Thanks for the quick reply Roger!
First question: what do you mean by false positives? That is, is the monitor script telling you that it's down but actually every time you try manually it works? If that's what's happening, it sounds like there's a bug or mis-design in the monitoring approach, and that's worth tracking down.
> 20 onion services are monitored by the host, sometimes 1 - 4 services are reported down, the rest seems to be fine. Therefore I assume tor on the host to be generally fine as well. I can open the reported onion services from my laptop without problems, so tor on the machines running the services also seems to work. Before using the prometheus exporter I did the checks using old school nagios check-tcp[1] plugin in combination with torify and these issues already occured there.
Whereas if the problem is that actually the onion service is unreliable and not always reachable, then it sounds like a *true* positive from the monitor.
So probably it's "half true". The services are reachable, but not via every route in the tor network, in this case not via the route the monitoring host is taking. What surprises me is the fact that this occurs even with a hold timer of 1h in alertmanager.
If they are true positives, I think it sounds like a great idea to do an experiment where you switch to UseEntryGuards 0 for the services where you don't mind having their location known. Let us know if it improves things. :)
Rolled it out and will report back.
We also spoke in the past of having an 'onion service health monitor', which would help to pinpoint *which phase* of the connection is failing, and I continue to think that would be really valuable but we never quite got there. See e.g. https://gitlab.torproject.org/tpo/network-health/metrics/analysis/-/issues/13209 https://gitlab.torproject.org/tpo/core/tor/-/issues/28841
something like that would be really great! ciao f. [1] https://www.monitoring-plugins.org/doc/man/check_tcp.html -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
