2006-03-27 05:37:27 +02:00
|
|
|
|
#!/usr/bin/perl
|
|
|
|
|
##################################################################################
|
|
|
|
|
# Pandora Server. SNMP Console
|
|
|
|
|
##################################################################################
|
|
|
|
|
# Copyright (c) 2004-2006 Sancho Lerena, slerena@gmail.com
|
2006-07-01 03:54:36 +02:00
|
|
|
|
# Copyright (c) 2005-2006 Artica Soluciones Tecnol<6F>icas S.L
|
2006-06-29 21:37:46 +02:00
|
|
|
|
#
|
|
|
|
|
#This program is free software; you can redistribute it and/or
|
|
|
|
|
#modify it under the terms of the GNU General Public License
|
|
|
|
|
#as published by the Free Software Foundation; either version 2
|
|
|
|
|
#of the License, or (at your option) any later version.
|
|
|
|
|
#This program is distributed in the hope that it will be useful,
|
|
|
|
|
#but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
#GNU General Public License for more details.
|
|
|
|
|
#You should have received a copy of the GNU General Public License
|
|
|
|
|
#along with this program; if not, write to the Free Software
|
|
|
|
|
#Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
2006-03-27 05:37:27 +02:00
|
|
|
|
##################################################################################
|
|
|
|
|
|
|
|
|
|
# Includes list
|
|
|
|
|
use strict;
|
|
|
|
|
use warnings;
|
|
|
|
|
|
|
|
|
|
use Date::Manip; # Needed to manipulate DateTime formats of input, output and compare
|
|
|
|
|
use Time::Local; # DateTime basic manipulation
|
|
|
|
|
use Time::HiRes; # For high precission timedate functions (Net::Ping)
|
|
|
|
|
|
|
|
|
|
# Pandora Modules
|
|
|
|
|
use pandora_config;
|
|
|
|
|
use pandora_tools;
|
|
|
|
|
use pandora_db;
|
|
|
|
|
|
|
|
|
|
# FLUSH in each IO (only for debug, very slooow)
|
|
|
|
|
# ENABLED in DEBUGMODE
|
|
|
|
|
# DISABLE FOR PRODUCTION
|
|
|
|
|
$| = 1;
|
|
|
|
|
|
|
|
|
|
my %pa_config;
|
|
|
|
|
|
|
|
|
|
# Inicio del bucle principal de programa
|
|
|
|
|
pandora_init(\%pa_config,"Pandora SNMP Console");
|
|
|
|
|
# Read config file for Global variables
|
|
|
|
|
pandora_loadconfig (\%pa_config,2);
|
|
|
|
|
|
|
|
|
|
# Audit server starting
|
|
|
|
|
pandora_audit (\%pa_config, "Pandora Server SNMP Console Daemon starting", "SYSTEM", "System");
|
|
|
|
|
|
|
|
|
|
# Daemonize of configured
|
|
|
|
|
if ( $pa_config{"daemon"} eq "1" ) {
|
|
|
|
|
print " [*] Backgrounding...\n";
|
|
|
|
|
&daemonize;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pandora_snmptrapd (\%pa_config);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#################################################################################
|
|
|
|
|
## SUB pandora_snmptrapd
|
|
|
|
|
## Pandora SNMP Trap console/daemon subsystem
|
|
|
|
|
##################################################################################
|
|
|
|
|
|
|
|
|
|
sub pandora_snmptrapd {
|
|
|
|
|
my $pa_config = $_[0];
|
|
|
|
|
my $snmp_logfile = $pa_config->{'pandora_path'}."/log/snmptrapd.log";
|
|
|
|
|
my $logfile_size; # Size of logfile, use for calculating index file
|
|
|
|
|
my @array;
|
|
|
|
|
my $datos;
|
|
|
|
|
my $timestamp;
|
|
|
|
|
my $source;
|
|
|
|
|
my $oid;
|
|
|
|
|
my $type;
|
|
|
|
|
my $type_desc;
|
|
|
|
|
my $value;
|
|
|
|
|
my $custom_oid;
|
|
|
|
|
my $custom_type;
|
|
|
|
|
my $custom_value;
|
|
|
|
|
my $sql_insert;
|
|
|
|
|
my @index_data;
|
|
|
|
|
|
|
|
|
|
if ( ! -e $snmp_logfile) { # Wait until a snmplogfile exists
|
|
|
|
|
sleep 5;
|
|
|
|
|
}
|
|
|
|
|
open (SNMPLOGFILE, $snmp_logfile);
|
|
|
|
|
print " [*] SNMP Console enabled \n";
|
|
|
|
|
$index_data[0]=0;
|
|
|
|
|
$index_data[1]=0;
|
|
|
|
|
# Check for index file
|
|
|
|
|
if ( -e $snmp_logfile.".index" ){
|
|
|
|
|
open SNMPLOGFILE_INDEX, $snmp_logfile.".index";
|
|
|
|
|
$datos = <SNMPLOGFILE_INDEX>;
|
|
|
|
|
close SNMPLOGFILE_INDEX;
|
|
|
|
|
@index_data = split(/\s+/,$datos);
|
|
|
|
|
# $index_data[0] is the last line readed
|
|
|
|
|
# $index_data[1] is the size of file (use for calculate new files or reset logfiles
|
|
|
|
|
}
|
|
|
|
|
$logfile_size = (stat($snmp_logfile))[7];
|
|
|
|
|
|
|
|
|
|
if ($logfile_size < $index_data[1]){ # El tama? del log es ahora mas peq. que la ultima vez que lo leimos -> es uno nuevo
|
|
|
|
|
unlink ($snmp_logfile.".index");
|
|
|
|
|
$index_data[0]=0;
|
|
|
|
|
$index_data[1]=0;
|
|
|
|
|
logger ($pa_config,"New SNMP logfile detected, resetting index",1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (($index_data[1] <= $logfile_size) && ($index_data[0] > 0)){
|
|
|
|
|
# Skip already processed records
|
|
|
|
|
for ($value=0;$value < $index_data[0];$value++){
|
|
|
|
|
$datos = readline SNMPLOGFILE;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
# open database, only ONCE. We pass reference to DBI handler ($dbh) to all subprocess
|
|
|
|
|
my $dbh = DBI->connect("DBI:mysql:pandora:$pa_config->{'dbhost'}:3306",$pa_config->{'dbuser'}, $pa_config->{'dbpass'}, { RaiseError => 1, AutoCommit => 1 });
|
|
|
|
|
|
|
|
|
|
# Main loop for reading file
|
|
|
|
|
while ( 1 ){
|
|
|
|
|
while ($datos = <SNMPLOGFILE>) {
|
|
|
|
|
$index_data[0]++;
|
|
|
|
|
$index_data[1]=(stat($snmp_logfile))[7];
|
|
|
|
|
open SNMPLOGFILE_INDEX, ">".$snmp_logfile.".index";
|
|
|
|
|
print SNMPLOGFILE_INDEX $index_data[0]," ",$index_data[1];
|
|
|
|
|
close SNMPLOGFILE_INDEX;
|
|
|
|
|
|
|
|
|
|
#print "DEBUG $datos \n";
|
|
|
|
|
if (($datos !~ m/NET-SNMP/) && ($datos =~ m/\[\*\*\]/)) { # SKIP Headers
|
|
|
|
|
@array = split(/\[\*\*\]/, $datos);
|
|
|
|
|
$timestamp = $array[0]." ".$array[1];
|
|
|
|
|
$source = $array[2];
|
|
|
|
|
$oid = $array[3];
|
|
|
|
|
$type = $array[4];
|
|
|
|
|
$type_desc = $array[5];
|
|
|
|
|
$value = limpia_cadena($array[6]);
|
|
|
|
|
if ($type == 6){ # Custom OID type
|
|
|
|
|
$datos = $array[7];
|
|
|
|
|
if ($datos !~ m/STRING/) { # No string datatype, marked with " chars
|
|
|
|
|
$datos =~ m/([0-9\.]*)\s\=\s([A-Za-z0-9]*)\:\s(.+)/;
|
|
|
|
|
$custom_oid = $1;
|
|
|
|
|
$custom_type = $2;
|
|
|
|
|
$custom_value = limpia_cadena($3);
|
|
|
|
|
} else { # String type
|
|
|
|
|
if ($datos =~ m/([0-9\.]*)\s\=\s([A-Za-z0-9]*)\:\s\"(.+)\"/){
|
|
|
|
|
$custom_oid = $1;
|
|
|
|
|
$custom_type = $2;
|
|
|
|
|
$custom_value = limpia_cadena($3);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else { # not custom OID type, deleting old values in these vars
|
|
|
|
|
$custom_oid="";
|
|
|
|
|
$custom_type="";
|
|
|
|
|
$custom_value="";
|
|
|
|
|
}
|
|
|
|
|
$sql_insert = "insert into ttrap (timestamp, source, oid, type, value, oid_custom, value_custom, type_custom) values ('$timestamp', '$source', '$oid', $type, '$value', '$custom_oid', '$custom_value', '$custom_type')";
|
|
|
|
|
logger ($pa_config,"Received SNMP Trap from $source",2);
|
|
|
|
|
eval {
|
|
|
|
|
$dbh->do($sql_insert) || logger ($pa_config, "Cannot write to database while updating SNMP Trap data (error in INSERT)",0);
|
|
|
|
|
# Evaluate TRAP Alerts for this trap
|
|
|
|
|
calcula_alerta_snmp($pa_config, $source,$oid,$custom_value,$timestamp,$dbh);
|
|
|
|
|
};
|
|
|
|
|
if ($@) {
|
|
|
|
|
logger ($pa_config, "[ERROR] Cannot access to database while updating SNMP Trap data",0);
|
|
|
|
|
logger ($pa_config, "[ERROR] SQL Errorcode: $@",2);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
sleep ($pa_config{'server_threshold'});
|
2006-07-01 03:54:36 +02:00
|
|
|
|
pandora_serverkeepaliver($pa_config,2,$dbh);
|
2006-03-27 05:37:27 +02:00
|
|
|
|
}
|
|
|
|
|
$dbh->disconnect();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#################################################################################
|
|
|
|
|
## SUB calcula_alerta_snmp($source,$oid,$custom_value,$timestamp);
|
|
|
|
|
## Given an SNMP Trap received with this data, execute Alert or not
|
|
|
|
|
##################################################################################
|
|
|
|
|
|
|
|
|
|
sub calcula_alerta_snmp {
|
|
|
|
|
# Parameters passed as arguments
|
|
|
|
|
my $pa_config = $_[0];
|
|
|
|
|
my $trap_agente = $_[1];
|
|
|
|
|
my $trap_oid = $_[2];
|
|
|
|
|
my $trap_custom_value = $_[3];
|
|
|
|
|
my $timestamp = $_[4];
|
|
|
|
|
my $dbh = $_[5];
|
|
|
|
|
my $alert_fired = 0;
|
|
|
|
|
|
|
|
|
|
my $query_idag = "select * from talert_snmp";
|
|
|
|
|
my $s_idag = $dbh->prepare($query_idag);
|
|
|
|
|
$s_idag ->execute;
|
|
|
|
|
my @data;
|
|
|
|
|
# Read all alerts and apply to this incoming trap
|
|
|
|
|
if ($s_idag->rows != 0) {
|
|
|
|
|
while (@data = $s_idag->fetchrow_array()) {
|
|
|
|
|
$alert_fired = 0;
|
|
|
|
|
my $id_as = $data[0];
|
|
|
|
|
my $id_alert = $data[1];
|
|
|
|
|
my $field1 = $data[2];
|
|
|
|
|
my $field2 = $data[3];
|
|
|
|
|
my $field3 = $data[4];
|
|
|
|
|
my $description = $data[5];
|
|
|
|
|
my $alert_type = $data[6];
|
|
|
|
|
my $agent = $data[7];
|
|
|
|
|
my $custom_oid = $data[8];
|
|
|
|
|
my $oid = $data[9];
|
|
|
|
|
my $time_threshold = $data[10];
|
|
|
|
|
my $times_fired = $data[11];
|
|
|
|
|
my $last_fired = $data[12]; # The real fired alarms
|
|
|
|
|
my $max_alerts = $data[13];
|
|
|
|
|
my $min_alerts = $data[14]; # The real triggered alarms (not really fired, only triggered)
|
|
|
|
|
my $internal_counter = $data[15];
|
|
|
|
|
my $alert_data = "";
|
|
|
|
|
if ($alert_type == 0){ # type 0 is OID only
|
|
|
|
|
if ( $trap_oid =~ m/$oid/i ){
|
|
|
|
|
$alert_fired = 1;
|
|
|
|
|
$alert_data = "SNMP/OID:".$oid;
|
|
|
|
|
logger ($pa_config,"SNMP Alert debug (OID) MATCHED",10);
|
|
|
|
|
}
|
|
|
|
|
} elsif ($alert_type == 1){ # type 1 is custom value
|
|
|
|
|
logger ($pa_config,"SNMP Alert debug (Custom) $custom_oid / $trap_custom_value",10);
|
|
|
|
|
if ( $trap_custom_value =~ m/$custom_oid/i ){
|
|
|
|
|
$alert_fired = 1;
|
|
|
|
|
$alert_data = "SNMP/VALUE:".$custom_oid;
|
|
|
|
|
logger ($pa_config,"SNMP Alert debug (Custom) MATCHED",10);
|
|
|
|
|
}
|
|
|
|
|
} else { # type 2 is agent IP
|
|
|
|
|
if ($trap_agente =~ m/$agent/i ){
|
|
|
|
|
$alert_fired = 1;
|
|
|
|
|
$alert_data = "SNMP/SOURCE:".$agent;
|
|
|
|
|
logger ($pa_config,"SNMP Alert debug (SOURCE) MATCHED",10);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($alert_fired == 1){ # Exists condition to fire alarm.
|
|
|
|
|
# Comprobar que est?por debajo del rango de time_threshold
|
|
|
|
|
my $fecha_ultima_alerta = ParseDate($last_fired);
|
|
|
|
|
my $fecha_actual = ParseDate( $timestamp );
|
|
|
|
|
my $ahora_mysql = &UnixDate("today","%Y-%m-%d %H:%M:%S"); # If we need to update MYSQL last_fired will use $ahora_mysql
|
|
|
|
|
my $err; my $flag;
|
|
|
|
|
my $fecha_limite = DateCalc($fecha_ultima_alerta,"+ $time_threshold seconds",\$err);
|
|
|
|
|
# Comprobar que est?por encima (sumando esta) del minimo de alertas
|
|
|
|
|
# Comprobar que est?por debajo (sumando esta) del m?imo de alertas
|
|
|
|
|
$flag = Date_Cmp($fecha_actual,$fecha_limite);
|
|
|
|
|
if ( $flag >= 0 ) { # Out limits !, reset $times_fired, but do not write to
|
|
|
|
|
# database until a real alarm was fired
|
|
|
|
|
$times_fired = 0;
|
|
|
|
|
$internal_counter=0;
|
|
|
|
|
logger ($pa_config,"SNMP Alarm out of timethreshold limits",10);
|
|
|
|
|
}
|
|
|
|
|
# We are between limits marked by time_threshold or running a new time-alarm-interval
|
|
|
|
|
# Caution: MIN Limit is related to triggered (in time-threshold limit) alerts
|
|
|
|
|
# but MAX limit is related to executed alerts, not only triggered. Because an alarm to be
|
|
|
|
|
# executed could be triggered X (min value) times to be executed.
|
|
|
|
|
if (($internal_counter+1 >= $min_alerts) && ($times_fired+1 <= $max_alerts)){
|
|
|
|
|
# The new alert is between last valid time + threshold and between max/min limit to alerts in this gap of time.
|
|
|
|
|
$times_fired++;
|
|
|
|
|
$internal_counter++;
|
|
|
|
|
# ---------> EXECUTE ALERT <---------------
|
|
|
|
|
## SUB execute_alert (id_alert, field1, field2, field3, agent, timestamp, data)
|
|
|
|
|
logger($pa_config,"Executing SNMP Trap alert for $agent - $alert_data",2);
|
|
|
|
|
execute_alert($pa_config,$id_alert, $field1, $field2, $field3, $trap_agente, $timestamp, $alert_data, $dbh);
|
|
|
|
|
# Now update the new value for times_fired, alert_fired, internal_counter and last_fired for this alert.
|
|
|
|
|
my $query_idag2 = "update talert_snmp set times_fired = $times_fired, last_fired = '$ahora_mysql', internal_counter = $internal_counter where id_as = $id_as ";
|
|
|
|
|
$dbh->do($query_idag2);
|
|
|
|
|
|
|
|
|
|
# Now find record for trap and update "fired" status...
|
|
|
|
|
# Due DBI doesnt return ID of a new inserted item, we now need to find ourselves
|
|
|
|
|
# this is a crap :(
|
|
|
|
|
|
|
|
|
|
my $query_idag3 = "update ttrap set alerted = 1 where timestamp = '$timestamp' and source = '$trap_agente'";
|
|
|
|
|
$dbh->do($query_idag3);
|
|
|
|
|
|
|
|
|
|
} else { # Alert is in valid timegap but has too many alerts or too many little
|
|
|
|
|
$internal_counter++;
|
|
|
|
|
if ($internal_counter < $min_alerts){
|
|
|
|
|
# Now update the new value for times_fired & last_fired if we are below min limit for triggering this alert
|
|
|
|
|
my $query_idag = "update talert_snmp set internal_counter = $internal_counter, times_fired = $times_fired, last_fired = '$ahora_mysql' where id_as = $id_as ";
|
|
|
|
|
$dbh->do($query_idag);
|
|
|
|
|
logger ($pa_config, "SNMP Alarm not fired because is below min limit",8);
|
|
|
|
|
} else { # Too many alerts fired (upper limit)
|
|
|
|
|
my $query_idag = "update talert_snmp set times_fired=$times_fired, internal_counter = $internal_counter where id_as = $id_as ";
|
|
|
|
|
$dbh->do($query_idag);
|
|
|
|
|
logger ($pa_config, "SNMP Alarm not fired because is above max limit",8);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} # While
|
|
|
|
|
} # if
|
|
|
|
|
$s_idag->finish();
|
|
|
|
|
}
|