log_collector: decoder: system: engine: sandbox module_file: /usr/share/lma_collector/decoders/generic_syslog.lua module_dir: /usr/share/lma_collector/common;/usr/share/heka/lua_modules adjust_timezone: true config: syslog_pattern: '%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%\n' input: linux_log_stream: engine: logstreamer log_directory: "/var/log" file_match: '(?Pdaemon\.log|cron\.log|haproxy\.log|kern\.log|auth\.log|syslog|messages|debug)' differentiator: [ 'system.', 'Service' ] decoder: "system_decoder" splitter: "TokenSplitter" filter: linux_hdd_errors: engine: sandbox module_file: /usr/share/lma_collector/filters/hdd_errors_counter.lua module_dir: /usr/share/lma_collector/common;/usr/share/heka/lua_modules preserve_data: false message_matcher: "Type == 'log' && Logger == 'system.kern'" ticker_interval: 10 config: grace_interval: 10 patterns: "/error%s.+([sv]d[a-z][a-z]?)%d?/ /([sv]d[a-z][a-z]?)%d?.+%serror/" hostname: '{{ grains.host }}' metric_collector: trigger: linux_system_cpu_critical: description: 'The CPU usage is too high.' severity: critical rules: - metric: cpu_wait relational_operator: '>=' threshold: 35 window: 120 periods: 0 function: avg - metric: cpu_idle relational_operator: <= threshold: 5 window: 120 function: avg linux_system_cpu_warning: description: 'The CPU wait times are high.' severity: critical rules: - metric: cpu_wait relational_operator: '>=' threshold: 15 window: 120 periods: 0 function: avg alarm: linux_system_cpu: alerting: enabled triggers: - linux_system_cpu_warning - linux_system_cpu_critical