros.state_sensor_warning = 1",
|
|
"name": "UPS-NUT trimming incoming voltage"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ups-nut\" && state_indexes.state_name = \"UPSUPSBoost\" && macros.state_sensor_warning = 1",
|
|
"name": "UPS-NUT boosting incoming voltage"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ups-nut\" && state_indexes.state_name = \"UPSForcedShutdown\" && macros.state_sensor_critical = 1",
|
|
"name": "UPS-NUT trimming incoming voltage"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"qnap\" && sensors.sensor_type = \"systemPowerStatus\" && sensors.sensor_current = \"-1\"",
|
|
"name": "QNAP NAS has a failed power status"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"qnap\" && sensors.sensor_type = \"systemFanStatus\" && sensors.sensor_current = \"-1\"",
|
|
"name": "QNAP NAS has a failed fan status"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"qnap\" && sensors.sensor_type = \"raidStatus\" && sensors.sensor_current != \"0\"",
|
|
"name": "QNAP NAS has a bad RAID status"
|
|
},
|
|
{
|
|
"rule": "devices.os = \"qnap\" && sensors.sensor_type = \"diskSmartInfo\" && sensors.sensor_current != \"0\"",
|
|
"name": "QNAP NAS has a bad SMART disk status"
|
|
},
|
|
{
|
|
"rule": "eventlog.message ~ \"Deleted\" && eventlog.datetime >= `DATE_SUB(NOW(),INTERVAL 12 Hour)`",
|
|
"name": "A Device sensor has been deleted"
|
|
},
|
|
{
|
|
"name": "Unpolled Devices",
|
|
"builder": {"condition":"AND","rules":[{"id":"macros.device","field":"macros.device","type":"integer","input":"radio","operator":"equal","value":"1"},{"id":"devices.last_polled","field":"devices.last_polled","type":"datetime","input":"text","operator":"less","value":"`DATE_SUB(NOW(), INTERVAL 6 MINUTE)`"}],"valid":true}
|
|
},
|
|
{
|
|
"builder": {"condition":"AND","rules":[{"id":"ports.ifSpeed","field":"ports.ifSpeed","type":"string","input":"text","operator":"greater","value":"0"},{"id":"ports.ifSpeed","field":"ports.ifSpeed","type":"string","input":"text","operator":"less","value":"`ports.ifSpeed_prev`"},{"id":"eventlog.message","field":"eventlog.message","type":"string","input":"text","operator":"begins_with","value":"ifSpeed:"},{"id":"eventlog.datetime","field":"eventlog.datetime","type":"datetime","input":"text","operator":"greater_or_equal","value":"`macros.past_10m`"},{"id":"ports.port_id","field":"ports.port_id","type":"string","input":"text","operator":"equal","value":"`eventlog.reference`"},{"id":"ports.ifOperStatus","field":"ports.ifOperStatus","type":"string","input":"text","operator":"equal","value":"up"},{"id":"ports.disabled","field":"ports.disabled","type":"string","input":"text","operator":"equal","value":"0"}],"valid":true},
|
|
"name": "Port Speed Degraded"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"warning\" && application_metrics.value >= \"1\"",
|
|
"name": "Sneck Warnings >= 1",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"critical\" && application_metrics.value >= \"1\"",
|
|
"name": "Sneck Critical >= 1",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"unknown\" && application_metrics.value >= \"1\"",
|
|
"name": "Sneck Unknown >= 1",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"errored\" && application_metrics.value >= \"1\"",
|
|
"name": "Sneck Errored >= 1",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_psu\" && application_metrics.value = \"1\"",
|
|
"name": "Sneck - IPMI PSU Warning",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_psu\" && application_metrics.value = \"2\"",
|
|
"name": "Sneck - IPMI PSU Critical",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_psu\" && application_metrics.value = \"3\"",
|
|
"name": "Sneck - IPMI PSU Unknown",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_fan\" && application_metrics.value = \"1\"",
|
|
"name": "Sneck - IPMI Fan Warning",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_fan\" && application_metrics.value = \"2\"",
|
|
"name": "Sneck - IPMI Fan Critical",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_fan\" && application_metrics.value = \"3\"",
|
|
"name": "Sneck - IPMI Fan Unknown",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_temp\" && application_metrics.value = \"1\"",
|
|
"name": "Sneck - IPMI Temperature Warning",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_temp\" && application_metrics.value = \"2\"",
|
|
"name": "Sneck - IPMI Temperature Critical",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_temp\" && application_metrics.value = \"3\"",
|
|
"name": "Sneck - IPMI Temperature Unknown",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_volts\" && application_metrics.value = \"1\"",
|
|
"name": "Sneck - IPMI Volts Warning",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_volts\" && application_metrics.value = \"2\"",
|
|
"name": "Sneck - IPMI Volts Critical",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_volts\" && application_metrics.value = \"3\"",
|
|
"name": "Sneck - IPMI Volts Unknown",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_amps\" && application_metrics.value = \"1\"",
|
|
"name": "Sneck - IPMI Amps Warning",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_amps\" && application_metrics.value = \"2\"",
|
|
"name": "Sneck - IPMI Amps Critical",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_ipmi_amps\" && application_metrics.value = \"3\"",
|
|
"name": "Sneck - IPMI Amps Unknown",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_suricata_procs\" && application_metrics.value != \"0\"",
|
|
"name": "Sneck - Wrong Number Of Suricata Procs Running",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_meer_procs\" && application_metrics.value != \"0\"",
|
|
"name": "Sneck - Wrong Number Of Meer Procs Running",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_sagan_procs\" && application_metrics.value != \"0\"",
|
|
"name": "Sneck - Wrong Number Of Sagan Procs Running",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"check_daemonlogger_procs\" && application_metrics.value != \"0\"",
|
|
"name": "Sneck - Wrong Number Of Daemonlogger Procs Running",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sneck\" && application_metrics.metric = \"time_to_polling_abs\" && application_metrics.value >= \"540\"",
|
|
"name": "Sneck Has Not Run For Over 540 Seconds",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"suricata\" && application_metrics.metric = \"alert\" && application_metrics.value = \"1\"",
|
|
"name": "Suricata has a WARNING alert",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"suricata\" && application_metrics.metric = \"alert\" && application_metrics.value = \"2\"",
|
|
"name": "Suricata has a CRITICAL alert",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"suricata\" && application_metrics.metric = \"alert\" && application_metrics.value = \"3\"",
|
|
"name": "Suricata has a UNKNOWN alert",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"suricata\" && application_metrics.metric = \".total_drop_percent\" && application_metrics.value >= \"1\"",
|
|
"name": "Suricata Packet Drop > 1%",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"suricata\" && application_metrics.metric = \".total_drop_percent\" && application_metrics.value >= \"2\"",
|
|
"name": "Suricata Packet Drop > 2%",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"suricata\" && application_metrics.metric = \".total_ifdrop_percent\" && application_metrics.value >= \"1\"",
|
|
"name": "Suricata Packet If Drop > 1%",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"suricata\" && application_metrics.metric = \".total_ifdrop_percent\" && application_metrics.value >= \"2\"",
|
|
"name": "Suricata Packet If Drop > 2%",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"suricata\" && application_metrics.metric = \".total_error_delta\" && application_metrics.value >= \"1\"",
|
|
"name": "Suricata Packet Error >= 1%",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"suricata\" && application_metrics.metric = \".total_error_delta\" && application_metrics.value >= \"2\"",
|
|
"name": "Suricata Packet Error >= 2%",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"mysql\" && applications.app_state != \"OK\"",
|
|
"name": "MySQL Server not responding",
|
|
"severity":"critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"opensearch\" && application_metrics.metric = \".status\" && application_metrics.value = \"1\"",
|
|
"name": "Opensearch/Elasticsearch Cluster Status Yellow",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"opensearch\" && application_metrics.metric = \".status\" && application_metrics.value = \"2\"",
|
|
"name": "Opensearch/Elasticsearch Cluster Status Red",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sagan\" && application_metrics.metric = \".total_alert\" && application_metrics.value = \"1\"",
|
|
"name": "Sagan has a WARNING alert",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sagan\" && application_metrics.metric = \".total_alert\" && application_metrics.value = \"2\"",
|
|
"name": "Sagan has a CRITICAL alert",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sagan\" && application_metrics.metric = \".total_alert\" && application_metrics.value = \"3\"",
|
|
"name": "Sagan has a UNKNOWN alert",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sagan\" && application_metrics.metric = \".total_f_drop_percent\" && application_metrics.value >= \"1\"",
|
|
"name": "Sagan Flow Drop Percent >= 1%",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sagan\" && application_metrics.metric = \".total_f_drop_percent\" && application_metrics.value >= \"2\"",
|
|
"name": "Sagan Flow Drop Percent >= 2%",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sagan\" && application_metrics.metric = \".total_drop_percent\" && application_metrics.value >= \"1\"",
|
|
"name": "Sagan Drop Percent >= 1%",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"sagan\" && application_metrics.metric = \".total_drop_percent\" && application_metrics.value >= \"2\"",
|
|
"name": "Sagan Drop Percent >= 2%",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "storage.storage_deleted = 0 && storage.storage_descr = \"/\" && storage.storage_perc >= 90 && storage.storage_perc < 95",
|
|
"name": "Space on / is >= 90% and < 95% in use",
|
|
"severity":"warning"
|
|
},
|
|
{
|
|
"rule": "storage.storage_deleted = 0 && storage.storage_descr = \"/\" && storage.storage_perc >= 95",
|
|
"name": "Space on / is >= 95% in use",
|
|
"severity":"critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"systemd\" && application_metrics.metric = \"sub_service_failed\" && application_metrics.value > \"0\"",
|
|
"name": "Systemd Services Failed > 0",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"logsize\" && application_metrics.metric = \"max_size\" && application_metrics.value > \"5000000000\"",
|
|
"name": "Logsize: set(s) have a size > 5GB",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"logsize\" && application_metrics.metric like \"set_%_max_size\" && application_metrics.value > \"5000000000\"",
|
|
"name": "Logsize: set(s) has a log file(s) with a size > 5GB",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"logsize\" && application_metrics.metric = \"size\" && application_metrics.value > \"5000000000\"",
|
|
"name": "Logsize: total size > 5GB",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"zfs\" && application_metrics.metric = \"l2_errors\" && application_metrics.value >= \"1\"",
|
|
"name": "ZFS L2 errors present",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"zfs\" && application_metrics.metric = \"health\" && application_metrics.value = \"0\"",
|
|
"name": "ZFS has one or more pool DEGRADED, FAULTED, UNAVAIL, REMOVED, or other",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"linux_config_files\" && application_metrics.metric = \"number_of_confs\" && application_metrics.value > \"0\"",
|
|
"name": "linux_config_files Configuration Files Out-Of-Sync > 0",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"smart\" && application_metrics.metric = \"unhealthy\" && application_metrics.value > \"0\"",
|
|
"name": "SMART: one or more disk is unhealthy",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"smart\" && application_metrics.metric = \"exit_nonzero\" && application_metrics.value > \"0\"",
|
|
"name": "SMART: one or more disk could not be polled",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ss\" && application_metrics.metric = \"tcp_time-wait\" && application_metrics.value > \"100\"",
|
|
"name": "SS TCP TIME-WAIT Sessions > 100",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"ss\" && application_metrics.metric = \"inet6_tcp_established\" && application_metrics.value < \"10\"",
|
|
"name": "SS IPv6 TCP ESTABLISHED Sessions < 10",
|
|
"severity": "critical"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"suricata_extract\" && application_metrics.metric = \"errors\" && application_metrics.value > \"0\"",
|
|
"name": "Suricata Extract Submit errors found > 0",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "(applications.app_type = \"suricata_extract\" && application_metrics.metric = \"sub_fail\" && application_metrics.value > \"0\") || (applications.app_type = \"suricata_extract\" && application_metrics.metric = \"sub_4xx\" && application_metrics.value > \"0\") || (applications.app_type = \"suricata_extract\" && application_metrics.metric = \"sub_5xx\" && application_metrics.value > \"0\")",
|
|
"name": "Suricata Extract Submit submission failures found > 0",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"suricata_extract\" && application_metrics.metric = \"truncated\" && application_metrics.value > \"0\"",
|
|
"name": "Suricata Extract Submit truncated extracts found > 0",
|
|
"severity": "warning"
|
|
},
|
|
{
|
|
"rule": "applications.app_type = \"suricata_extract\" && application_metrics.metric = \"zero_sized\" && application_metrics.value > \"0\"",
|
|
"name": "Suricata Extract Submit zero sized files > 0",
|
|
"severity": "warning"
|
|
}
|
|
]
|