This seems like a normal thing but I have an alert that’s supposed to kick off if CPU usage is equal or higher than 80% however the devices I have it mapped to haven’t hit that in like a year but it’s still in an alert.
Rule:
SELECT * FROM devices,processors WHERE (devices.device_id = ? AND devices.device_id = processors.device_id) AND processors.processor_usage >= 80
My cron file is the normal default cron.
I also have a syslog alert but apparently I can’t get the macros.past15m to work with syslog timestamp.
Rule:
SELECT * FROM devices,syslog WHERE (devices.device_id = ? AND devices.device_id = syslog.device_id) AND syslog.msg LIKE ‘%login failure%’ AND syslog.timestamp <= “‘macros.past_15m’”
Are my alerts good and my alert polling is broken or is there something else I’m not realizing.