Permalink
Browse files

added alarm for monitoring the percentage used of connection tracker …

…table
  • Loading branch information...
1 parent 39a4763 commit 1b3bae12d3a2fc2772cc7e4128b7f1ad6f8ef6c9 @ktsaou ktsaou committed Nov 22, 2016
Showing with 31 additions and 7 deletions.
  1. +1 −0 conf.d/Makefile.am
  2. +23 −0 conf.d/health.d/netfilter.conf
  3. +7 −7 src/proc_net_stat_conntrack.c
View
@@ -61,6 +61,7 @@ dist_healthconfig_DATA = \
health.d/mysql.conf \
health.d/named.conf \
health.d/net.conf \
+ health.d/netfilter.conf \
health.d/nginx.conf \
health.d/postgres.conf \
health.d/qos.conf \
@@ -0,0 +1,23 @@
+
+ alarm: netfilter_last_collected_secs
+ on: netfilter.conntrack_sockets
+ calc: $now - $last_collected_t
+ units: seconds ago
+ every: 10s
+ warn: $this > (($status >= $WARNING) ? ($update_every) : ( 5 * $update_every))
+ crit: $this > (($status == $CRITICAL) ? ($update_every) : (60 * $update_every))
+ delay: down 5m multiplier 1.5 max 1h
+ info: number of seconds since the last successful data collection
+ to: sysadmin
+
+ alarm: netfilter_conntrack_full
+ on: netfilter.conntrack_sockets
+ lookup: max -10s unaligned of connections
+ calc: $this * 100 / $netfilter.conntrack.max
+ units: %
+ every: 10s
+ warn: $this > (($status >= $WARNING) ? (70) : (80))
+ crit: $this > (($status == $CRITICAL) ? (80) : (90))
+ delay: down 5m multiplier 1.5 max 1h
+ info: the number of connections tracked by the netfilter connection tracker, as a percentage of the connection tracker table size
+ to: sysadmin
@@ -7,7 +7,7 @@ int do_proc_net_stat_conntrack(int update_every, unsigned long long dt) {
static procfile *ff = NULL;
static int do_sockets = -1, do_new = -1, do_changes = -1, do_expect = -1, do_search = -1, do_errors = -1;
static unsigned long long get_max_every = 10 * 1000000ULL, usec_since_last_max = 0;
- static int read_count = 1, read_full = 1;
+ static int read_full = 1;
static char *nf_conntrack_filename, *nf_conntrack_count_filename, *nf_conntrack_max_filename;
static RRDVAR *rrdvar_max = NULL;
@@ -33,21 +33,21 @@ int do_proc_net_stat_conntrack(int update_every, unsigned long long dt) {
do_search = config_get_boolean("plugin:proc:/proc/net/stat/nf_conntrack", "netfilter connection searches", read_full);
do_errors = config_get_boolean("plugin:proc:/proc/net/stat/nf_conntrack", "netfilter errors", read_full);
- read_count = !read_full;
- if(read_count) {
+ do_sockets = 1;
+ if(!read_full) {
snprintfz(filename, FILENAME_MAX, "%s%s", global_host_prefix, "/proc/sys/net/netfilter/nf_conntrack_count");
nf_conntrack_count_filename = config_get("plugin:proc:/proc/sys/net/netfilter/nf_conntrack_count", "filename to monitor", filename);
if(read_single_number_file(nf_conntrack_count_filename, &aentries))
- read_count = 0;
+ do_sockets = 0;
}
- do_sockets = config_get_boolean("plugin:proc:/proc/net/stat/nf_conntrack", "netfilter connections", read_count);
+ do_sockets = config_get_boolean("plugin:proc:/proc/net/stat/nf_conntrack", "netfilter connections", do_sockets);
- if(!read_count && !read_full)
+ if(!do_sockets && !read_full)
return 1;
- rrdvar_max = rrdvar_custom_host_variable_create(&localhost, "nf.conntrack.max");
+ rrdvar_max = rrdvar_custom_host_variable_create(&localhost, "netfilter.conntrack.max");
}
if(likely(read_full)) {

0 comments on commit 1b3bae1

Please sign in to comment.