Merge branch 'ent-11914-editor-de-alertas-de-logs' into 'develop'
Ent 11914 editor de alertas de logs See merge request artica/pandorafms!6505
This commit is contained in:
Daniel Rodriguez
commit
1f8554e8d1
|
|
@ -106,6 +106,7 @@ enterprise/godmode/alerts/alert_events.php
|
|||
enterprise/godmode/alerts/alert_events_list.php
|
||||
enterprise/godmode/alerts/alert_events_rules.php
|
||||
enterprise/godmode/alerts/configure_alert_rule.php
|
||||
enterprise/godmode/alerts/alert_correlation.php
|
||||
enterprise/include/functions_networkmap.php
|
||||
enterprise/operation/agentes/pandora_networkmap.view.php
|
||||
enterprise/include/ajax/map_enterprise.ajax.php
|
||||
|
|
|
|||
|
|
@ -5,6 +5,98 @@ ALTER TABLE `ttrap` ADD COLUMN `utimestamp` INT UNSIGNED NOT NULL DEFAULT 0;
|
|||
|
||||
UPDATE ttrap SET utimestamp=UNIX_TIMESTAMP(timestamp);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `tlog_alert` (
|
||||
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
|
||||
`name` TEXT ,
|
||||
`description` MEDIUMTEXT,
|
||||
`order` INT UNSIGNED DEFAULT 0,
|
||||
`mode` ENUM('PASS','DROP'),
|
||||
`field1` TEXT ,
|
||||
`field2` TEXT ,
|
||||
`field3` TEXT ,
|
||||
`field4` TEXT ,
|
||||
`field5` TEXT ,
|
||||
`field6` TEXT ,
|
||||
`field7` TEXT ,
|
||||
`field8` TEXT ,
|
||||
`field9` TEXT ,
|
||||
`field10` TEXT ,
|
||||
`time_threshold` INT NOT NULL DEFAULT 86400,
|
||||
`max_alerts` INT UNSIGNED NOT NULL DEFAULT 1,
|
||||
`min_alerts` INT UNSIGNED NOT NULL DEFAULT 0,
|
||||
`time_from` time DEFAULT '00:00:00',
|
||||
`time_to` time DEFAULT '00:00:00',
|
||||
`monday` TINYINT DEFAULT 1,
|
||||
`tuesday` TINYINT DEFAULT 1,
|
||||
`wednesday` TINYINT DEFAULT 1,
|
||||
`thursday` TINYINT DEFAULT 1,
|
||||
`friday` TINYINT DEFAULT 1,
|
||||
`saturday` TINYINT DEFAULT 1,
|
||||
`sunday` TINYINT DEFAULT 1,
|
||||
`recovery_notify` TINYINT DEFAULT 0,
|
||||
`field1_recovery` TEXT,
|
||||
`field2_recovery` TEXT,
|
||||
`field3_recovery` TEXT,
|
||||
`field4_recovery` TEXT,
|
||||
`field5_recovery` TEXT,
|
||||
`field6_recovery` TEXT,
|
||||
`field7_recovery` TEXT,
|
||||
`field8_recovery` TEXT,
|
||||
`field9_recovery` TEXT,
|
||||
`field10_recovery` TEXT,
|
||||
`id_group` MEDIUMINT UNSIGNED NULL DEFAULT 0,
|
||||
`internal_counter` INT DEFAULT 0,
|
||||
`last_fired` BIGINT NOT NULL DEFAULT 0,
|
||||
`last_reference` BIGINT NOT NULL DEFAULT 0,
|
||||
`times_fired` INT NOT NULL DEFAULT 0,
|
||||
`disabled` TINYINT DEFAULT 0,
|
||||
`standby` TINYINT DEFAULT 0,
|
||||
`priority` TINYINT DEFAULT 0,
|
||||
`force_execution` TINYINT DEFAULT 0,
|
||||
`group_by` enum ('','id_agente','id_agentmodule','id_alert_am','id_grupo') DEFAULT '',
|
||||
`special_days` TINYINT DEFAULT 0,
|
||||
`disable_event` TINYINT DEFAULT 0,
|
||||
`id_template_conditions` INT UNSIGNED NOT NULL DEFAULT 0,
|
||||
`id_template_fields` INT UNSIGNED NOT NULL DEFAULT 0,
|
||||
`last_evaluation` BIGINT NOT NULL DEFAULT 0,
|
||||
`pool_occurrences` INT UNSIGNED NOT NULL DEFAULT 0,
|
||||
`schedule` TEXT,
|
||||
PRIMARY KEY (`id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `tlog_rule` (
|
||||
`id_log_rule` INT UNSIGNED NOT NULL AUTO_INCREMENT,
|
||||
`id_log_alert` INT UNSIGNED NOT NULL,
|
||||
`operation` ENUM('NOP', 'AND','OR','XOR','NAND','NOR','NXOR'),
|
||||
`order` INT UNSIGNED DEFAULT 0,
|
||||
`window` INT NOT NULL DEFAULT 0,
|
||||
`count` INT NOT NULL DEFAULT 1,
|
||||
`name` TEXT,
|
||||
`log_content` TEXT,
|
||||
`log_source` TEXT,
|
||||
`log_agent` TEXT,
|
||||
`operator_log_content` TEXT COMMENT 'Operator for log_content',
|
||||
`operator_log_source` TEXT COMMENT 'Operator for log_source',
|
||||
`operator_log_agent` TEXT COMMENT 'Operator for log_agent',
|
||||
PRIMARY KEY (`id_log_rule`),
|
||||
KEY `idx_id_log_alert` (`id_log_alert`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `tlog_alert_action` (
|
||||
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
|
||||
`id_log_alert` INT UNSIGNED NOT NULL,
|
||||
`id_alert_action` INT UNSIGNED NOT NULL,
|
||||
`fires_min` INT UNSIGNED DEFAULT 0,
|
||||
`fires_max` INT UNSIGNED DEFAULT 0,
|
||||
`module_action_threshold` INT NOT NULL DEFAULT 0,
|
||||
`last_execution` BIGINT NOT NULL DEFAULT 0,
|
||||
PRIMARY KEY (`id`),
|
||||
FOREIGN KEY (`id_log_alert`) REFERENCES tlog_alert(`id`)
|
||||
ON DELETE CASCADE ON UPDATE CASCADE,
|
||||
FOREIGN KEY (`id_alert_action`) REFERENCES talert_actions(`id`)
|
||||
ON DELETE CASCADE ON UPDATE CASCADE
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `tgraph_analytics_filter` (
|
||||
`id` INT NOT NULL auto_increment,
|
||||
`filter_name` VARCHAR(45) NULL,
|
||||
|
|
@ -268,4 +360,6 @@ INSERT INTO tmodule_inventory (`id_os`, `name`, `description`, `interpreter`, `d
|
|||
SELECT * FROM (SELECT @id_os id_os, @tmodule_name name, @tmodule_description description, '' interpreter, 'ID:STATUS' data_format, '' code, '0' block_mode, 2 script_mode) AS tmp
|
||||
WHERE NOT EXISTS (SELECT name, description FROM tmodule_inventory WHERE name = @tmodule_name and description = @tmodule_description and id_os = @id_os);
|
||||
|
||||
UPDATE `tevent_alert` ea INNER JOIN `tevent_rule` er ON ea.id = er.id_event_alert SET disabled=1 WHERE er.log_agent IS NOT NULL OR er.log_content IS NOT NULL OR er.log_source IS NOT NULL;
|
||||
|
||||
COMMIT;
|
||||
|
|
|
|||
|
|
@ -384,6 +384,7 @@ if ($access_console_node === true) {
|
|||
$sub['godmode/alerts/alert_special_days']['pages'] = ['godmode/alerts/configure_alert_special_days'];
|
||||
|
||||
enterprise_hook('eventalerts_submenu');
|
||||
enterprise_hook('alert_log_submenu');
|
||||
$sub['godmode/snmpconsole/snmp_alert']['text'] = __('SNMP alerts');
|
||||
$sub['godmode/snmpconsole/snmp_alert']['id'] = 'SNMP_alerts';
|
||||
enterprise_hook('alert_inventory_submenu');
|
||||
|
|
|
|||
|
|
@ -0,0 +1,29 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Generator: Adobe Illustrator 28.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
|
||||
<svg version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
|
||||
viewBox="0 0 20 20" style="enable-background:new 0 0 20 20;" xml:space="preserve">
|
||||
<style type="text/css">
|
||||
.st0{fill:#3F3F3F;}
|
||||
</style>
|
||||
<g>
|
||||
<path class="st0" d="M4.8,8C4.8,8,4.8,8,4.8,8C4.8,8,4.9,8,4.8,8c0.3,0.1,0.5,0.1,0.7,0.2c0,0,0.1,0,0.1,0c0.3,0,0.5,0.1,0.8,0.1
|
||||
c0.1,0,0.1,0,0.2,0c0.2,0,0.4,0,0.7,0.1c0.1,0,0.2,0,0.2,0c0.3,0,0.6,0,0.9,0c0.3,0,0.6,0,0.9,0c0.1,0,0.2,0,0.2,0
|
||||
c0.2,0,0.4,0,0.7-0.1c0.1,0,0.1,0,0.2,0c0.3,0,0.5-0.1,0.8-0.1c0,0,0.1,0,0.1,0c0.2,0,0.4-0.1,0.6-0.1c0,0,0.1,0,0.1,0c0,0,0,0,0,0
|
||||
c2-0.5,3.3-1.4,3.3-2.4V4.2c0-1.6-3.1-2.8-6.8-2.8S1.6,2.6,1.6,4.2v1.4C1.6,6.6,2.9,7.5,4.8,8z"/>
|
||||
<path class="st0" d="M13.8,8.8c0.5,0.1,1,0.2,1.4,0.4l0-1.2C14.8,8.4,14.3,8.6,13.8,8.8z"/>
|
||||
<path class="st0" d="M7.6,17.3c-1.1-0.6-1.9-1.4-2.7-2.3c-0.7-0.1-1.3-0.3-1.9-0.5c-0.5-0.2-1-0.5-1.5-0.8v1.8
|
||||
c0,0.9,1.1,1.8,2.9,2.3c0,0,0,0,0,0c0,0,0,0,0.1,0c0.2,0.1,0.5,0.1,0.8,0.2c0.1,0,0.1,0,0.2,0C5.6,18,5.9,18,6.2,18.1
|
||||
c0,0,0.1,0,0.1,0c0.3,0,0.6,0.1,0.9,0.1c0.1,0,0.1,0,0.2,0c0.3,0,0.6,0,1,0c0.3,0,0.7,0,1,0c0,0,0.1,0,0.1,0
|
||||
C8.9,18,8.2,17.7,7.6,17.3z"/>
|
||||
<path class="st0" d="M4,13.3c0.1-0.2,0.3-0.4,0.4-0.6c1-1.2,2.1-2.2,3.6-3c-0.4,0-0.8,0-1.2-0.1c-0.2,0-0.3,0-0.5-0.1
|
||||
c-0.3,0-0.7-0.1-1-0.2C4.4,9.3,3.7,9.1,3,8.9C2.5,8.7,2,8.4,1.6,8l0,3.2C1.6,12.1,2.5,12.8,4,13.3z"/>
|
||||
</g>
|
||||
<g>
|
||||
<path class="st0" d="M5.4,13.6c0.1-0.2,0.3-0.4,0.4-0.6c0.8-1.1,1.8-1.9,3.1-2.5c0.8-0.4,1.7-0.6,2.6-0.7c1.8-0.2,3.4,0.3,4.8,1.3
|
||||
c0.9,0.6,1.8,1.5,2.4,2.3c0.2,0.2,0.2,0.4,0,0.7c-0.8,1.1-1.7,1.9-2.8,2.6c-0.9,0.5-2,0.9-3.1,1.1c-1.6,0.1-3.1-0.2-4.4-1.1
|
||||
C7.3,16,6.5,15,5.6,14c0-0.1-0.1-0.1-0.1-0.2C5.4,13.7,5.4,13.6,5.4,13.6z M12.1,10.8c-1.6,0-2.7,1.4-2.7,2.9s1.4,2.7,2.9,2.7
|
||||
c1.5,0,2.7-1.4,2.7-2.9C15,12,13.6,10.8,12.1,10.8z"/>
|
||||
<path class="st0" d="M12.2,12.1c0.8,0,1.5,0.6,1.5,1.5c0,0.8-0.6,1.6-1.6,1.6c-0.8,0-1.5-0.6-1.5-1.5
|
||||
C10.7,12.8,11.3,12.1,12.2,12.1z"/>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 2.1 KiB |
|
|
@ -256,6 +256,7 @@ class ConsoleSupervisor
|
|||
/*
|
||||
* Check if performance variables are corrects
|
||||
*/
|
||||
|
||||
$this->checkPerformanceVariables();
|
||||
|
||||
/*
|
||||
|
|
@ -289,6 +290,12 @@ class ConsoleSupervisor
|
|||
*/
|
||||
|
||||
$this->checkMYSQLSettings();
|
||||
|
||||
/*
|
||||
* Check log alerts version
|
||||
*/
|
||||
|
||||
$this->checkLogAlerts();
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -3106,4 +3113,32 @@ class ConsoleSupervisor
|
|||
}
|
||||
|
||||
|
||||
/**
|
||||
* Checks log alerts version.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function checkLogAlerts()
|
||||
{
|
||||
global $config;
|
||||
|
||||
if ((bool) check_acl($config['id_user'], 0, 'LM') === true) {
|
||||
$current_package = (int) $config['current_package'];
|
||||
if ($current_package >= 774 && $current_package <= 777) {
|
||||
$url = '__url__index.php?sec=galertas&sec2=enterprise/godmode/alerts/event_alerts';
|
||||
$this->notify(
|
||||
[
|
||||
'type' => 'NOTIF.LOG.ALERT',
|
||||
'title' => __('Alert correlation changed since version 774'),
|
||||
'message' => __('Log correlation and log correlation with events will be disabled in this update. Some event correlation alerts may need to be modified to adapt to the new format'),
|
||||
'url' => $url,
|
||||
]
|
||||
);
|
||||
} else {
|
||||
$this->cleanNotifications('NOTIF.LOG.ALERT');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -441,6 +441,7 @@ define('SERVER_TYPE_ALERT', 21);
|
|||
define('SERVER_TYPE_CORRELATION', 22);
|
||||
define('SERVER_TYPE_NCM', 23);
|
||||
define('SERVER_TYPE_NETFLOW', 24);
|
||||
define('SERVER_TYPE_LOG', 25);
|
||||
|
||||
// REPORTS.
|
||||
define('REPORT_TOP_N_MAX', 1);
|
||||
|
|
@ -887,3 +888,8 @@ define('HOME_SCREEN_ALERT_DETAIL', 'alert_detail');
|
|||
define('HOME_SCREEN_EXTERNAL_LINK', 'external_link');
|
||||
define('HOME_SCREEN_OTHER', 'other');
|
||||
define('HOME_SCREEN_DASHBOARD', 'dashboard');
|
||||
|
||||
|
||||
// Alert correlation.
|
||||
define('EVENT_ALERTS', 1);
|
||||
define('LOG_ALERTS', 2);
|
||||
|
|
|
|||
|
|
@ -906,7 +906,7 @@ function servers_get_info($id_server=-1, $sql_limit=-1)
|
|||
'images/logs@svg.svg',
|
||||
true,
|
||||
[
|
||||
'title' => __('Log server'),
|
||||
'title' => __('Syslog server'),
|
||||
'class' => 'main_menu_icon invert_filter',
|
||||
]
|
||||
);
|
||||
|
|
@ -979,6 +979,19 @@ function servers_get_info($id_server=-1, $sql_limit=-1)
|
|||
$id_modulo = 0;
|
||||
break;
|
||||
|
||||
case SERVER_TYPE_LOG:
|
||||
$server['img'] = html_print_image(
|
||||
'images/log_server.svg',
|
||||
true,
|
||||
[
|
||||
'title' => __('Log server'),
|
||||
'class' => 'main_menu_icon invert_filter',
|
||||
]
|
||||
);
|
||||
$server['type'] = 'log';
|
||||
$id_modulo = 0;
|
||||
break;
|
||||
|
||||
default:
|
||||
$server['img'] = '';
|
||||
$server['type'] = 'unknown';
|
||||
|
|
|
|||
|
|
@ -3131,6 +3131,110 @@ CREATE TABLE IF NOT EXISTS `tevent_alert_action` (
|
|||
) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
|
||||
|
||||
|
||||
-- -----------------------------------------------------
|
||||
-- Table `tlog_alert`
|
||||
-- -----------------------------------------------------
|
||||
CREATE TABLE IF NOT EXISTS `tlog_alert` (
|
||||
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
|
||||
`name` TEXT ,
|
||||
`description` MEDIUMTEXT,
|
||||
`order` INT UNSIGNED DEFAULT 0,
|
||||
`mode` ENUM('PASS','DROP'),
|
||||
`field1` TEXT ,
|
||||
`field2` TEXT ,
|
||||
`field3` TEXT ,
|
||||
`field4` TEXT ,
|
||||
`field5` TEXT ,
|
||||
`field6` TEXT ,
|
||||
`field7` TEXT ,
|
||||
`field8` TEXT ,
|
||||
`field9` TEXT ,
|
||||
`field10` TEXT ,
|
||||
`time_threshold` INT NOT NULL DEFAULT 86400,
|
||||
`max_alerts` INT UNSIGNED NOT NULL DEFAULT 1,
|
||||
`min_alerts` INT UNSIGNED NOT NULL DEFAULT 0,
|
||||
`time_from` time DEFAULT '00:00:00',
|
||||
`time_to` time DEFAULT '00:00:00',
|
||||
`monday` TINYINT DEFAULT 1,
|
||||
`tuesday` TINYINT DEFAULT 1,
|
||||
`wednesday` TINYINT DEFAULT 1,
|
||||
`thursday` TINYINT DEFAULT 1,
|
||||
`friday` TINYINT DEFAULT 1,
|
||||
`saturday` TINYINT DEFAULT 1,
|
||||
`sunday` TINYINT DEFAULT 1,
|
||||
`recovery_notify` TINYINT DEFAULT 0,
|
||||
`field1_recovery` TEXT,
|
||||
`field2_recovery` TEXT,
|
||||
`field3_recovery` TEXT,
|
||||
`field4_recovery` TEXT,
|
||||
`field5_recovery` TEXT,
|
||||
`field6_recovery` TEXT,
|
||||
`field7_recovery` TEXT,
|
||||
`field8_recovery` TEXT,
|
||||
`field9_recovery` TEXT,
|
||||
`field10_recovery` TEXT,
|
||||
`id_group` MEDIUMINT UNSIGNED NULL DEFAULT 0,
|
||||
`internal_counter` INT DEFAULT 0,
|
||||
`last_fired` BIGINT NOT NULL DEFAULT 0,
|
||||
`last_reference` BIGINT NOT NULL DEFAULT 0,
|
||||
`times_fired` INT NOT NULL DEFAULT 0,
|
||||
`disabled` TINYINT DEFAULT 0,
|
||||
`standby` TINYINT DEFAULT 0,
|
||||
`priority` TINYINT DEFAULT 0,
|
||||
`force_execution` TINYINT DEFAULT 0,
|
||||
`group_by` enum ('','id_agente','id_agentmodule','id_alert_am','id_grupo') DEFAULT '',
|
||||
`special_days` TINYINT DEFAULT 0,
|
||||
`disable_event` TINYINT DEFAULT 0,
|
||||
`id_template_conditions` INT UNSIGNED NOT NULL DEFAULT 0,
|
||||
`id_template_fields` INT UNSIGNED NOT NULL DEFAULT 0,
|
||||
`last_evaluation` BIGINT NOT NULL DEFAULT 0,
|
||||
`pool_occurrences` INT UNSIGNED NOT NULL DEFAULT 0,
|
||||
`schedule` TEXT,
|
||||
PRIMARY KEY (`id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
|
||||
|
||||
|
||||
-- -----------------------------------------------------
|
||||
-- Table `tlog_rule`
|
||||
-- -----------------------------------------------------
|
||||
CREATE TABLE IF NOT EXISTS `tlog_rule` (
|
||||
`id_log_rule` INT UNSIGNED NOT NULL AUTO_INCREMENT,
|
||||
`id_log_alert` INT UNSIGNED NOT NULL,
|
||||
`operation` ENUM('NOP', 'AND','OR','XOR','NAND','NOR','NXOR'),
|
||||
`order` INT UNSIGNED DEFAULT 0,
|
||||
`window` INT NOT NULL DEFAULT 0,
|
||||
`count` INT NOT NULL DEFAULT 1,
|
||||
`name` TEXT,
|
||||
`log_content` TEXT,
|
||||
`log_source` TEXT,
|
||||
`log_agent` TEXT,
|
||||
`operator_log_content` TEXT COMMENT 'Operator for log_content',
|
||||
`operator_log_source` TEXT COMMENT 'Operator for log_source',
|
||||
`operator_log_agent` TEXT COMMENT 'Operator for log_agent',
|
||||
PRIMARY KEY (`id_log_rule`),
|
||||
KEY `idx_id_log_alert` (`id_log_alert`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
|
||||
|
||||
|
||||
-- -----------------------------------------------------
|
||||
-- Table `tevent_alert_action`
|
||||
-- -----------------------------------------------------
|
||||
CREATE TABLE IF NOT EXISTS `tlog_alert_action` (
|
||||
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
|
||||
`id_log_alert` INT UNSIGNED NOT NULL,
|
||||
`id_alert_action` INT UNSIGNED NOT NULL,
|
||||
`fires_min` INT UNSIGNED DEFAULT 0,
|
||||
`fires_max` INT UNSIGNED DEFAULT 0,
|
||||
`module_action_threshold` INT NOT NULL DEFAULT 0,
|
||||
`last_execution` BIGINT NOT NULL DEFAULT 0,
|
||||
PRIMARY KEY (`id`),
|
||||
FOREIGN KEY (`id_log_alert`) REFERENCES tlog_alert(`id`)
|
||||
ON DELETE CASCADE ON UPDATE CASCADE,
|
||||
FOREIGN KEY (`id_alert_action`) REFERENCES talert_actions(`id`)
|
||||
ON DELETE CASCADE ON UPDATE CASCADE
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
|
||||
|
||||
|
||||
-- -----------------------------------------------------
|
||||
-- Table `tmodule_synth`
|
||||
-- -----------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -477,26 +477,30 @@ export_threads 1
|
|||
|
||||
eventserver 0
|
||||
|
||||
# Enable (1) or disable (0) Pandora FMS Correlation Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Number of threads for the Event Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
correlationserver 0
|
||||
eventserver_threads 1
|
||||
|
||||
# Time in seconds to re-evaluate correlation alerts pool (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
correlation_threshold 30
|
||||
|
||||
# Correlated alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Event alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
event_window 3600
|
||||
|
||||
# Correlated Alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Enable (1) or disable (0) Pandora FMS Log Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
logserver 0
|
||||
|
||||
# Number of threads for the Log Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
logserver_threads 1
|
||||
|
||||
# Event alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
log_window 3600
|
||||
|
||||
# Pre-load windows on start with available information. (PANDORA FMS ENTERPRISE ONLY).
|
||||
#preload_windows 0
|
||||
|
||||
# Correlated Alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Event alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
|
||||
#event_server_cache_ttl 10
|
||||
|
||||
# Log retrieving, items per request. (High values could make elasticsearch crash)
|
||||
|
|
|
|||
|
|
@ -470,26 +470,30 @@ export_threads 1
|
|||
|
||||
eventserver 0
|
||||
|
||||
# Enable (1) or disable (0) Pandora FMS Correlation Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Number of threads for the Event Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
correlationserver 0
|
||||
eventserver_threads 1
|
||||
|
||||
# Time in seconds to re-evaluate correlation alerts pool (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
correlation_threshold 30
|
||||
|
||||
# Correlated alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Event alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
event_window 3600
|
||||
|
||||
# Correlated Alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Enable (1) or disable (0) Pandora FMS Log Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
logserver 0
|
||||
|
||||
# Number of threads for the Log Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
logserver_threads 1
|
||||
|
||||
# Log alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
log_window 3600
|
||||
|
||||
# Pre-load windows on start with available information. (PANDORA FMS ENTERPRISE ONLY).
|
||||
#preload_windows 0
|
||||
|
||||
# Correlated Alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Event alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
|
||||
#event_server_cache_ttl 10
|
||||
|
||||
# Log retrieving, items per request. (High values could make elasticsearch crash)
|
||||
|
|
|
|||
|
|
@ -297,8 +297,9 @@ sub pandora_load_config {
|
|||
$pa_config->{"google_maps_description"} = 0;
|
||||
$pa_config->{'openstreetmaps_description'} = 0;
|
||||
$pa_config->{"eventserver"} = 1; # 4.0
|
||||
$pa_config->{"correlationserver"} = 0; # 757
|
||||
$pa_config->{"correlation_threshold"} = 30; # 757
|
||||
$pa_config->{"eventserver_threads"} = 1; # 4.0
|
||||
$pa_config->{"logserver"} = 1; # 7.774
|
||||
$pa_config->{"logserver_threads"} = 1; # 7.774
|
||||
$pa_config->{"event_window"} = 3600; # 4.0
|
||||
$pa_config->{"log_window"} = 3600; # 7.741
|
||||
$pa_config->{"elastic_query_size"} = 10; # 7.754 Elements per request (ELK)
|
||||
|
|
@ -803,14 +804,17 @@ sub pandora_load_config {
|
|||
$pa_config->{"transactional_pool"} = $pa_config->{"incomingdir"} . "/" . $tbuf;
|
||||
}
|
||||
}
|
||||
elsif ($parametro =~ m/^eventserver\s+([0-9]*)/i) {
|
||||
elsif ($parametro =~ m/^eventserver\s+([0-1])/i) {
|
||||
$pa_config->{'eventserver'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^correlationserver\s+([0-9]*)/i) {
|
||||
$pa_config->{'correlationserver'}= clean_blank($1);
|
||||
elsif ($parametro =~ m/^eventserver_threads\s+([0-9]*)/i) {
|
||||
$pa_config->{'eventserver_threads'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^correlation_threshold\s+([0-9]*)/i) {
|
||||
$pa_config->{'correlation_threshold'}= clean_blank($1);
|
||||
elsif ($parametro =~ m/^logserver\s+([0-1])/i) {
|
||||
$pa_config->{'logserver'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^logserver_threads\s+([0-9]*)/i) {
|
||||
$pa_config->{'logserver_threads'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^icmpserver\s+([0-9]*)/i) {
|
||||
$pa_config->{'icmpserver'}= clean_blank($1);
|
||||
|
|
|
|||
|
|
@ -313,6 +313,7 @@ our @ServerTypes = qw (
|
|||
icmpserver
|
||||
snmpserver
|
||||
satelliteserver
|
||||
transactionalserver
|
||||
mfserver
|
||||
syncserver
|
||||
wuxserver
|
||||
|
|
@ -323,6 +324,7 @@ our @ServerTypes = qw (
|
|||
correlationserver
|
||||
ncmserver
|
||||
netflowserver
|
||||
logserver
|
||||
);
|
||||
our @AlertStatus = ('Execute the alert', 'Do not execute the alert', 'Do not execute the alert, but increment its internal counter', 'Cease the alert', 'Recover the alert', 'Reset internal counter');
|
||||
|
||||
|
|
@ -804,9 +806,9 @@ Process an alert given the status returned by pandora_evaluate_alert.
|
|||
|
||||
=cut
|
||||
##########################################################################
|
||||
sub pandora_process_alert ($$$$$$$$;$$) {
|
||||
sub pandora_process_alert ($$$$$$$$;$) {
|
||||
my ($pa_config, $data, $agent, $module, $alert, $rc, $dbh, $timestamp,
|
||||
$extra_macros, $is_correlated_alert) = @_;
|
||||
$extra_macros) = @_;
|
||||
|
||||
if (defined ($agent)) {
|
||||
logger ($pa_config, "Processing alert '" . safe_output($alert->{'name'}) . "' for agent '" . safe_output($agent->{'nombre'}) . "': " . (defined ($AlertStatus[$rc]) ? $AlertStatus[$rc] : 'Unknown status') . ".", 10);
|
||||
|
|
@ -814,15 +816,21 @@ sub pandora_process_alert ($$$$$$$$;$$) {
|
|||
else {
|
||||
logger ($pa_config, "Processing alert '" . safe_output($alert->{'name'}) . "': " . (defined ($AlertStatus[$rc]) ? $AlertStatus[$rc] : 'Unknown status') . ".", 10);
|
||||
}
|
||||
|
||||
|
||||
# Simple or event alert?
|
||||
my ($id, $table) = (undef, undef);
|
||||
if (defined ($alert->{'id_template_module'})) {
|
||||
$id = $alert->{'id_template_module'};
|
||||
$table = 'talert_template_modules';
|
||||
} else {
|
||||
} elsif (defined ($alert->{'_log_alert'})) {
|
||||
$id = $alert->{'id'};
|
||||
$table = 'tlog_alert';
|
||||
} elsif (defined ($alert->{'_event_alert'})) {
|
||||
$id = $alert->{'id'};
|
||||
$table = 'tevent_alert';
|
||||
} else {
|
||||
logger($pa_config, "pandora_process_alert received invalid data", 10);
|
||||
return;
|
||||
}
|
||||
|
||||
# Do not execute
|
||||
|
|
@ -874,10 +882,10 @@ sub pandora_process_alert ($$$$$$$$;$$) {
|
|||
|
||||
if ($pa_config->{'alertserver'} == 1 || $pa_config->{'alertserver_queue'} == 1) {
|
||||
pandora_queue_alert($pa_config, $dbh, [$data, $agent, $module,
|
||||
$alert, 0, $timestamp, 0, $extra_macros, $is_correlated_alert]);
|
||||
$alert, 0, $timestamp, 0, $extra_macros]);
|
||||
} else {
|
||||
pandora_execute_alert ($pa_config, $data, $agent, $module, $alert, 0, $dbh,
|
||||
$timestamp, 0, $extra_macros, $is_correlated_alert);
|
||||
$timestamp, 0, $extra_macros);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
|
@ -920,10 +928,10 @@ sub pandora_process_alert ($$$$$$$$;$$) {
|
|||
|
||||
if ($pa_config->{'alertserver'} == 1 || $pa_config->{'alertserver_queue'} == 1) {
|
||||
pandora_queue_alert($pa_config, $dbh, [$data, $agent, $module,
|
||||
$alert, 1, $timestamp, 0, $extra_macros, $is_correlated_alert]);
|
||||
$alert, 1, $timestamp, 0, $extra_macros]);
|
||||
} else {
|
||||
pandora_execute_alert ($pa_config, $data, $agent, $module, $alert, 1,
|
||||
$dbh, $timestamp, 0, $extra_macros, $is_correlated_alert);
|
||||
$dbh, $timestamp, 0, $extra_macros);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
|
@ -939,7 +947,7 @@ Execute the given alert.
|
|||
sub pandora_execute_alert {
|
||||
my ($pa_config, $data, $agent, $module,
|
||||
$alert, $alert_mode, $dbh, $timestamp, $forced_alert,
|
||||
$extra_macros, $is_correlated_alert) = @_;
|
||||
$extra_macros) = @_;
|
||||
|
||||
# 'in-process' events can inhibit alers too.
|
||||
if ($pa_config->{'event_inhibit_alerts'} == 1 && $alert_mode != RECOVERED_ALERT) {
|
||||
|
|
@ -1029,7 +1037,7 @@ sub pandora_execute_alert {
|
|||
}
|
||||
}
|
||||
# Event alert
|
||||
else {
|
||||
elsif (defined($alert->{'_event_alert'})) {
|
||||
if ($alert_mode == RECOVERED_ALERT) {
|
||||
@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tevent_alert_action.*, talert_actions.*, talert_commands.*
|
||||
FROM tevent_alert_action, talert_actions, talert_commands
|
||||
|
|
@ -1060,6 +1068,38 @@ sub pandora_execute_alert {
|
|||
$alert->{'id_alert_action'});
|
||||
}
|
||||
}
|
||||
# Log alert.
|
||||
elsif (defined($alert->{'_log_alert'})) {
|
||||
if ($alert_mode == RECOVERED_ALERT) {
|
||||
@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tlog_alert_action.*, talert_actions.*, talert_commands.*
|
||||
FROM tlog_alert_action, talert_actions, talert_commands
|
||||
WHERE tlog_alert_action.id_alert_action = talert_actions.id
|
||||
AND talert_actions.id_alert_command = talert_commands.id
|
||||
AND tlog_alert_action.id_log_alert = ?
|
||||
AND ((fires_min = 0 AND fires_max = 0)
|
||||
OR ? >= fires_min)',
|
||||
$alert->{'id'}, $alert->{'times_fired'});
|
||||
} else {
|
||||
@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tlog_alert_action.*, talert_actions.*, talert_commands.*
|
||||
FROM tlog_alert_action, talert_actions, talert_commands
|
||||
WHERE tlog_alert_action.id_alert_action = talert_actions.id
|
||||
AND talert_actions.id_alert_command = talert_commands.id
|
||||
AND tlog_alert_action.id_log_alert = ?
|
||||
AND ((fires_min = 0 AND fires_max = 0)
|
||||
OR (fires_min <= fires_max AND ? >= fires_min AND ? <= fires_max)
|
||||
OR (fires_min > fires_max AND ? >= fires_min))',
|
||||
$alert->{'id'}, $alert->{'times_fired'}, $alert->{'times_fired'}, $alert->{'times_fired'});
|
||||
}
|
||||
|
||||
# Get default action
|
||||
if ($#actions < 0) {
|
||||
@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, talert_actions.*, talert_commands.*
|
||||
FROM talert_actions, talert_commands
|
||||
WHERE talert_actions.id = ?
|
||||
AND talert_actions.id_alert_command = talert_commands.id',
|
||||
$alert->{'id_alert_action'});
|
||||
}
|
||||
}
|
||||
|
||||
# No actions defined
|
||||
if ($#actions < 0) {
|
||||
|
|
@ -1148,8 +1188,33 @@ sub pandora_execute_alert {
|
|||
#If we've spotted an alert recovered, we set the new event's severity to 2 (NORMAL), otherwise the original value is maintained.
|
||||
my ($text, $event, $severity) = ($alert_mode == RECOVERED_ALERT) ? ('recovered', 'alert_recovered', 2) : ('fired', 'alert_fired', $alert->{'priority'});
|
||||
|
||||
if (defined($is_correlated_alert) && $is_correlated_alert == 1) {
|
||||
$text = "Correlated alert $text";
|
||||
if (defined($alert->{'_event_alert'})) {
|
||||
$text = "Event alert $text";
|
||||
pandora_event (
|
||||
$pa_config,
|
||||
"$text (" . safe_output($alert->{'name'}) . ") ",
|
||||
(defined ($agent) ? $agent->{'id_grupo'} : 0),
|
||||
# id agent.
|
||||
0,
|
||||
$severity,
|
||||
(defined ($alert->{'id_template_module'}) ? $alert->{'id_template_module'} : 0),
|
||||
# id agent module.
|
||||
0,
|
||||
$event,
|
||||
0,
|
||||
$dbh,
|
||||
'monitoring_server',
|
||||
'',
|
||||
'',
|
||||
'',
|
||||
'',
|
||||
$critical_instructions,
|
||||
$warning_instructions,
|
||||
$unknown_instructions,
|
||||
p_encode_json($pa_config, $custom_data)
|
||||
);
|
||||
} elsif (defined($alert->{'_log_alert'})) {
|
||||
$text = "Log alert $text";
|
||||
pandora_event (
|
||||
$pa_config,
|
||||
"$text (" . safe_output($alert->{'name'}) . ") ",
|
||||
|
|
|
|||
|
|
@ -67,7 +67,6 @@ our @EXPORT = qw(
|
|||
INVENTORYSERVER
|
||||
WEBSERVER
|
||||
EVENTSERVER
|
||||
CORRELATIONSERVER
|
||||
ICMPSERVER
|
||||
SNMPSERVER
|
||||
SATELLITESERVER
|
||||
|
|
@ -79,6 +78,7 @@ our @EXPORT = qw(
|
|||
MIGRATIONSERVER
|
||||
NCMSERVER
|
||||
NETFLOWSERVER
|
||||
LOGSERVER
|
||||
METACONSOLE_LICENSE
|
||||
OFFLINE_LICENSE
|
||||
DISCOVERY_HOSTDEVICES
|
||||
|
|
@ -205,9 +205,10 @@ use constant SYSLOGSERVER => 18;
|
|||
use constant PROVISIONINGSERVER => 19;
|
||||
use constant MIGRATIONSERVER => 20;
|
||||
use constant ALERTSERVER => 21;
|
||||
use constant CORRELATIONSERVER => 22;
|
||||
use constant CORRELATIONSERVER => 22; # Deprecated.
|
||||
use constant NCMSERVER => 23;
|
||||
use constant NETFLOWSERVER => 24;
|
||||
use constant LOGSERVER => 25;
|
||||
|
||||
# Module status
|
||||
use constant MODULE_NORMAL => 0;
|
||||
|
|
@ -2974,6 +2975,7 @@ sub get_server_name {
|
|||
return "CORRELATIONSERVER" if ($server_type eq CORRELATIONSERVER);
|
||||
return "NCMSERVER" if ($server_type eq NCMSERVER);
|
||||
return "NETFLOWSERVER" if ($server_type eq NETFLOWSERVER);
|
||||
return "LOGSERVER" if ($server_type eq LOGSERVER);
|
||||
|
||||
return "UNKNOWN";
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue