Alert rule for entropy not working as expected


I’ve setup the rule to alert when the random entropy is equal to or below 200.

Even with servers of greater than 200 (in the thousands) I get an alert generated.

Debug shows:

Rule name: Random Entropy too low
Alert rule: applications.app_type = "entropy" AND applications.app_state <= 200
Alert query: SELECT * FROM devices,applications WHERE (devices.device_id = ? AND devices.device_id = applications.device_id) AND applications.app_type = "entropy" AND applications.app_state <= 200
Rule match: matches

and the rule applied is:

I’m not sure what I’m doing wrong but with 3000 entropy the rule above matched?


applications.app_state should have a value like OK, ERROR, UNKNOWN, etc. For the entropy app it looks like applications.app_status will have the value…

…but in general application_metrics is probably a better way to alert on value because most apps have more than one metric.

Hi Slashdoom… much appreciated for this.

As a result of your SQL statements, I understood what was going on. I’ll be able to assist others in future now :slight_smile:

Any way, I queried:


and tested it, got exactly what I needed.

Many thanks for your help.

1 Like