From 9f6d4fd2a29629134ccbc3a3136c79c9648d5b97 Mon Sep 17 00:00:00 2001 From: samber Date: Mon, 16 Mar 2026 01:34:59 +0000 Subject: [PATCH] Publish --- dist/rules/snmp/snmp-exporter.yml | 77 +++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 dist/rules/snmp/snmp-exporter.yml diff --git a/dist/rules/snmp/snmp-exporter.yml b/dist/rules/snmp/snmp-exporter.yml new file mode 100644 index 0000000..c60d7c9 --- /dev/null +++ b/dist/rules/snmp/snmp-exporter.yml @@ -0,0 +1,77 @@ +groups: + +- name: SnmpExporter + + # These rules use standard IF-MIB and SNMPv2-MIB metrics. Metric names depend on your snmp.yml module configuration. + # Thresholds for bandwidth and error rates are rough defaults - adjust to your environment. + + rules: + + # From the official snmp-mixin. + - alert: SnmpTargetDown + expr: 'up{job=~"snmp.*"} == 0' + for: 5m + labels: + severity: critical + annotations: + summary: SNMP target down (instance {{ $labels.instance }}) + description: "SNMP device {{ $labels.instance }} is unreachable.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: SnmpInterfaceDown + expr: 'ifOperStatus{ifAdminStatus="1"} == 2' + for: 2m + labels: + severity: critical + annotations: + summary: SNMP interface down (instance {{ $labels.instance }}) + description: "Interface {{ $labels.ifDescr }} on {{ $labels.instance }} is operationally down while administratively up.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + # Threshold is a rough default. Adjust based on your network environment. + - alert: SnmpInterfaceHighInboundErrorRate + expr: 'rate(ifInErrors[5m]) / (rate(ifHCInUcastPkts[5m]) + rate(ifHCInBroadcastPkts[5m]) + rate(ifHCInMulticastPkts[5m])) > 0.05 and (rate(ifHCInUcastPkts[5m]) + rate(ifHCInBroadcastPkts[5m]) + rate(ifHCInMulticastPkts[5m])) > 0' + for: 5m + labels: + severity: warning + annotations: + summary: SNMP interface high inbound error rate (instance {{ $labels.instance }}) + description: "Interface {{ $labels.ifDescr }} on {{ $labels.instance }} has an inbound error rate above 5%.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + # Threshold is a rough default. Adjust based on your network environment. + - alert: SnmpInterfaceHighOutboundErrorRate + expr: 'rate(ifOutErrors[5m]) / (rate(ifHCOutUcastPkts[5m]) + rate(ifHCOutBroadcastPkts[5m]) + rate(ifHCOutMulticastPkts[5m])) > 0.05 and (rate(ifHCOutUcastPkts[5m]) + rate(ifHCOutBroadcastPkts[5m]) + rate(ifHCOutMulticastPkts[5m])) > 0' + for: 5m + labels: + severity: warning + annotations: + summary: SNMP interface high outbound error rate (instance {{ $labels.instance }}) + description: "Interface {{ $labels.ifDescr }} on {{ $labels.instance }} has an outbound error rate above 5%.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + # Threshold is a rough default. Adjust based on your link capacity and traffic patterns. + - alert: SnmpInterfaceHighBandwidthUsageInbound + expr: 'rate(ifHCInOctets[5m]) * 8 / ifSpeed > 0.80 and ifSpeed > 0' + for: 15m + labels: + severity: warning + annotations: + summary: SNMP interface high bandwidth usage inbound (instance {{ $labels.instance }}) + description: "Interface {{ $labels.ifDescr }} on {{ $labels.instance }} inbound utilization is above 80%.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + # Threshold is a rough default. Adjust based on your link capacity and traffic patterns. + - alert: SnmpInterfaceHighBandwidthUsageOutbound + expr: 'rate(ifHCOutOctets[5m]) * 8 / ifSpeed > 0.80 and ifSpeed > 0' + for: 15m + labels: + severity: warning + annotations: + summary: SNMP interface high bandwidth usage outbound (instance {{ $labels.instance }}) + description: "Interface {{ $labels.ifDescr }} on {{ $labels.instance }} outbound utilization is above 80%.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + # sysUpTime is in centiseconds (hundredths of a second). + - alert: SnmpDeviceRestarted + expr: 'sysUpTime / 100 < 300' + for: 0m + labels: + severity: info + annotations: + summary: SNMP device restarted (instance {{ $labels.instance }}) + description: "SNMP device {{ $labels.instance }} has restarted (uptime < 5 minutes).\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"