記錄了prometheus 告警指標
主機和硬件監控
可用內存指標
主機中可用內存容量不足 10%
- alert: HostOutOfMemory
expr: node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes * 100 < 10
for: 5m
labels:
severity: warning
annotations:
summary: Host out of memory (instance {{ $labels.instance }})
description: Node memory is filling up (< 10% left)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
內存
節點內存壓力大。主要頁面故障率高
- alert: HostMemoryUnderMemoryPressure
expr: rate(node_vmstat_pgmajfault[1m]) > 1000
for: 5m
labels:
severity: warning
annotations:
summary: Host memory under memory pressure (instance {{ $labels.instance }})
description: The node is under heavy memory pressure. High rate of major page faults\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機網絡接口流入流量異常
主機網絡接口可能接收了太多的數據(> 100 MB/s)。閥值根據自己機器背板網卡決定
- alert: HostUnusualNetworkThroughputIn
expr: sum by (instance) (rate(node_network_receive_bytes_total[2m])) / 1024 / 1024 > 100
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual network throughput in (instance {{ $labels.instance }})
description: Host network interfaces are probably receiving too much data (> 100 MB/s)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機網絡接口流出流量異常
主機網絡接口可能發送了太多的數據(> 100 MB/s)。
- alert: HostUnusualNetworkThroughputOut
expr: sum by (instance) (rate(node_network_transmit_bytes_total[2m])) / 1024 / 1024 > 100
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual network throughput out (instance {{ $labels.instance }})
description: Host network interfaces are probably sending too much data (> 100 MB/s)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機網絡接收錯誤
{{ $labels.instance }}接口{{ $labels.device }}在過去5分鍾內遇到{{ printf "%.0f" $value }}接收錯誤。
- alert: HostNetworkReceiveErrors
expr: increase(node_network_receive_errs_total[5m]) > 0
for: 5m
labels:
severity: warning
annotations:
summary: Host Network Receive Errors (instance {{ $labels.instance }})
description: {{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} receive errors in the last five minutes.\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機網絡傳輸錯誤
{{ $labels.instance }} 接口 {{ $labels.device }} 在過去五分鍾內遇到 {{ printf "%.0f" $value }} 發送錯誤。
- alert: HostNetworkTransmitErrors
expr: increase(node_network_transmit_errs_total[5m]) > 0
for: 5m
labels:
severity: warning
annotations:
summary: Host Network Transmit Errors (instance {{ $labels.instance }})
description: {{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} transmit errors in the last five minutes.\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機磁盤讀速率
磁盤每秒讀數據(> 50 MB/s)。
- alert: HostUnusualDiskReadRate
expr: sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual disk read rate (instance {{ $labels.instance }})
description: Disk is probably reading too much data (> 50 MB/s)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機磁盤寫速率
磁盤每秒寫數據
- alert: HostUnusualDiskWriteRate
expr: sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual disk write rate (instance {{ $labels.instance }})
description: Disk is probably writing too much data (> 50 MB/s)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機磁盤剩余空間
磁盤可用空間(<10% left)
# please add ignored mountpoints in node_exporter parameters like
# "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev|run)($|/)"
- alert: HostOutOfDiskSpace
expr: (node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10
for: 5m
labels:
severity: warning
annotations:
summary: Host out of disk space (instance {{ $labels.instance }})
description: Disk is almost full (< 10% left)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
根據磁盤目前的增長速度,在幾個小時內是否會寫滿
根據當前一小時內磁盤增長量,判斷磁盤在 4 個小時內會不會被寫滿
- alert: HostDiskWillFillIn4Hours
expr: predict_linear(node_filesystem_free_bytes{fstype!~"tmpfs"}[1h], 4 * 3600) < 0
for: 5m
labels:
severity: warning
annotations:
summary: Host disk will fill in 4 hours (instance {{ $labels.instance }})
description: Disk will fill in 4 hours at current write rate\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機中inode 文件句柄報警
磁盤可用的inode快用完了(<10%)。
- alert: HostOutOfInodes
expr: node_filesystem_files_free{mountpoint ="/rootfs"} / node_filesystem_files{mountpoint ="/rootfs"} * 100 < 10
for: 5m
labels:
severity: warning
annotations:
summary: Host out of inodes (instance {{ $labels.instance }})
description: Disk is almost running out of available inodes (< 10% left)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
磁盤讀延遲
磁盤讀取延遲大(讀取操作>100ms)
- alert: HostUnusualDiskReadLatency
expr: rate(node_disk_read_time_seconds_total[1m]) / rate(node_disk_reads_completed_total[1m]) > 0.1 and rate(node_disk_reads_completed_total[1m]) > 0
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual disk read latency (instance {{ $labels.instance }})
description: Disk latency is growing (read operations > 100ms)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
磁盤寫入延遲大
磁盤寫入延遲大(寫操作>100ms)
- alert: HostUnusualDiskWriteLatency
expr: rate(node_disk_write_time_seconds_total[1m]) / rate(node_disk_writes_completed_total[1m]) > 0.1 and rate(node_disk_writes_completed_total[1m]) > 0
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual disk write latency (instance {{ $labels.instance }})
description: Disk latency is growing (write operations > 100ms)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機 cpu 負載高
cpu 負載大於 > 80%
- alert: HostHighCpuLoad
expr: 100 - (avg by(instance) (rate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 80
for: 5m
labels:
severity: warning
annotations:
summary: Host high CPU load (instance {{ $labels.instance }})
description: CPU load is > 80%\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機上下文切換
上下文切換的節點越來越多(>1000/s)
# 1000 context switches is an arbitrary number.
# Alert threshold depends on nature of application.
# Please read: https://github.com/samber/awesome-prometheus-alerts/issues/58
- alert: HostContextSwitching
expr: (rate(node_context_switches_total[5m])) / (count without(cpu, mode) (node_cpu_seconds_total{mode="idle"})) > 1000
for: 5m
labels:
severity: warning
annotations:
summary: Host context switching (instance {{ $labels.instance }})
description: Context switching is growing on node (> 1000 / s)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機 swap 分區使用
主機 swap 交換分區使用情況 (> 80%)
- alert: HostSwapIsFillingUp
expr: (1 - (node_memory_SwapFree_bytes / node_memory_SwapTotal_bytes)) * 100 > 80
for: 5m
labels:
severity: warning
annotations:
summary: Host swap is filling up (instance {{ $labels.instance }})
description: Swap is filling up (>80%)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機 systemctl 管理的服務 down 了
主機上systemctl 管理的服務不正常,failed了,根據自己的實際情況來判斷哪些服務
- alert: HostSystemdServiceCrashed
expr: node_systemd_unit_state{state="failed"} == 1
for: 5m
labels:
severity: warning
annotations:
summary: Host SystemD service crashed (instance {{ $labels.instance }})
description: SystemD service crashed\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機物理元設備(有的虛擬機可能沒有此指標)
物理機溫度過高
- alert: HostPhysicalComponentTooHot
expr: node_hwmon_temp_celsius > 75
for: 5m
labels:
severity: warning
annotations:
summary: Host physical component too hot (instance {{ $labels.instance }})
description: Physical hardware component too hot\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機節點超溫報警(有的虛擬機可能沒有此指標)
觸發物理節點溫度報警
- alert: HostNodeOvertemperatureAlarm
expr: node_hwmon_temp_alarm == 1
for: 5m
labels:
severity: critical
annotations:
summary: Host node overtemperature alarm (instance {{ $labels.instance }})
description: Physical node temperature alarm triggered\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機RAID 卡陣列失效(虛擬機可能沒有此指標)
RAID陣列{{$labels.device }}由於一個或多個磁盤故障而處於退化狀態。備用硬盤的數量不足以自動修復問題。
- alert: HostRaidArrayGotInactive
expr: node_md_state{state="inactive"} > 0
for: 5m
labels:
severity: critical
annotations:
summary: Host RAID array got inactive (instance {{ $labels.instance }})
description: RAID array {{ $labels.device }} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically.\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機RAID磁盤故障(虛擬機可能沒有此指標)
在{{ $labels.instance }} 的RAID陣列中至少有一個設備失敗。陣列{{ $labels.md_device }}需要注意,可能需要進行磁盤更換
- alert: HostRaidDiskFailure
expr: node_md_disks{state="failed"} > 0
for: 5m
labels:
severity: warning
annotations:
summary: Host RAID disk failure (instance {{ $labels.instance }})
description: At least one device in RAID array on {{ $labels.instance }} failed. Array {{ $labels.md_device }} needs attention and possibly a disk swap\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
主機內核版本偏差
不同的內核版本正在運行
- alert: HostKernelVersionDeviations
expr: count(sum(label_replace(node_uname_info, "kernel", "$1", "release", "([0-9]+.[0-9]+.[0-9]+).*")) by (kernel)) > 1
for: 5m
labels:
severity: warning
annotations:
summary: Host kernel version deviations (instance {{ $labels.instance }})
description: Different kernel versions are running\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
檢測主機 OOM 殺進程
- alert: HostOomKillDetected
expr: increase(node_vmstat_oom_kill[5m]) > 0
for: 5m
labels:
severity: warning
annotations:
summary: Host OOM kill detected (instance {{ $labels.instance }})
description: OOM kill detected\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
檢測到主機EDAC可糾正的錯誤
{{ $labels.instance }}在過去5分鍾內,EDAC報告了{{ printf "%.0f" $value }}可糾正的內存錯誤。
- alert: HostEdacCorrectableErrorsDetected
expr: increase(node_edac_correctable_errors_total[5m]) > 0
for: 5m
labels:
severity: info
annotations:
summary: Host EDAC Correctable Errors detected (instance {{ $labels.instance }})
description: {{ $labels.instance }} has had {{ printf "%.0f" $value }} correctable memory errors reported by EDAC in the last 5 minutes.\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
檢測到主機EDAC不正確的錯誤
{{ $labels.instance }}在過去5分鍾內,EDAC報告了{{ printf "%.0f" $value }}不可糾正的內存錯誤。
- alert: HostEdacUncorrectableErrorsDetected
expr: node_edac_uncorrectable_errors_total > 0
for: 5m
labels:
severity: warning
annotations:
summary: Host EDAC Uncorrectable Errors detected (instance {{ $labels.instance }})
description: {{ $labels.instance }} has had {{ printf "%.0f" $value }} uncorrectable memory errors reported by EDAC in the last 5 minutes.\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Docker 容器
一個容器消失
- alert: ContainerKilled
expr: time() - container_last_seen > 60
for: 5m
labels:
severity: warning
annotations:
summary: Container killed (instance {{ $labels.instance }})
description: A container has disappeared\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
容器 cpu 的使用量
容器CPU使用率超過80%。
# cAdvisor有時會消耗大量的CPU,所以這個警報會不斷地響起。
# If you want to exclude it from this alert, just use: container_cpu_usage_seconds_total{name!=""}
- alert: ContainerCpuUsage
expr: (sum(rate(container_cpu_usage_seconds_total[3m])) BY (instance, name) * 100) > 80
for: 5m
labels:
severity: warning
annotations:
summary: Container CPU usage (instance {{ $labels.instance }})
description: Container CPU usage is above 80%\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
容器內存的使用量
容器內存使用率超過 80%。
# See https://medium.com/faun/how-much-is-too-much-the-linux-oomkiller-and-used-memory-d32186f29c9d
- alert: ContainerMemoryUsage
expr: (sum(container_memory_working_set_bytes) BY (instance, name) / sum(container_spec_memory_limit_bytes > 0) BY (instance, name) * 100) > 80
for: 5m
labels:
severity: warning
annotations:
summary: Container Memory usage (instance {{ $labels.instance }})
description: Container Memory usage is above 80%\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
容器磁盤的使用量
容器磁盤使用量超過 80%
- alert: ContainerVolumeUsage
expr: (1 - (sum(container_fs_inodes_free) BY (instance) / sum(container_fs_inodes_total) BY (instance)) * 100) > 80
for: 5m
labels:
severity: warning
annotations:
summary: Container Volume usage (instance {{ $labels.instance }})
description: Container Volume usage is above 80%\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Redis 相關報警信息
redis down
redis 服務 down 了,報警
- alert: RedisDown
expr: redis_up == 0
for: 5m
labels:
severity: critical
annotations:
summary: Redis down (instance {{ $labels.instance }})
description: Redis instance is down\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
redis 缺少主節點(集群,或者sentinel 模式才有)
redis 集群中缺少標記的主節點
- alert: RedisMissingMaster
expr: (count(redis_instance_info{role="master"}) or vector(0)) < 1
for: 5m
labels:
severity: critical
annotations:
summary: Redis missing master (instance {{ $labels.instance }})
description: Redis cluster has no node marked as master.\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Redis 主節點過多
redis 集群中被標記的主節點過多
- alert: RedisTooManyMasters
expr: count(redis_instance_info{role="master"}) > 1
for: 5m
labels:
severity: critical
annotations:
summary: Redis too many masters (instance {{ $labels.instance }})
description: Redis cluster has too many nodes marked as master.\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Redis 復制中斷
Redis實例丟失了一個slave
- alert: RedisReplicationBroken
expr: delta(redis_connected_slaves[1m]) < 0
for: 5m
labels:
severity: critical
annotations:
summary: Redis replication broken (instance {{ $labels.instance }})
description: Redis instance lost a slave\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Redis 集群 flapping
在Redis副本連接中檢測到變化。當復制節點失去與主節點的連接並重新連接(也就是flapping)時,會發生這種情況。
- alert: RedisClusterFlapping
expr: changes(redis_connected_slaves[5m]) > 2
for: 5m
labels:
severity: critical
annotations:
summary: Redis cluster flapping (instance {{ $labels.instance }})
description: Changes have been detected in Redis replica connection. This can occur when replica nodes lose connection to the master and reconnect (a.k.a flapping).\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Redis缺少備份
Redis已經有24小時沒有備份了。
- alert: RedisMissingBackup
expr: time() - redis_rdb_last_save_timestamp_seconds > 60 * 60 * 24
for: 5m
labels:
severity: critical
annotations:
summary: Redis missing backup (instance {{ $labels.instance }})
description: Redis has not been backuped for 24 hours\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Redis內存不足
Redis內存耗盡(>90%)。
#需要 redis 實例設置 maxmemory maxmemory-policy 最大使用內存參數
- alert: RedisOutOfMemory
expr: redis_memory_used_bytes / redis_total_system_memory_bytes * 100 > 90
for: 5m
labels:
severity: warning
annotations:
summary: Redis out of memory (instance {{ $labels.instance }})
description: Redis is running out of memory (> 90%)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Redis連接數過多
Redis實例有太多的連接
- alert: RedisTooManyConnections
expr: redis_connected_clients > 100
for: 5m
labels:
severity: warning
annotations:
summary: Redis too many connections (instance {{ $labels.instance }})
description: Redis instance has too many connections\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Redis連接數不足
Redis實例應該有更多的連接(> 5)。
- alert: RedisNotEnoughConnections
expr: redis_connected_clients < 5
for: 5m
labels:
severity: warning
annotations:
summary: Redis not enough connections (instance {{ $labels.instance }})
description: Redis instance should have more connections (> 5)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Redis拒絕連接
一些與Redis的連接已被拒絕
- alert: RedisRejectedConnections
expr: increase(redis_rejected_connections_total[1m]) > 0
for: 5m
labels:
severity: critical
annotations:
summary: Redis rejected connections (instance {{ $labels.instance }})
description: Some connections to Redis has been rejected\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
rabbitmq 監控 : [rabbitmq/rabbitmq-prometheus ]
rabbitmq 節點 down
節點數量少於 1 個
- alert: RabbitmqNodeDown
expr: sum(rabbitmq_build_info) < 3
for: 5m
labels:
severity: critical
annotations:
summary: Rabbitmq node down (instance {{ $labels.instance }})
description: Less than 3 nodes running in RabbitMQ cluster\n VALUE = {{ $value }}\n LABELS: {{ $labels }} - alert: RabbitmqDown
expr: rabbitmq_up == 0
for: 5m
labels:
severity: critical
annotations:
summary: Rabbitmq down (instance {{ $labels.instance }})
description: RabbitMQ node down\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Rabbitmq實例的不同版本
在同一集群中運行不同版本的Rabbitmq,可能會導致失敗。
- alert: RabbitmqInstancesDifferentVersions
expr: count(count(rabbitmq_build_info) by (rabbitmq_version)) > 1
for: 5m
labels:
severity: warning
annotations:
summary: Rabbitmq instances different versions (instance {{ $labels.instance }})
description: Running different version of Rabbitmq in the same cluster, can lead to failure.\n VALUE = {{ $value }}\n LABELS: {{ $labels }} - alert: RabbitmqClusterPartition
expr: rabbitmq_partitions > 0
for: 5m
labels:
severity: critical
annotations:
summary: Rabbitmq cluster partition (instance {{ $labels.instance }})
description: Cluster partition\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Rabbitmq內存高
一個節點使用了90%以上的內存分配。
- alert: RabbitmqMemoryHigh
expr: rabbitmq_process_resident_memory_bytes / rabbitmq_resident_memory_limit_bytes * 100 > 90
for: 5m
labels:
severity: warning
annotations:
summary: Rabbitmq memory high (instance {{ $labels.instance }})
description: A node use more than 90% of allocated RAM\n VALUE = {{ $value }}\n LABELS: {{ $labels }} - alert: RabbitmqOutOfMemory
expr: rabbitmq_node_mem_used / rabbitmq_node_mem_limit * 100 > 90
for: 5m
labels:
severity: warning
annotations:
summary: Rabbitmq out of memory (instance {{ $labels.instance }})
description: Memory available for RabbmitMQ is low (< 10%)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Rabbitmq文件描述符的用法
一個節點使用90%以上的文件描述符。
- alert: RabbitmqFileDescriptorsUsage
expr: rabbitmq_process_open_fds / rabbitmq_process_max_fds * 100 > 90
for: 5m
labels:
severity: warning
annotations:
summary: Rabbitmq file descriptors usage (instance {{ $labels.instance }})
description: A node use more than 90% of file descriptors\n VALUE = {{ $value }}\n LABELS: {{ $labels }} - alert: RabbitmqTooManyConnections
expr: rabbitmq_connectionsTotal > 1000
for: 5m
labels:
severity: warning
annotations:
summary: Rabbitmq too many connections (instance {{ $labels.instance }})
description: RabbitMQ instance has too many connections (> 1000)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Rabbitmq連接數太多
節點的總連接數過高。
- alert: RabbitmqTooMuchConnections
expr: rabbitmq_connections > 1000
for: 5m
labels:
severity: warning
annotations:
summary: Rabbitmq too much connections (instance {{ $labels.instance }})
description: The total connections of a node is too high\n VALUE = {{ $value }}\n LABELS: {{ $labels }} - alert: RabbitmqTooManyMessagesInQueue
expr: rabbitmq_queue_messages_ready{queue="my-queue"} > 1000
for: 5m
labels:
severity: warning
annotations:
summary: Rabbitmq too many messages in queue (instance {{ $labels.instance }})
description: Queue is filling up (> 1000 msgs)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Rabbitmq無隊列消費
一個隊列的消費者少於1個
- alert: RabbitmqNoQueueConsumer
expr: rabbitmq_queue_consumers < 1
for: 5m
labels:
severity: warning
annotations:
summary: Rabbitmq no queue consumer (instance {{ $labels.instance }})
description: A queue has less than 1 consumer\n VALUE = {{ $value }}\n LABELS: {{ $labels }} - alert: RabbitmqSlowQueueConsuming
expr: time() - rabbitmq_queue_head_message_timestamp{queue="my-queue"} > 60
for: 5m
labels:
severity: warning
annotations:
summary: Rabbitmq slow queue consuming (instance {{ $labels.instance }})
description: Queue messages are consumed slowly (> 60s)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}
Rabbitmq不可路由的消息
一個隊列有不可更改的消息
- alert: RabbitmqUnroutableMessages
expr: increase(rabbitmq_channel_messages_unroutable_returned_total[5m]) > 0 or increase(rabbitmq_channel_messages_unroutable_dropped_total[5m]) > 0
for: 5m
labels:
severity: warning
annotations:
summary: Rabbitmq unroutable messages (instance {{ $labels.instance }})
description: A queue has unroutable messages\n VALUE = {{ $value }}\n LABELS: {{ $labels }} - alert: RabbitmqNoConsumer
expr: rabbitmq_queue_consumers == 0
for: 5m
labels:
severity: critical
annotations:
summary: Rabbitmq no consumer (instance {{ $labels.instance }})
description: Queue has no consumer\n VALUE = {{ $value }}\n LABELS: {{ $labels }}