summaryrefslogtreecommitdiffstats
path: root/configs.signatures
diff options
context:
space:
mode:
authorAustin S. Hemmelgarn <ahferroin7@gmail.com>2018-09-12 15:20:39 -0400
committerCosta Tsaousis <costa@tsaousis.gr>2018-09-12 22:20:39 +0300
commit3161e32dc24d42e8da38f5b59d3d4481e5e9565d (patch)
tree40427e2da81523a922599cc4623be4532504319a /configs.signatures
parent760c5ee4e6ffd3c1503edd5ce5fda79dd0a19cad (diff)
Add alarms for abnormally high load averages. (#4175)
* Add alarms for abnormally high load averages. This adds reasonably conservative alarms to send alarts on abnormally high load averages. Such a situation may be indicative of a DoS attack, runaway processes, or simply use of underpowered hardware. This intentionally does not compute averages, as doing so would be redundant (we are dealing with load _averages_ after all), which makes the lookup lines look a bit odd in comparison to most other alarms. The actual alarm calculation is as-follows: * Compute the baseline trigger threshold. This is either 2 or the maximum number of CPU's that were present in the system over the last minute, whichever is higher. This special-cases single-CPU systems to be a bit less aggressive,a s they are more often over-committed than systems with multiple cores. * For the 15 minute load average, if the maximum value over the last minute is greater than twice the trigger threshold, issue a warning. * For the 5 minute load average, if the maximum value over the last minute is greater than four times the ttrigger value, issue a warning. * For the 1 minute load average, if the maximum value over the last minute is greater than eight times the trigger value, issue a warning. * For all the load averages, if the value is greater than twice the warning requirement, issue a critical alert. * Down-hysteriesis is provided so that each alarm only resets wheen the value goes below 7/8 of the value for that alarm status. * Each alarm is evaluated once per minute. This behavior should be suitable for most server type systems and many workstations, but may be a bit overaggressive for certain types of system (build systems for example). * Fixed calculations of the base trigger value. Credit goes to @ktsaou for pointing out how the original implementation was incorrect. * Update alarms with correct OS information.
Diffstat (limited to 'configs.signatures')
0 files changed, 0 insertions, 0 deletions