An overview of LibreNMS alerts used to monitor different anomalies.
RPKI Session down – JUNOS
Trigger alert if we logged a RPKI session has gone down within the last 1 hour. Match based on syslog events from device. (Device > log > syslog)
syslog.msg LIKE '%RPD_RV_SESSIONDOWN%'
AND syslog.timestamp >= macros.past_60m
AND macros.device_up = 1Broadcast packets exceeds threshold – JUNOS
Trigger alert if more than 300 broadcast pkt/s on 10/25/100 GbE interfaces. ifAlias (interface description on the network device) needs to begin with “PEERING”.
ports_statistics.ifInBroadcastPkts_rate > 300
AND ports.ifAlias LIKE 'PEERING%'
AND macros.device_up = 1
AND (
ports.ifName LIKE 'et-%'
OR ports.ifName LIKE 'xe-%'
)