API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 2nd, 2017
466
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.87 KB | None | 0 0
raw download clone embed print report
  1. Rule name: Excessive swap utilization
  2. Alert rule: %mempools.mempool_descr ~ "Swap@" && %mempools.mempool_perc >= "50"
  3. Alert query: SELECT * FROM mempools WHERE (mempools.device_id = ?) && (mempools.mempool_descr REGEXP "Swap.*" && mempools.mempool_perc >= "50" )
  4. Rule match: no match
  5.  
  6. Rule name: Devices up/down
  7. Alert rule: %macros.device_down = "1"
  8. Alert query: SELECT * FROM devices WHERE (devices.device_id = ?) && (((devices.status = 0 && ((devices.disabled = 0 && devices.ignore = 0)))) = "1")
  9. Rule match: no match
  10.  
  11. Rule name: Device rebooted
  12. Alert rule: %devices.uptime < "300" && %macros.device = "1"
  13. Alert query: SELECT * FROM devices WHERE (devices.device_id = ?) && (devices.uptime < "300" && ((devices.disabled = 0 && devices.ignore = 0)) = "1")
  14. Rule match: no match
  15.  
  16. Rule name: Port utilisation over threshold
  17. Alert rule: %macros.port_usage_perc >= "80" && %macros.port_up = "1" && %macros.port = "1"
  18. Alert query: SELECT * FROM ports WHERE (ports.device_id = ?) && ((((ports.ifInOctets_rate*8) / ports.ifSpeed)*100) >= "80" && ((ports.ifOperStatus = "up" && ports.ifAdminStatus = "up" && ((ports.deleted = 0 && ports.ignore = 0 && ports.disabled = 0)))) = "1" && ((ports.deleted = 0 && ports.ignore = 0 && ports.disabled = 0)) = "1")
  19. Rule match: no match
  20.  
  21. Rule name: Sensor over limit
  22. Alert rule: %sensors.sensor_current > %sensors.sensor_limit && %sensors.sensor_alert = "1" && %macros.device_up = "1"
  23. Alert query: SELECT * FROM sensors,devices WHERE (( devices.device_id = sensors.device_id ) && sensors.device_id = ?) && (sensors.sensor_current > sensors.sensor_limit && sensors.sensor_alert = "1" && ((devices.status = 1 && ((devices.disabled = 0 && devices.ignore = 0)))) = "1")
  24. Rule match: no match
  25.  
  26. Rule name: Sensor under limit
  27. Alert rule: %sensors.sensor_current < %sensors.sensor_limit_low && %sensors.sensor_alert = "1" && %macros.device_up = "1"
  28. Alert query: SELECT * FROM sensors,devices WHERE (( devices.device_id = sensors.device_id ) && sensors.device_id = ?) && (sensors.sensor_current < sensors.sensor_limit_low && sensors.sensor_alert = "1" && ((devices.status = 1 && ((devices.disabled = 0 && devices.ignore = 0)))) = "1")
  29. Rule match: no match
  30.  
  31. Rule name: Wireless Sensor over limit
  32. Alert rule: %wireless_sensors.sensor_current >= %wireless_sensors.sensor_limit && %wireless_sensors.sensor_alert = "1" && %macros.device_up = "1"
  33. Alert query: SELECT * FROM wireless_sensors,devices WHERE (( devices.device_id = wireless_sensors.device_id ) && wireless_sensors.device_id = ?) && (wireless_sensors.sensor_current >= wireless_sensors.sensor_limit && wireless_sensors.sensor_alert = "1" && ((devices.status = 1 && ((devices.disabled = 0 && devices.ignore = 0)))) = "1")
  34. Rule match: no match
  35.  
  36. Rule name: Wireless Sensor under limit
  37. Alert rule: %wireless_sensors.sensor_current <= %wireless_sensors.sensor_limit_low && %wireless_sensors.sensor_alert = "1" && %macros.device_up = "1"
  38. Alert query: SELECT * FROM wireless_sensors,devices WHERE (( devices.device_id = wireless_sensors.device_id ) && wireless_sensors.device_id = ?) && (wireless_sensors.sensor_current <= wireless_sensors.sensor_limit_low && wireless_sensors.sensor_alert = "1" && ((devices.status = 1 && ((devices.disabled = 0 && devices.ignore = 0)))) = "1")
  39. Rule match: no match
  40.  
  41. Rule name: High memory usage
  42. Alert rule: %mempools.mempool_descr ~ "Virtual@" && %mempools.mempool_perc >= "92" && %devices.os !~ "FreeBSD"
  43. Alert query: SELECT * FROM mempools,devices WHERE (( devices.device_id = mempools.device_id ) && mempools.device_id = ?) && (mempools.mempool_descr REGEXP "Virtual.*" && mempools.mempool_perc >= "92" && devices.os NOT REGEXP "FreeBSD" )
  44. Rule match: no match
  45.  
  46. Rule name: Partition 90%+ full
  47. Alert rule: %storage.storage_perc >= "90" && %devices.os !~ "FreeBSD"
  48. Alert query: SELECT * FROM storage,devices WHERE (( devices.device_id = storage.device_id ) && storage.device_id = ?) && (storage.storage_perc >= "90" && devices.os NOT REGEXP "FreeBSD" )
  49. Rule match: no match
  50.  
  51. Rule name: sshd down
  52. Alert rule: %services.service_type = "ssh" && %services.service_status = "2" && %macros.device_up = "1"
  53. Alert query: SELECT * FROM services,devices WHERE (( devices.device_id = services.device_id ) && services.device_id = ?) && (services.service_type = "ssh" && services.service_status = "2" && ((devices.status = 1 && ((devices.disabled = 0 && devices.ignore = 0)))) = "1" )
  54. Rule match: no match
  55.  
  56. Rule name: Test
  57. Alert rule: %devices.hostname ~ "wts-jail"
  58. Alert query: SELECT * FROM devices WHERE (devices.device_id = ?) && (devices.hostname REGEXP "wts-jail" )
  59. Rule match: matches
  60.  
  61. Found 4 contacts to send alerts to.
  62. administrator<ITUnixAdmin@mso.umt.edu>
  63. Jon Robinson<jon.robinson@mso.umt.edu>
  64. Ryan Synder<ryan.snyder@mso.umt.edu>
  65. Shayne Johnson<shayne.johnson@mso.umt.edu>
  66.  
  67. Found 1 transports to send alerts to.
  68. Transport: mail
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!