librenms-librenms/misc/alert_rules.json

[
  {
    "rule": "%macros.device_down = \"1\"",
    "name": "Devices up/down",
    "default": true
  },
  {
    "rule": "%devices.uptime < \"300\" && %macros.device = \"1\"",
    "name": "Device rebooted",
    "extra": "{\"count\": 1}",
    "default": true
  },
  {
    "rule": "%bgpPeers.bgpPeerState != \"established\" && %macros.device_up = \"1\"",
    "name": "BGP Session down",
    "extra": "{\"count\": 1}",
    "default": true
  },
  {
    "rule": "%bgpPeers.bgpPeerFsmEstablishedTime < \"300\" && %bgpPeers.bgpPeerState = \"established\" && %macros.device_up = \"1\"",
    "name": "BGP Session established",
    "extra": "{\"count\": 1}",
    "default": true
  },
  {
    "rule": "%macros.port_down = \"1\"",
    "name": "Port status up/down",
    "extra": "{\"count\": 1}",
    "default": true
  },
  {
    "rule": "%macros.port_usage_perc >= \"80\" && %macros.port_up = \"1\" && %macros.port = \"1\"",
    "name": "Port utilisation over threshold",
    "default": true
  },
  {
    "rule": "%sensors.sensor_current > %sensors.sensor_limit && %sensors.sensor_alert = \"1\" && %macros.device_up = \"1\"",
    "name": "Sensor over limit",
    "default": true
  },
  {
    "rule": "%sensors.sensor_current < %sensors.sensor_limit_low && %sensors.sensor_alert = \"1\" && %macros.device_up = \"1\"",
    "name": "Sensor under limit",
    "default": true
  },
  {
    "rule": "%services.service_status != \"0\" && %macros.device_up = \"1\"",
    "name": "Service up/down",
    "default": true
  },
  {
    "rule": "%wireless_sensors.sensor_current >= %wireless_sensors.sensor_limit && %wireless_sensors.sensor_alert = \"1\" && %macros.device_up = \"1\"",
    "name": "Wireless Sensor over limit",
    "default": true
  },
  {
    "rule": "%wireless_sensors.sensor_current <= %wireless_sensors.sensor_limit_low && %wireless_sensors.sensor_alert = \"1\" && %macros.device_up = \"1\"",
    "name": "Wireless Sensor under limit",
    "default": true
  },
  {
    "rule": "%macros.bill_quota_over_quota >= \"75\"",
    "name": "Quota bills over 75% used"
  },
  {
    "rule": "%macros.bill_cdr_over_quota >= \"75\"",
    "name": "CDR bills over 75% used"
  },
  {
    "rule": "%ipsec_tunnels.tunnel_status != \"active\" && %macros.device_up = \"1\"",
    "name": "IPSec tunnels down"
  },
  {
    "rule": "%pollers.time_taken >= \"250\"",
    "name": "Poller is taking too long"
  },
  {
    "rule": "%macros.device_up = \"1\" && %devices.os = \"asa\" && %ciscoASA.data > \"5000\"",
    "name": "Cisco ASA connections over 5000"
  },
  {
    "rule": "%processors.processor_usage > \"85\" && %macros.device_up = \"1\"",
    "name": "Processor usage over 85%"
  },
  {
    "rule": "%sensors.sensor_descr = \"Primary Unit.*\" && %sensors.sensor_current = \"10\" && %sensors.sensor_prev = \"9\"",
    "name": "Cisco ASA Primary unit changed to standby"
  },
  {
    "rule": "%ports.ifOperStatus = \"down\" && %ports.ifOperStatus_prev = \"up\" && %macros.device_up = \"1\"",
    "name": "Port status change from up to down"
  },
  {
    "rule": "%ports.ifOutErrors_rate >= \"100\" || %ports.ifInErrors_rate >= \"100\"",
    "name": "Interface Errors Rate greater than 100"
  },
  {
    "rule": "%eventlog.type = \"discovery\" && %eventlog.message ~ \"@autodiscovered@\" && %eventlog.datetime >= %macros.past_60m",
    "name": "Device discovered within the last 60 minutes"
  },
  {
    "rule": "%wireless_sensors.sensor_class = 'clients' && %wireless_sensors.sensor_current >= %wireless_sensors.sensor_limit && %wireless_sensors.sensor_alert = \"1\" && %macros.device_up = \"1\"",
    "name": "Too many wireless clients"
  },
  {
    "rule": "%syslog.timestamp > = %macros.past_5m && %syslog.msg ~ \"@authentication failure@\"",
    "name": "Syslog, Authentication failure on Device"
  },
  {
    "rule": "%services.service_status = \"1\"",
    "name": "Service warning"
  },
  {
    "rule": "%services.service_status = \"2\"",
    "name": "Service critical"
  },
   {
    "rule": "%syslog.timestamp >= %macros.past_5m && %syslog.priority ~ \"alert\"",
    "name": "Syslog, received Alert Priority Message"
  },
    {
    "rule": "%syslog.timestamp >= %macros.past_5m && %syslog.priority ~ \"emergency\"",
    "name": "Syslog, received Emergency Priority Message"
  },
     {
    "rule": "%syslog.timestamp = %macros.past_5m && %syslog.msg ~ \"@arp table is full@\"",
    "name": "Syslog, ARP table is full check on device "
  },
   {
    "rule": "%sensors.sensor_type = \"upsAdvBatteryReplaceIndicator\" && %sensors.sensor_current = \"2\"",
    "name": "APC UPS Battery Needs Replacement"
  },
  {
    "rule": "%sensors.sensor_current = \"3\" && %sensors.sensor_type = \"upsBasicOutputStatus\"",
    "name": "APC UPS Switched to Battery Power"
  },
  {
    "rule": "%sensors.sensor_current = \"10\" && %sensors.sensor_type = \"upsBasicOutputStatus\"",
    "name": "APC UPS in Hardware Failure Bypass Mode"
  },
  {
    "rule": "%sensors.sensor_current = \"16\" && %sensors.sensor_type = \"upsBasicOutputStatus\"",
    "name": "APC UPS in Emergency Static Bypass Mode"
  },
  {
    "rule": "%sensors.sensor_current = \"12\" && %sensors.sensor_type = \"upsBasicOutputStatus\"",
    "name": "APC UPS in Smart Trim Mode"
  },
   {
    "rule": "%sensors.sensor_oid ~ \".1.3.6.1.4.1.11.2.14.11.1.2.6.1.4.[2-5]\" && %sensors.sensor_current = \"2\"",
    "name": "HP Procurve Bad Power Supply"
  },
    {
    "rule": "%sensors.sensor_oid = \".1.3.6.1.4.1.11.2.14.11.1.2.6.1.4.1\" && %sensors.sensor_current = \"2\"",
    "name": "HP Procurve Fan Fault"
  },
  {
    "rule": "%sensors.sensor_current > %sensors.sensor_limit && %sensors.sensor_alert = \"1\" && %macros.device_up = \"1\" && %macros.sensor_port_link = \"1\"",
    "name": "Sensor over limit with linked port"
  },
  {
    "rule": "%sensors.sensor_current < %sensors.sensor_limit_low && %sensors.sensor_alert = \"1\" && %macros.device_up = \"1\" && %macros.sensor_port_link = \"1\"",
    "name": "Sensor under limit with linked port"
  }
]