Below matrix lists all the Jeyzer rules, in addition to the applicative rules.
The Jeyzer rules cover these domains:
- Application context
- Code detection
- Contentions
- CPU
- Disk space
- Open file descriptors (Unix)
- Execution patterns
- Garbage Collection
- Locking
- Memory
- Process libraries
- Java modules
- Process life cycle
- Process settings
- JVM Flags
- Threading
- Recording
- Virtual threads
Jeyzer rules in bold are template rules which are instantiated to accommodate incident signatures.
Jeyzer rule instantiation examples are available in the analyzer/config/monitor/rules/sample_rules.xml of your Jeyzer installation.
Jeyzer demos (Features and Labors) show it in action : see their monitoring profile.
All rules are covered/tested by the Jeyzer Labors demo.
| Rule | Use Cases | Primary conditions | Threshold parameters | Scope | SL*** |
|---|---|---|---|---|---|
| Absent threads | Thread pool missing Critical thread(s) dead or missing | Number of threads (active and inactive) with name matching the regex pattern, is lower or equal to value | pattern value | global session | 4 |
| Active named thread limit | Thread pool activity reaching saturation | Number of active threads with name matching the regex pattern, is greater or equal to value | pattern value | global session | 3 |
| Active thread limit | Activity peak detection | Number of active threads is greater or equal to value | value | global session | 3 |
| Applicative session | Service interruption Critical error Connectivity issue Life cycle status … | Monitored application fired the event | applicative | session | [6-10] |
| Applicative system | Process sanity check … | Monitored application fired the event | applicative | system | [6-10] |
| Applicative task | Critical error … | Monitored application fired the event | applicative | action | [6-10] |
| Contention type global percentage | Unusual database access Intensive logging | Contention type param appearance in stack percentage is greater/lower or equal to value | value param | system | 2 |
| Contention type in principal percentage | Unusual database access within particular actions | Contention type param appearance in stack percentage within action principal is greater/lower or equal to value | value principal param | system | 2 |
| Contention type parallel contention | Sudden contention on database | Contention type with name matching the regex pattern is seen in more than value parallel threads | pattern value | global session | 2 |
| Contention type pattern | Undesired contention detection Obsolescence detection | Contention type is matching the regex pattern within a stack | pattern function* | action stack | 1 |
| Contention type presence | Undesired external process execution wait | Contention type name is matching the param since Jeyzer 3.0 | param | system | 1 |
| Contention type and high process CPU | Crazy regular expression | Contention type name is matching the contention_type and the process is consuming more than process_cpu_percent since Jeyzer 3.3 | contention_type process_cpu_percent | global session | 1 |
| CPU consuming process | Activity peak detection | Process consuming more than CPU percentage value | value | global session | 3 |
| CPU consuming task | Crazy active thread detection | Thread consuming more than CPU percentage value | value function* appearance percentage* | action stack | 3 |
| CPU Runnable vs CPU capacity | System under-sizing under normal conditions | Number of CPU runnable threads is greater or equal to the number of available CPUs | signal | global session | 3 |
| Deadlock | Invalid resource sharing strategy | Threads in deadlock | signal | global session | 5 |
| Disk space free | Invasive logging | Free partition disk space in Gb is lower than value | value param** | global session | 3 |
| Disk space free percent | Disk space outage | Free partition disk percentage is lower than value | value param** | global session | 3 |
| Disk space total | Working directory sanity check | Total partition disk space in Gb is greater than value | value param** | global session | 3 |
| Disk space used | Invasive logging | Used partition disk space in Gb is greater than value | value param** | global session | 3 |
| Disk space used percent | Disk space outage | Used partition disk percentage is greater than value | value param** | global session | 3 |
| Disk write speed | Disk controller problem | Recording write speed in Kb/sec is lower than value | value | global session | 3 |
| Disk write time | Disk writing contention | Recording write time in ms is higher than value | value | global session | 3 |
| Excessive GC time | High memory allocation | Garbage Collection takes more than value in ms | value | global session | 3 |
| Excessive old GC execution | High memory allocation on long live objects | Global Old garbage collection execution count is greater or equal to value | value | global session | 3 |
| Executor presence | Abnormal executor presence | Executor name is matching the param since Jeyzer 3.1 | signal | system | 1 |
| Frozen stacks | Thread contentions | Thread stack is identical to previous one Freeze impression | signal function* | action stack | 1 |
| Function and operation parallel contention | Intensive known problematic activity | Function name matching regex pattern² and operation name matching regex pattern², are seen in more than value parallel threads | value function pattern² operation pattern² | global session | 2 |
| Function global percentage | Abnormal activity presence | Function² appearance in stack percentage is greater/lower or equal to value | value param² | system | 2 |
| Function in principal percentage | Intensive activity known as problematic within specific actions | Function² appearance in stack percentage within action principal is greater/lower or equal to value | principal param² value | system | 2 |
| Function parallel contention | Intensive parallel activity known as problematic | Function name matching regex pattern is seen in more than value parallel threads | value pattern | global session | 2 |
| Function pattern | Critical section reached | Function name matching regex pattern | pattern function* | action stack | 1 |
| Function presence | Deprecated code usage | Function name is matching the param | signal param | system | 1 |
| Garbage collector name | Deprecated garbage collector | Garbage collector name (old or young) matches the pattern since Jeyzer 2.7 | pattern | system | 1 |
| GC failing to release memory | Memory leak Abnormal activity peak | Used memory is increasing and upper than used_memory percentage, released memory is lower than released_memory percentage and garbage collection time is higher than gc_time ms | used_memory released_memory gc_time | global session | 5 |
| Global thread leak | Wrong thread allocation strategy Bad timer usage | Total number of threads is greater or equal to value and is constantly increasing by delta_y threads every delta_x recording snapshots | value delta_x delta_y | session | 4 |
| Global thread limit | Sudden thread creation burst due to high activity peak | Global number of threads is greater or equal to value | value | global session | 4 |
| Global virtual thread limit | Sudden virtual thread creation burst due to high activity peak | Global number of virtual threads is greater or equal to value since Jeyzer 3.1 | value | global session | 4 |
| Hiatus time | Process running out of memory Process under stress | Hiatus time between 2 recording snapshots is higher than value seconds | value | global session | 1 |
| Jeyzer MX context parameter number | Application counter check | Process context parameter is greater/lower or equal to value | value | global session | 1 |
| Jeyzer MX context parameter pattern | Application status check | Process context parameter matches regex pattern | pattern | global session | 1 |
| Jeyzer publisher | Jeyzer event flooding Jeyzer publishing activation or deactivation | Jeyzer Publisher fired the event | publisher | session | [6-10] |
| Locker task | Wrong resource locking strategy | Thread is owning java locks preventing other active threads to work | signal function* appearance percentage* | action stack | 2 |
| Locks contention | Process critical slow down | More than value threads are locked | value | global session | 2 |
| Long running task | Scheduled activity exceeding standard execution time | Action is taking time (secondary condition) | function* | action | 1 |
| Memory consuming process | Process under stress | Global memory heap usage percentage (old and young) is greater or equal to value | value | global session | 3 |
| Memory consuming system | System under stress potentially due to external cause | System is consuming more than system memory percentage value | value | global session | 3 |
| Memory consuming task | Internal activity under memory allocation stress | Task is consuming more than percentage value of the global memory heap (old and young) | value function* appearance percentage* | action stack | 2 |
| Missing thread dumps | Process running out of memory Process under stress | Recording snapshots or thread dumps are missing Restart is also interpreted as a missing thread dump. Prefer the Hiatus rule (but advanced recording required). | diff | global session | 3 |
| Multi function contention | Thread pool misery a in wrongly designed or sized asynchronous thread model | The respective count² of a given list of functions is observed in parallel threads | functions function_appearance_thresholds² | global session | 2 |
| MX bean parameter number | Application counter check | MX bean parameter² is greater/lower or equal to value | value param² | global session | 1 |
| MX bean parameter pattern | Application status check | MX bean parameter² is matching the regex pattern | pattern param² | global session | 1 |
| Named thread leak | Thread pool leakage | Number of inactive and active threads matching thread name regex pattern, is greater or equal to value and constantly increasing by delta_y threads every delta_x recording snapshots | pattern delta_x delta_y | session | 4 |
| Named thread limit | Abnormal thread usage | Number of inactive and active threads matching the thread name regex pattern is greater or equal to value | pattern value | global session | 3 |
| Open file descriptor number | Abnormal file descriptor consumption | Number of file descriptors opened by the JVM is greater or equal to value. JZR recording only, issued from Unix since Jeyzer 3.0 | value | global session | 2 |
| Open file descriptor percentage | Abnormal file descriptor consumption | Percentage of file descriptors opened by the JVM is greater or equal to value. The percentage is computed against the max open file descriptors limit which is user specific (see ulimit -n). JZR recording only, issued from Unix since Jeyzer 3.0 | value | global session | 2 |
| Operation global percentage | Abnormal technical operation presence | Operation² appearance in stack percentage is greater/lower or equal to value | value param² | system | 2 |
| Operation in principal percentage | Intensive technical operation step known as problematic within specific actions | Operation² appearance in stack percentage within action principal is greater/lower or equal to value | principal param² value | system | 2 |
| Operation parallel contention | Database connection pool misery | Operation is matching the regex pattern is seen in more than value parallel threads | pattern value | global session | 2 |
| Operation pattern | Critical low level section reached | Task operation is matching the regex pattern | pattern function* | action stack | 1 |
| Operation presence | Deprecated code usage | Operation name is matching the param | signal param | system | 1 |
| Process card property absence | Variable presence sanity check | Java property, JVM flag or system environment variable² is missing in the process card. Use the jzr.jdk.flag. prefix to access any JVM flag | signal param² | system | 1 |
| Process card property number | CPU count sanity check Max open file sanity check | Process card property² is greater/lower or equal to value Use the jzr.jdk.flag. prefix to access any JVM flag | value param² | system | 1 |
| Process card property pattern | Variable setting sanity check Internal setting check | Process card property² is matching the regex pattern Use the jzr.jdk.flag. prefix to access any JVM flag. Example : jzr.jdk.flag.HeapDumpBeforeFullGC | pattern param² | system | 1 |
| Process command line max heap | Xmx sanity check | Max heap size (-Xmx) is lower than value in Mb | value | system | 2 |
| Process command line parameter absence | Xmx not set | Java command line parameter² is missing | signal param² | system | 1 |
| Process command line parameter pattern | Java remote debug access open | Java command line parameter² matches the regex pattern | pattern param² | system | 1 |
| Process command line property number | JMX port test | Java property² on the command line (-D) value is greater/lower or equal to value | value param² | system | 1 |
| Process command line property pattern | JMX remote authentication activation sanity check | Java property² on the command line (-D) value matches the regex pattern | pattern param² | system | 1 |
| Process down time | Inactivity safety check | Process is restarted after down_time duration | signal down_time | session | 4 |
| Process jar multiple versions | Packaging errors Deployment errors | Process jar file is present multiple times under different versions | signal | system | 3 |
| Process jar name | External jar detection Java agent detection | Process jar name is matching the regex pattern | pattern | system | 1 |
| Process jar name absence | Detection of a missing library | Process jar name is not found using the regex pattern | pattern | system | 1 |
| Process jar version | Jar obsolescence Unsecured implementation | Process jar file matches the associated version sticker | signal | system | 1 |
| Process jar version absence | Missing clarity on the jar release | Process jar doesn’t have any version on the file name | signal | system | 1 |
| Process jar version snapshot | Non official jar release | Process jar version contains an alphabetic tag | signal | system | 4 |
| Process module name | External Java module detection | Java module name is matching the regex pattern since Jeyzer 2.2 | pattern | system | 1 |
| Process module name absence | Detection of a missing Java module | Java module name is not found using the regex pattern since Jeyzer 2.2 | pattern | system | 1 |
| Process module version | Java module obsolescence Unsecured implementation | Java module matches the associated version sticker since Jeyzer 2.2 | signal | system | 1 |
| Process module version absence | Missing clarity on the Java module release | Java module doesn’t have any version on the file name since Jeyzer 2.2 | signal | system | 1 |
| Process module version snapshot | Non official Java module release | Java module version contains an alphabetic tag since Jeyzer 2.2 | signal | system | 4 |
| Process up time | Process sanity restart check | Process is has been running for longer than value in seconds | value | session | 2 |
| Quiet activity | Normal situation indicator | Absence of actions of interest is detected A list of actions to exclude (such as any JFR background activity) may be specified with the pattern since Jeyzer 3.0 | signal pattern | system | 5 |
| Recording size | Insufficient recording content | Number of recording snapshots (thread dumps) is larger/lower than value since Jeyzer 2.6 | value | system | 1 |
| Recording snapshot capture time | Process health indicator | Recording snapshot capture time is greater or equal to value in ms | value | global session | 2 |
| Restart | Serious issue indicator when not planned | Process is restarted | signal | session | 4 |
| Session execution pattern | Deprecated code usage | Code regex pattern is matched within any active stack For performance reasons, transpose those method calls into Jeyzer functions/operations and therefore use the Function and Operation presence rules | pattern | global session | 1 |
| Shared profile | Deprecated library usage | Shared profile usage is detected since Jeyzer 3.0 | signal | system | 1 |
| Stack Overflow | Stack overflow risk on re-entrant code execution | Stack size within a task is greater or equal to value | value | action stack | 4 |
| Sticker match | Ambient marker | Stickers matched This rule must get associated to one or several stickers. It has no check body and relies only on the stickers. Process card property rules are quite similar, but stickers can also be ambient based and it prevents anyway from duplicating the sticker property conditions in the monitoring rules. | signal | system | 1 |
| Suspended threads | Debug session in production not properly terminated (!) Malicious attack | Threads are suspended on a debug breakpoint | signal | global session | 5 |
| System CPU overload | System under stress potentially due to external cause | System CPU percentage is greater or equal to value | value | global session | 4 |
| Task Execution pattern | Critical section reached | Code regex pattern is matched within the active task For performance reasons, prefer translating the method into profile functions/operations to use their related Function pattern and Operation pattern rules. | pattern function* appearance percentage* | action stack | 1 |
| Task Jeyzer MX context parameter number | Applicative counter check within distinct actions | Action context parameter² is greater/lower or equal to value | value param² function* | action stack | 1 |
| Task Jeyzer MX context parameter pattern | Applicative status check within distinct actions | Action context parameter² is matching the regex pattern | pattern param² function* | action task | 1 |
| Virtual threads CPU consuming | System under stress : virtual threads take excessive CPU time | Virtual thread CPU % is greater or equal to value Since Jeyzer 3.1 | value | global session | 3 |
| Virtual thread leak | System under stress : remote point is unable to reply on time | Unmounted virtual threads are visible for long time since Jeyzer 3.1 | signal with context | action | 4 |
| Virtual thread presence | Incorrect recording method used | Carrier threads are detected since Jeyzer 3.1 | signal | system | 2 |
(*) Optional threshold parameter. Function is principal function one.
(**) Param identifies the disk partition id, set at the recording profile level.
(***) SL : default rule sub level. Represents the importance of the rule.
Default value is between 1 (low importance) and 5 (high importance).
Sub level permits to classify the events within one level (Critical, Warning, Info).
If changed, specified value must be between 6 and 10.