我的书签
添加书签
移除书签监控策略
Nightingale因为内置了服务树这种机器分组机制,和Open-Falcon相比,告警灵活性是一个质的提升
Nightingale的告警策略与Open-Falcon的配置有很大区别。首先取消了策略模板的机制,每一条策略都可以单独配置告警接收人,其次,策略可以直接绑定到服务树节点上,节点下的所有机器都会继承生效,另外还增加了一些字段,下面挨个字段解释:
- 策略名称:描述这条策略的作用,比如“CPU利用率超过85%”
- 生效节点:关联的服务树节点,节点下所有机器都会应用这条策略
- 排除节点:生效节点下面的部分子节点可能较为特殊需要排除,可以用此配置解决
- 报警级别:分三级,P1最严重,报警之后事件通过所有报警通道推送,P3不严重,只用部分通道
- 统计周期:判断报警的时候使用最近多长时间以内的数据
- 触发条件:支持与条件,即两个条件都满足才报警
- Tag过滤:可以配置只生效监控指标的部分tag,或者排除部分tag,比如disk.io.util只监控sda
- 执行动作:配置报警收敛策略和报警接收人,也支持配置回调,与自动化逻辑打通
- 留观时长:告警恢复后持续观察多少秒,称为留观时长,未再触发阈值才发送恢复通知
- 静默恢复:即只发送告警消息,不发送恢复通知,默认会发送,即不开启静默恢复
- 生效时间:即策略生效时间,默认7*24生效,可以配置只生效部分时间段
策略配置页面支持导入,这里整理了一些常见策略,可以一键导入,然后批量修改一下报警接收人就可以用起来了 :-)
[{"name": "timewait状态tcp连接超过2万","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 3,"runbook": "","nids": null,"exprs": [{"eopt": ">","func": "all","metric": "net.sockets.tcp.timewait","params": [],"threshold": 20000}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null},{"name": "内存利用率大于75%","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 2,"runbook": "","nids": null,"exprs": [{"eopt": ">","func": "all","metric": "mem.bytes.used.percent","params": [],"threshold": 75}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null},{"name": "机器loadavg大于16","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 2,"runbook": "","nids": null,"exprs": [{"eopt": ">","func": "all","metric": "cpu.loadavg.1","params": [],"threshold": 16}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null},{"name": "某磁盘无法正常读写","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 1,"runbook": "","nids": null,"exprs": [{"eopt": ">","func": "all","metric": "disk.rw.error","params": [],"threshold": 0}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null},{"name": "监控agent失联","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 1,"runbook": "","nids": null,"exprs": [{"eopt": "=","func": "nodata","metric": "proc.agent.alive","params": [],"threshold": 0}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null},{"name": "磁盘利用率达到85%","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 3,"runbook": "","nids": null,"exprs": [{"eopt": ">","func": "all","metric": "disk.bytes.used.percent","params": [],"threshold": 85}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null},{"name": "磁盘利用率达到88%","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 2,"runbook": "","nids": null,"exprs": [{"eopt": ">","func": "all","metric": "disk.bytes.used.percent","params": [],"threshold": 88}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null},{"name": "磁盘利用率达到92%","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 1,"runbook": "","nids": null,"exprs": [{"eopt": ">","func": "all","metric": "disk.bytes.used.percent","params": [],"threshold": 92}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null},{"name": "端口挂了","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 2,"runbook": "","nids": null,"exprs": [{"eopt": "!=","func": "all","metric": "proc.port.listen","params": [],"threshold": 1}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null},{"name": "网卡入方向丢包","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 2,"runbook": "","nids": null,"exprs": [{"eopt": ">","func": "all","metric": "net.in.dropped","params": [],"threshold": 3}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null},{"name": "网卡入方向错包","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 2,"runbook": "","nids": null,"exprs": [{"eopt": ">","func": "all","metric": "net.in.errs","params": [],"threshold": 3}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null},{"name": "网卡出方向丢包","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 2,"runbook": "","nids": null,"exprs": [{"eopt": ">","func": "all","metric": "net.out.dropped","params": [],"threshold": 3}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null},{"name": "网卡出方向错包","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 2,"runbook": "","nids": null,"exprs": [{"eopt": ">","func": "all","metric": "net.out.errs","params": [],"threshold": 3}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null},{"name": "进程总数超过3000","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 1,"runbook": "","nids": null,"exprs": [{"eopt": ">","func": "all","metric": "sys.ps.process.total","params": [],"threshold": 3000}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null},{"name": "进程挂了","category": 1,"alert_dur": 60,"recovery_dur": 0,"recovery_notify": 1,"enable_stime": "00:00","enable_etime": "23:59","priority": 2,"runbook": "","nids": null,"exprs": [{"eopt": "<","func": "all","metric": "proc.num","params": [],"threshold": 1}],"tags": [],"enable_days_of_week": [0,1,2,3,4,5,6],"converge": [36000,1],"endpoints": null,"judge_instance": "","work_groups": null}]
最后修改 2021-02-06: v2 (bb04a83)
