diff options
author | Austin S. Hemmelgarn <ahferroin7@gmail.com> | 2018-09-12 15:20:39 -0400 |
---|---|---|
committer | Costa Tsaousis <costa@tsaousis.gr> | 2018-09-12 22:20:39 +0300 |
commit | 3161e32dc24d42e8da38f5b59d3d4481e5e9565d (patch) | |
tree | 40427e2da81523a922599cc4623be4532504319a /configs.signatures | |
parent | 760c5ee4e6ffd3c1503edd5ce5fda79dd0a19cad (diff) |
Add alarms for abnormally high load averages. (#4175)
* Add alarms for abnormally high load averages.
This adds reasonably conservative alarms to send alarts on abnormally
high load averages. Such a situation may be indicative of a DoS attack,
runaway processes, or simply use of underpowered hardware.
This intentionally does not compute averages, as doing so would be
redundant (we are dealing with load _averages_ after all), which makes
the lookup lines look a bit odd in comparison to most other alarms.
The actual alarm calculation is as-follows:
* Compute the baseline trigger threshold. This is either 2 or the
maximum number of CPU's that were present in the system over the last
minute, whichever is higher. This special-cases single-CPU systems to
be a bit less aggressive,a s they are more often over-committed than
systems with multiple cores.
* For the 15 minute load average, if the maximum value over the last
minute is greater than twice the trigger threshold, issue a warning.
* For the 5 minute load average, if the maximum value over the last
minute is greater than four times the ttrigger value, issue a warning.
* For the 1 minute load average, if the maximum value over the last
minute is greater than eight times the trigger value, issue a warning.
* For all the load averages, if the value is greater than twice the
warning requirement, issue a critical alert.
* Down-hysteriesis is provided so that each alarm only resets wheen the
value goes below 7/8 of the value for that alarm status.
* Each alarm is evaluated once per minute.
This behavior should be suitable for most server type systems and many
workstations, but may be a bit overaggressive for certain types of system
(build systems for example).
* Fixed calculations of the base trigger value.
Credit goes to @ktsaou for pointing out how the original implementation
was incorrect.
* Update alarms with correct OS information.
Diffstat (limited to 'configs.signatures')
0 files changed, 0 insertions, 0 deletions