LibreNMS Alerts

An overview of alerts used to monitor different anomalies.

Session down –

Trigger alert if we logged a RPKI session has gone down within the last 1 hour. Match based on syslog events from device. (Device > log > syslog)

syslog.msg LIKE '%RPD_RV_SESSIONDOWN%'
AND syslog.timestamp >= macros.past_60m
AND macros.device_up = 1

Broadcast packets exceeds threshold – JUNOS

Trigger alert if more than 300 broadcast pkt/s on 10/25/100 GbE interfaces. ifAlias (interface description on the device) needs to begin with “PEERING”.

ports_statistics.ifInBroadcastPkts_rate > 300
AND ports.ifAlias LIKE 'PEERING%'
AND macros.device_up = 1
AND (
  ports.ifName LIKE 'et-%'
  OR ports.ifName LIKE 'xe-%'
)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.