frostmourne
Frostmourne is a distributed monitoring and alerting system designed for internal enterprise use, supporting multiple data sources (Elasticsearch, Prometheus, MySQL, ClickHouse, InfluxDB, IoTDB, and others). It provides rule-based alert creation with template customization, suppression logic, and multi-channel notification (DingTalk, WeChat, Feishu, email, HTTP).
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | AutohomeCorp/frostmourne |
| Owner | AutohomeCorp |
| Primary language | Java |
| License | MIT — OSI-approved |
| Stars | 1.5k |
| Forks | 321 |
| Open issues | 30 |
| Latest release | 1.0-RELEASE (2023-03-25) |
| Last updated | 2026-04-17 |
| Source | https://github.com/AutohomeCorp/frostmourne |
What frostmourne is
Built on Spring Boot 2 and Vue Element Admin, Frostmourne offers distributed scheduling for independent monitor execution, Freemarker-based alert templates, and supports both time-series and log-based data sources. The system includes LDAP integration for authentication and role-based access control with team/department isolation.
Get the frostmourne source
Clone the repository and explore it locally.
git clone https://github.com/AutohomeCorp/frostmourne.gitcd frostmourne# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- MySQL database schema must be initialized via provided frostmourne.sql; passwords stored in plaintext by default—review Druid password encryption documentation if secrets management is required.
- HTTP monitoring feature poses SSRF risk even on internal networks; restrict user access to this rule type and validate/whitelist allowed HTTP destinations at the proxy/firewall layer.
- Distributed scheduling relies on independent monitor execution; monitor load testing recommended before production to understand scheduling overhead on large rule sets (system has 30 open issues).
- Freemarker template syntax for alert messages requires developer familiarity; template syntax errors may silently fail or produce malformed notifications.
- LDAP integration is available but built-in account management (teams, departments) requires manual setup; internal SSO migration may need custom development.
When to avoid it — and what to weigh
- Requires Public Internet Exposure — The HTTP data source monitoring feature has documented SSRF risk. Frostmourne is explicitly designed for internal network deployment only. Public-facing requirements demand extensive additional hardening not provided by default.
- Need for Cloud-Native SaaS — Frostmourne requires self-hosted MySQL, Java 8+, and operational overhead. Teams seeking managed SaaS solutions (DataDog, New Relic, Grafana Cloud) should consider purpose-built alternatives.
- Limited or No DevOps Engineering Resources — Deployment requires JDK 8+, Maven, MySQL database administration, and ongoing maintenance. Requires hands-on configuration of data sources and alerting rules with minimal automation scaffolding.
- Real-time Sub-second Alerting Needs — System is designed for intra-minute polling-based monitoring. Not suitable for high-frequency stream processing or immediate fault detection at sub-second granularity.
License & commercial use
Licensed under MIT (MIT License). MIT is a permissive OSI-approved license allowing commercial use, modification, and distribution with minimal restrictions (requires license attribution, provides no warranty).
MIT license permits commercial use without explicit royalties or licensing fees. However, Frostmourne is offered as open-source with no commercial support SLA, maintenance guarantee, or vendor liability. Organizations must operate and maintain the system independently. For production critical use, budget internal DevOps resources or engage consultants; no official commercial support model is documented.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Moderate |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | Medium |
Project explicitly documents SSRF risk in HTTP data source monitoring (user-defined HTTP request addresses executed server-side). Mitigation recommendations: (1) internal network deployment only; (2) network firewall/proxy restrictions; (3) metadata service access controls in cloud environments. Passwords stored plaintext in config; Druid encryption available but requires setup. No mention of input validation on Freemarker templates, JavaScript expression parsing, or SQL injection hardening. Authentication via built-in accounts or LDAP; role-based access control available. No security audit, CVE history, or penetration test results disclosed. Assume security posture requires hardening for regulated environments.
Alternatives to consider
Prometheus + AlertManager
Native time-series alerting for metrics; better suited if monitoring is metrics-only. Requires separate log alerting solution (e.g., Loki); less unified but battle-tested at scale.
Elasticsearch + ElastAlert2
Dedicated log alerting; lighter weight than Frostmourne if only ES data is monitored. Simpler rule syntax but fewer integrations and less UI polish. No support for non-ES data sources.
Grafana + Loki + Prometheus
Cloud-native stack with stronger community, better documentation, and SaaS options (Grafana Cloud). More operational overhead but superior visualization and fewer single points of failure.
Build on frostmourne with DEV.co software developers
If you operate multiple data sources (logs, metrics, databases) and need unified alerting without vendor lock-in, review Frostmourne's deployment guide and security posture. Recommended for teams with DevOps expertise and internal-only deployment constraints.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
frostmourne FAQ
Can Frostmourne be deployed on the public internet?
What Java versions are supported?
Is commercial support available?
How does Frostmourne compare to Grafana for alerting?
Work with a software development agency
Adopting frostmourne is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source observability software in production.
Evaluate Frostmourne for Your Monitoring Stack
If you operate multiple data sources (logs, metrics, databases) and need unified alerting without vendor lock-in, review Frostmourne's deployment guide and security posture. Recommended for teams with DevOps expertise and internal-only deployment constraints.