X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=filesystem%2Fetc%2Fprometheus%2Frules%2Fiank.yml;h=9838cac3ca219cbbf748da0ea366843056dbeb53;hb=6cc73025405b7a540eec371d1d8f7d9d13d8e019;hp=75b5cbcfc760925b79d51fd6c3262de7a6186a97;hpb=802e885e3e7fa3857f8bc4f54c261d5ca76f2454;p=distro-setup

diff --git a/filesystem/etc/prometheus/rules/iank.yml b/filesystem/etc/prometheus/rules/iank.yml
index 75b5cbc..9838cac 100644
--- a/filesystem/etc/prometheus/rules/iank.yml
+++ b/filesystem/etc/prometheus/rules/iank.yml
@@ -9,10 +9,9 @@ groups:
 - name: standard
   rules:
 
-## uncomment for testing an alert firing
+# ## uncomment for testing an alert firing
 #   - alert: test-alert4
 #     expr: vector(1)
-# #    expr: nonexistent_metric
 #     for: 0m
 #     labels:
 #       severity: day
@@ -44,7 +43,10 @@ groups:
 
 ###### END MISC NOTES ######
 
-
+# various queries only look at increases, so invert the up metric so we
+# can better query on down.
+  - record: down
+    expr: up == bool 0
 
 
 # alerting on missing metrics:
@@ -85,44 +87,59 @@ groups:
       severity: warn
 
   - alert: sysd_result_fail
+    # not sure 30m is really needed, it prevents the alert from flapping
+    # i guess.
     expr: |-
       rate(node_systemd_unit_result_fail_count[30m]) > 0
     labels:
       severity: day
 
+  - alert: exim_paniclog
+    expr: |-
+      exim_paniclog > 0
+    labels:
+      severity: warn
+
+  - alert: check_crypttab
+    expr: |-
+      check_crypttab > 0
+    labels:
+      severity: prod
+
+# 17 minutes: if we reboot causing 1 send to fail, thats 10 minutes. we
+# test this every 5 minutes, so thats 15 minutes at most.
   - alert: mailtest_check_vps
     expr: |-
-      time() - mailtest_check_last_usec{job="tlsnode"} >= 60 * 12
+      time() - mailtest_check_last_usec{job="tlsnode"} >= 60 * 17
     labels:
       severity: day
     annotations:
-      summary: '12 minutes down'
+      summary: '17 minutes down'
 
-  # 42 mins: enough for a 30 min queue run plus 12
-  - alert: mailtest_check_vps
+  - alert: mailtest_check_unexpected_spamd_vps
     expr: |-
-      time() - mailtest_check_last_usec{job="tlsnode"} >= 60 * 42
+      mailtest_check_unexpected_spamd_results >= 1
     labels:
-      severity: prod
+      severity: day
     annotations:
-      summary: '42 minutes down'
+      summary: 'jr -u mailtest-check -e'
 
   - alert: mailtest_check_mailhost
     expr: |-
-      time() - max by (folder,from) (mailtest_check_last_usec{job="node"}) >= 60 * 12
+      time() - max by (folder,from) (mailtest_check_last_usec{job="node"}) >= 60 * 17
     labels:
       severity: day
     annotations:
-      summary: '12 minutes down'
+      summary: '17 minutes down'
 
-  # 42 mins: enough for a 30 min queue run plus 12
-  - alert: mailtest_check_mailhost
+  # 20 minutes. just allow for more due to prod alert.
+  - alert: mailtest_check_gnu_mailhost
     expr: |-
-      time() - max by (folder,from) (mailtest_check_last_usec{job="node"}) >= 60 * 42
+      time() - max by (folder,from) (mailtest_check_last_usec{folder="/m/md/l/testignore", from="iank@gnu.org"}) >= 60 * 20
     labels:
       severity: prod
     annotations:
-      summary: '42 minutes down'
+      summary: '20 minutes down'
 
 
   - alert: 1pmtest
@@ -161,11 +178,11 @@ groups:
 # avg_over_time(node_systemd_unit_state{name="dynamicipupdate.service",state="active"}[1d]) < .95
   - alert: up_resets
     expr: |-
-      resets(up[2d]) - changes(node_boot_time_seconds[2d]) > 12
+      resets(up[1d]) - changes(node_boot_time_seconds[1d]) > 12
     labels:
       severity: warn
     annotations:
-      summary: "Target has gone down {{ $value }} times in 2 days, > 12"
+      summary: "Target has gone down {{ $value }} times in 1 day, > 12"