Commit ebc4c6bb authored by ale's avatar ale
Browse files

Change exported_service->service label now that auth-server is builtin

parent 32cf4031
......@@ -9,14 +9,14 @@ groups:
#
# Services that are excluded here should be added to NoLogins.
- alert: TooManyLoginFailures
expr: service:auth_requests_ok:ratio{exported_service!="smtp"} < 0.2 and service:auth_requests_ok:delta10m{exported_service!="smtp"} > 5
expr: service:auth_requests_ok:ratio{service!="smtp"} < 0.2 and service:auth_requests_ok:delta10m{service!="smtp"} > 5
for: 10m
labels:
severity: page
scope: global
annotations:
summary: 'Too many login failures for service {{$labels.exported_service}}'
description: 'The percentage of successful authentications on auth-server with service={{$labels.exported_service}} is too low ({{$value}}). This can indicate a brute-forcing attack (depending on the service), or a failure in the auth-server itself.'
summary: 'Too many login failures for service {{$labels.service}}'
description: 'The percentage of successful authentications on auth-server with service={{$labels.service}} is too low ({{$value}}). This can indicate a brute-forcing attack (depending on the service), or a failure in the auth-server itself.'
runbook: '[[ alert_runbook_fmt | format("TooManyLoginFailures") ]]'
# We also want to check that, for some important services, there
......@@ -27,13 +27,13 @@ groups:
# Services included in the regexp match here should be excluded
# from the TooManyLoginFailures alert.
- alert: NoLogins
expr: service:auth_requests_ok:delta10m{exported_service="smtp"} < 3
expr: service:auth_requests_ok:delta10m{service="smtp"} < 3
for: 10m
labels:
severity: page
scope: global
annotations:
summary: 'No successful logins for service {{$labels.exported_service}}'
description: 'The auth-server is not reporting successful logins with service={{$labels.exported_service}}. This might indicate something broken with the auth-server itself.'
summary: 'No successful logins for service {{$labels.service}}'
description: 'The auth-server is not reporting successful logins with service={{$labels.service}}. This might indicate something broken with the auth-server itself.'
runbook: '[[ alert_runbook_fmt | format("NoLogins") ]]'
......@@ -2,13 +2,13 @@ groups:
- name: roles/ai3-prometheus/files/rules/rules_auth.conf
rules:
- record: service:auth_requests:rate5m
expr: sum(rate(auth_requests[5m])) by (exported_service, status)
expr: sum(rate(auth_requests[5m])) by (service, status)
- record: service:auth_requests_ok:ratio
expr: sum(service:auth_requests:rate5m{status="ok"}) by (exported_service) / sum(service:auth_requests:rate5m{status=~"ok|error"}) by (exported_service)
expr: sum(service:auth_requests:rate5m{status="ok"}) by (service) / sum(service:auth_requests:rate5m{status=~"ok|error"}) by (service)
- record: service:auth_requests_ratelimited:rate5m
expr: sum(rate(auth_requests_ratelimited[5m])) by (exported_service)
expr: sum(rate(auth_requests_ratelimited[5m])) by (service)
# Count the number of successful logins per service in the last 10 minutes.
- record: service:auth_requests_ok:delta10m
expr: sum(delta(auth_requests{status="ok"}[10m])) by (exported_service)
expr: sum(delta(auth_requests{status="ok"}[10m])) by (service)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment