Merge "Add support for Prometheus alerts"
diff --git a/metadata/service/support.yml b/metadata/service/support.yml
index 05eaa61..ae1d2a8 100644
--- a/metadata/service/support.yml
+++ b/metadata/service/support.yml
@@ -11,3 +11,5 @@
enabled: false
grafana:
enabled: false
+ prometheus:
+ enabled: true
diff --git a/rsyslog/meta/prometheus.yml b/rsyslog/meta/prometheus.yml
new file mode 100644
index 0000000..4f6211a
--- /dev/null
+++ b/rsyslog/meta/prometheus.yml
@@ -0,0 +1,19 @@
+{%- from "rsyslog/map.jinja" import global with context %}
+
+{%- if global.get('enabled', False) %}
+{%- raw %}
+server:
+ alert:
+ FailedLoginsTooHigh:
+{%- endraw %}
+ {%- set threshold = prometheus_server.get('alert', {}).get('FailedAuthsTooHigh', {}).get('var', {}).get('threshold', 0.2 ) %}
+ if: >-
+ rate(failed_logins_total[5m]) > {{ threshold }}
+{%- raw %}
+ labels:
+ severity: warning
+ service: ssh
+ annotations:
+ summary: 'Too many failed SSH logins'
+ description: 'The rate of failed logins is too high on node {{ $labels.host }} (current value={{ $value }}, threshold={%- endraw %}{{ threshold }}).'
+{%- endif %}