- name: standard
rules:
-## uncomment for testing an alert firing
+# ## uncomment for testing an alert firing
# - alert: test-alert4
# expr: vector(1)
-# # expr: nonexistent_metric
# for: 0m
# labels:
# severity: day
###### END MISC NOTES ######
-
+# various queries only look at increases, so invert the up metric so we
+# can better query on down.
+ - record: down
+ expr: up == bool 0
# alerting on missing metrics:
severity: warn
- alert: sysd_result_fail
+ # not sure 30m is really needed, it prevents the alert from flapping
+ # i guess.
expr: |-
rate(node_systemd_unit_result_fail_count[30m]) > 0
labels:
severity: day
+ - alert: exim_paniclog
+ expr: |-
+ exim_paniclog > 0
+ labels:
+ severity: warn
+
+ - alert: check_crypttab
+ expr: |-
+ check_crypttab > 0
+ labels:
+ severity: prod
+
+# 17 minutes: if we reboot causing 1 send to fail, thats 10 minutes. we
+# test this every 5 minutes, so thats 15 minutes at most.
- alert: mailtest_check_vps
expr: |-
- time() - mailtest_check_last_usec{job="tlsnode"} >= 60 * 12
+ time() - mailtest_check_last_usec{job="tlsnode"} >= 60 * 17
labels:
severity: day
annotations:
- summary: '12 minutes down'
+ summary: '17 minutes down'
- # 42 mins: enough for a 30 min queue run plus 12
- - alert: mailtest_check_vps
+ - alert: mailtest_check_unexpected_spamd_vps
expr: |-
- time() - mailtest_check_last_usec{job="tlsnode"} >= 60 * 42
+ mailtest_check_unexpected_spamd_results >= 1
labels:
- severity: prod
+ severity: day
annotations:
- summary: '42 minutes down'
+ summary: 'jr -u mailtest-check -e'
- alert: mailtest_check_mailhost
expr: |-
- time() - max by (folder,from) (mailtest_check_last_usec{job="node"}) >= 60 * 12
+ time() - max by (folder,from) (mailtest_check_last_usec{job="node"}) >= 60 * 17
labels:
severity: day
annotations:
- summary: '12 minutes down'
+ summary: '17 minutes down'
- # 42 mins: enough for a 30 min queue run plus 12
- - alert: mailtest_check_mailhost
+ # 20 minutes. just allow for more due to prod alert.
+ - alert: mailtest_check_gnu_mailhost
expr: |-
- time() - max by (folder,from) (mailtest_check_last_usec{job="node"}) >= 60 * 42
+ time() - max by (folder,from) (mailtest_check_last_usec{folder="/m/md/l/testignore", from="iank@gnu.org"}) >= 60 * 20
labels:
severity: prod
annotations:
- summary: '42 minutes down'
+ summary: '20 minutes down'
- alert: 1pmtest
# avg_over_time(node_systemd_unit_state{name="dynamicipupdate.service",state="active"}[1d]) < .95
- alert: up_resets
expr: |-
- resets(up[2d]) - changes(node_boot_time_seconds[2d]) > 12
+ resets(up[1d]) - changes(node_boot_time_seconds[1d]) > 12
labels:
severity: warn
annotations:
- summary: "Target has gone down {{ $value }} times in 2 days, > 12"
+ summary: "Target has gone down {{ $value }} times in 1 day, > 12"
iankelling.org / git / distro-setup / blobdiff