Compare commits

...

3 Commits

Author SHA1 Message Date
Max Kotliar
290029897b specialize alert 2026-06-30 20:09:39 +03:00
Max Kotliar
9a150c309c fix dashboard link 2026-06-30 19:42:06 +03:00
Max Kotliar
2a40a40e9e deployment: add TooManyInvalidAuthTokenRequests alert
The alert should help surface client auth misconfigurations or potential
brute force attacks.

Related to
https://github.com/VictoriaMetrics/VictoriaMetrics/issues/11180
2026-06-30 19:31:05 +03:00

View File

@@ -56,3 +56,14 @@ groups:
summary: "Too many errors served for user {{ $labels.username }} (instance {{ $labels.instance }})"
description: "Requests from user {{ $labels.username }} are receiving errors.
Please check the vmauth logs to verify that the configuration is correct and clients are sending valid requests."
- alert: PotentialBruteForceAttack
expr: sum(increase(vmauth_http_request_errors_total{reason="invalid_auth_token"}[5m])) by (instance) > 5000
for: 1m
labels:
severity: warning
annotations:
dashboard: "{{ $externalURL }}/d/nbuo5Mr4k?viewPanel=16&var-instance={{ $labels.instance }}"
summary: "vmauth ({{ $labels.instance }}) is receiving too many requests with invalid auth tokens"
description: |
vmauth ({{ $labels.instance }}) is receiving a high number of requests with invalid auth tokens.
This may indicate a misconfiguration on the client side or a brute-force attack.