Device uptime too high-linux-False

error
false
ongoing-maintenance
linux
Device uptime too high-linux-False
0

#1

Device uptime too high-linux-False

Vendor: linux

OS: False

Description:
Indeni will alert when a device’s uptime is too high

Remediation Steps:
Upgrade the device. You may also change the alert’s threshold, or disable the alert completely, if not needed.

How does this work?
The current uptime is retreived from /proc/uptime.

Why is this important?
If uptime is suddently reduced, this means the device has rebooted.

Without Indeni how would you find this?
An administrator could login and manually check the uptime.

linux-proc-uptime

#! META
name: linux-proc-uptime
description: Record uptime in milliseconds
type: monitoring
monitoring_interval: 5 minutes
requires:
    or:
        -
            linux-based: "true"
        -
            linux-busybox: "true"

#! COMMENTS
uptime-milliseconds:
    why: |
        If uptime is suddently reduced, this means the device has rebooted.
    how: |
        The current uptime is retreived from /proc/uptime.
    without-indeni: |
        An administrator could login and manually check the uptime.
    can-with-snmp: true
    can-with-syslog: false
    vendor-provided-management: |
        This is only accessible from the command line interface, SNMP or vendor-provided management interface.

#! REMOTE::SSH
${nice-path} -n 15 cat /proc/uptime

#! PARSER::AWK

############
# Script explanation: /proc/uptime is used instead of the command "uptime" since /proc/uptime has a higher granularity, since it shows uptime in seconds.
############

#896218.37 3217298.93
/^[0-9]/ {
	uptime = $1 * 1000
	writeDoubleMetricWithLiveConfig("uptime-milliseconds", null, "gauge", 300, uptime, "Uptime", "duration", "")
}

cross_vendor_uptime_high

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.apidata.time.TimeSpan
import com.indeni.apidata.time.TimeSpan.TimePeriod
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.{ConditionalRemediationSteps, ThresholdDirection, TimeIntervalThresholdOnDoubleMetricTemplateRule}
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

/**
  *
  */
case class cross_vendor_uptime_high() extends TimeIntervalThresholdOnDoubleMetricTemplateRule(
  ruleName = "cross_vendor_uptime_high",
  ruleFriendlyName = "All Devices: Device uptime too high",
  ruleDescription = "Indeni will alert when a device's uptime is too high",
  severity = AlertSeverity.ERROR,
  metricName = "uptime-milliseconds",
  metricUnits = TimePeriod.MILLISECOND,
  threshold = TimeSpan.fromDays(365 * 10),
  thresholdDirection = ThresholdDirection.ABOVE,
  alertDescriptionFormat = "The current uptime is %.0f seconds. This alert identifies when a device has been up for a very long time and may need an upgrade.",
  alertDescriptionValueUnits = TimePeriod.SECOND,
  baseRemediationText = "Upgrade the device. You may also change the alert's threshold, or disable the alert completely, if not needed.")(
  ConditionalRemediationSteps.OS_NXOS ->
    """|
       |1. Use the "show version" NX-OS command to display the current system uptime.
       |2. Run the "show system reset-reason" to check the reason for the last reboot of the device.
       |3. Check if the installed NX-OS version is supported and review it for software bugs.""".stripMargin
)