diff --git a/pandora_console/extras/delete_files/delete_files.txt b/pandora_console/extras/delete_files/delete_files.txt
index a3c2eea0ca..8a9c50f605 100644
--- a/pandora_console/extras/delete_files/delete_files.txt
+++ b/pandora_console/extras/delete_files/delete_files.txt
@@ -106,6 +106,7 @@ enterprise/godmode/alerts/alert_events.php
enterprise/godmode/alerts/alert_events_list.php
enterprise/godmode/alerts/alert_events_rules.php
enterprise/godmode/alerts/configure_alert_rule.php
+enterprise/godmode/alerts/alert_correlation.php
enterprise/include/functions_networkmap.php
enterprise/operation/agentes/pandora_networkmap.view.php
enterprise/include/ajax/map_enterprise.ajax.php
diff --git a/pandora_console/extras/mr/66.sql b/pandora_console/extras/mr/66.sql
index b7b2b400d7..60423984e0 100644
--- a/pandora_console/extras/mr/66.sql
+++ b/pandora_console/extras/mr/66.sql
@@ -5,6 +5,98 @@ ALTER TABLE `ttrap` ADD COLUMN `utimestamp` INT UNSIGNED NOT NULL DEFAULT 0;
UPDATE ttrap SET utimestamp=UNIX_TIMESTAMP(timestamp);
+CREATE TABLE IF NOT EXISTS `tlog_alert` (
+ `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+ `name` TEXT ,
+ `description` MEDIUMTEXT,
+ `order` INT UNSIGNED DEFAULT 0,
+ `mode` ENUM('PASS','DROP'),
+ `field1` TEXT ,
+ `field2` TEXT ,
+ `field3` TEXT ,
+ `field4` TEXT ,
+ `field5` TEXT ,
+ `field6` TEXT ,
+ `field7` TEXT ,
+ `field8` TEXT ,
+ `field9` TEXT ,
+ `field10` TEXT ,
+ `time_threshold` INT NOT NULL DEFAULT 86400,
+ `max_alerts` INT UNSIGNED NOT NULL DEFAULT 1,
+ `min_alerts` INT UNSIGNED NOT NULL DEFAULT 0,
+ `time_from` time DEFAULT '00:00:00',
+ `time_to` time DEFAULT '00:00:00',
+ `monday` TINYINT DEFAULT 1,
+ `tuesday` TINYINT DEFAULT 1,
+ `wednesday` TINYINT DEFAULT 1,
+ `thursday` TINYINT DEFAULT 1,
+ `friday` TINYINT DEFAULT 1,
+ `saturday` TINYINT DEFAULT 1,
+ `sunday` TINYINT DEFAULT 1,
+ `recovery_notify` TINYINT DEFAULT 0,
+ `field1_recovery` TEXT,
+ `field2_recovery` TEXT,
+ `field3_recovery` TEXT,
+ `field4_recovery` TEXT,
+ `field5_recovery` TEXT,
+ `field6_recovery` TEXT,
+ `field7_recovery` TEXT,
+ `field8_recovery` TEXT,
+ `field9_recovery` TEXT,
+ `field10_recovery` TEXT,
+ `id_group` MEDIUMINT UNSIGNED NULL DEFAULT 0,
+ `internal_counter` INT DEFAULT 0,
+ `last_fired` BIGINT NOT NULL DEFAULT 0,
+ `last_reference` BIGINT NOT NULL DEFAULT 0,
+ `times_fired` INT NOT NULL DEFAULT 0,
+ `disabled` TINYINT DEFAULT 0,
+ `standby` TINYINT DEFAULT 0,
+ `priority` TINYINT DEFAULT 0,
+ `force_execution` TINYINT DEFAULT 0,
+ `group_by` enum ('','id_agente','id_agentmodule','id_alert_am','id_grupo') DEFAULT '',
+ `special_days` TINYINT DEFAULT 0,
+ `disable_event` TINYINT DEFAULT 0,
+ `id_template_conditions` INT UNSIGNED NOT NULL DEFAULT 0,
+ `id_template_fields` INT UNSIGNED NOT NULL DEFAULT 0,
+ `last_evaluation` BIGINT NOT NULL DEFAULT 0,
+ `pool_occurrences` INT UNSIGNED NOT NULL DEFAULT 0,
+ `schedule` TEXT,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
+
+CREATE TABLE IF NOT EXISTS `tlog_rule` (
+ `id_log_rule` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+ `id_log_alert` INT UNSIGNED NOT NULL,
+ `operation` ENUM('NOP', 'AND','OR','XOR','NAND','NOR','NXOR'),
+ `order` INT UNSIGNED DEFAULT 0,
+ `window` INT NOT NULL DEFAULT 0,
+ `count` INT NOT NULL DEFAULT 1,
+ `name` TEXT,
+ `log_content` TEXT,
+ `log_source` TEXT,
+ `log_agent` TEXT,
+ `operator_log_content` TEXT COMMENT 'Operator for log_content',
+ `operator_log_source` TEXT COMMENT 'Operator for log_source',
+ `operator_log_agent` TEXT COMMENT 'Operator for log_agent',
+ PRIMARY KEY (`id_log_rule`),
+ KEY `idx_id_log_alert` (`id_log_alert`)
+) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
+
+CREATE TABLE IF NOT EXISTS `tlog_alert_action` (
+ `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+ `id_log_alert` INT UNSIGNED NOT NULL,
+ `id_alert_action` INT UNSIGNED NOT NULL,
+ `fires_min` INT UNSIGNED DEFAULT 0,
+ `fires_max` INT UNSIGNED DEFAULT 0,
+ `module_action_threshold` INT NOT NULL DEFAULT 0,
+ `last_execution` BIGINT NOT NULL DEFAULT 0,
+ PRIMARY KEY (`id`),
+ FOREIGN KEY (`id_log_alert`) REFERENCES tlog_alert(`id`)
+ ON DELETE CASCADE ON UPDATE CASCADE,
+ FOREIGN KEY (`id_alert_action`) REFERENCES talert_actions(`id`)
+ ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
+
CREATE TABLE IF NOT EXISTS `tgraph_analytics_filter` (
`id` INT NOT NULL auto_increment,
`filter_name` VARCHAR(45) NULL,
@@ -268,4 +360,6 @@ INSERT INTO tmodule_inventory (`id_os`, `name`, `description`, `interpreter`, `d
SELECT * FROM (SELECT @id_os id_os, @tmodule_name name, @tmodule_description description, '' interpreter, 'ID:STATUS' data_format, '' code, '0' block_mode, 2 script_mode) AS tmp
WHERE NOT EXISTS (SELECT name, description FROM tmodule_inventory WHERE name = @tmodule_name and description = @tmodule_description and id_os = @id_os);
+UPDATE `tevent_alert` ea INNER JOIN `tevent_rule` er ON ea.id = er.id_event_alert SET disabled=1 WHERE er.log_agent IS NOT NULL OR er.log_content IS NOT NULL OR er.log_source IS NOT NULL;
+
COMMIT;
diff --git a/pandora_console/godmode/menu.php b/pandora_console/godmode/menu.php
index a6ec702923..94509ab820 100644
--- a/pandora_console/godmode/menu.php
+++ b/pandora_console/godmode/menu.php
@@ -384,6 +384,7 @@ if ($access_console_node === true) {
$sub['godmode/alerts/alert_special_days']['pages'] = ['godmode/alerts/configure_alert_special_days'];
enterprise_hook('eventalerts_submenu');
+ enterprise_hook('alert_log_submenu');
$sub['godmode/snmpconsole/snmp_alert']['text'] = __('SNMP alerts');
$sub['godmode/snmpconsole/snmp_alert']['id'] = 'SNMP_alerts';
enterprise_hook('alert_inventory_submenu');
diff --git a/pandora_console/images/log_server.svg b/pandora_console/images/log_server.svg
new file mode 100644
index 0000000000..26f27c6ae9
--- /dev/null
+++ b/pandora_console/images/log_server.svg
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 28.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
+<svg version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+ viewBox="0 0 20 20" style="enable-background:new 0 0 20 20;" xml:space="preserve">
+<style type="text/css">
+ .st0{fill:#3F3F3F;}
+</style>
+<g>
+ <path class="st0" d="M4.8,8C4.8,8,4.8,8,4.8,8C4.8,8,4.9,8,4.8,8c0.3,0.1,0.5,0.1,0.7,0.2c0,0,0.1,0,0.1,0c0.3,0,0.5,0.1,0.8,0.1
+ c0.1,0,0.1,0,0.2,0c0.2,0,0.4,0,0.7,0.1c0.1,0,0.2,0,0.2,0c0.3,0,0.6,0,0.9,0c0.3,0,0.6,0,0.9,0c0.1,0,0.2,0,0.2,0
+ c0.2,0,0.4,0,0.7-0.1c0.1,0,0.1,0,0.2,0c0.3,0,0.5-0.1,0.8-0.1c0,0,0.1,0,0.1,0c0.2,0,0.4-0.1,0.6-0.1c0,0,0.1,0,0.1,0c0,0,0,0,0,0
+ c2-0.5,3.3-1.4,3.3-2.4V4.2c0-1.6-3.1-2.8-6.8-2.8S1.6,2.6,1.6,4.2v1.4C1.6,6.6,2.9,7.5,4.8,8z"/>
+ <path class="st0" d="M13.8,8.8c0.5,0.1,1,0.2,1.4,0.4l0-1.2C14.8,8.4,14.3,8.6,13.8,8.8z"/>
+ <path class="st0" d="M7.6,17.3c-1.1-0.6-1.9-1.4-2.7-2.3c-0.7-0.1-1.3-0.3-1.9-0.5c-0.5-0.2-1-0.5-1.5-0.8v1.8
+ c0,0.9,1.1,1.8,2.9,2.3c0,0,0,0,0,0c0,0,0,0,0.1,0c0.2,0.1,0.5,0.1,0.8,0.2c0.1,0,0.1,0,0.2,0C5.6,18,5.9,18,6.2,18.1
+ c0,0,0.1,0,0.1,0c0.3,0,0.6,0.1,0.9,0.1c0.1,0,0.1,0,0.2,0c0.3,0,0.6,0,1,0c0.3,0,0.7,0,1,0c0,0,0.1,0,0.1,0
+ C8.9,18,8.2,17.7,7.6,17.3z"/>
+ <path class="st0" d="M4,13.3c0.1-0.2,0.3-0.4,0.4-0.6c1-1.2,2.1-2.2,3.6-3c-0.4,0-0.8,0-1.2-0.1c-0.2,0-0.3,0-0.5-0.1
+ c-0.3,0-0.7-0.1-1-0.2C4.4,9.3,3.7,9.1,3,8.9C2.5,8.7,2,8.4,1.6,8l0,3.2C1.6,12.1,2.5,12.8,4,13.3z"/>
+</g>
+<g>
+ <path class="st0" d="M5.4,13.6c0.1-0.2,0.3-0.4,0.4-0.6c0.8-1.1,1.8-1.9,3.1-2.5c0.8-0.4,1.7-0.6,2.6-0.7c1.8-0.2,3.4,0.3,4.8,1.3
+ c0.9,0.6,1.8,1.5,2.4,2.3c0.2,0.2,0.2,0.4,0,0.7c-0.8,1.1-1.7,1.9-2.8,2.6c-0.9,0.5-2,0.9-3.1,1.1c-1.6,0.1-3.1-0.2-4.4-1.1
+ C7.3,16,6.5,15,5.6,14c0-0.1-0.1-0.1-0.1-0.2C5.4,13.7,5.4,13.6,5.4,13.6z M12.1,10.8c-1.6,0-2.7,1.4-2.7,2.9s1.4,2.7,2.9,2.7
+ c1.5,0,2.7-1.4,2.7-2.9C15,12,13.6,10.8,12.1,10.8z"/>
+ <path class="st0" d="M12.2,12.1c0.8,0,1.5,0.6,1.5,1.5c0,0.8-0.6,1.6-1.6,1.6c-0.8,0-1.5-0.6-1.5-1.5
+ C10.7,12.8,11.3,12.1,12.2,12.1z"/>
+</g>
+</svg>
diff --git a/pandora_console/include/class/ConsoleSupervisor.php b/pandora_console/include/class/ConsoleSupervisor.php
index c55704e43b..5f5eb4b339 100644
--- a/pandora_console/include/class/ConsoleSupervisor.php
+++ b/pandora_console/include/class/ConsoleSupervisor.php
@@ -256,6 +256,7 @@ class ConsoleSupervisor
/*
* Check if performance variables are corrects
*/
+
$this->checkPerformanceVariables();
/*
@@ -289,6 +290,12 @@ class ConsoleSupervisor
*/
$this->checkMYSQLSettings();
+
+ /*
+ * Check log alerts version
+ */
+
+ $this->checkLogAlerts();
}
@@ -3106,4 +3113,32 @@ class ConsoleSupervisor
}
+ /**
+ * Checks log alerts version.
+ *
+ * @return void
+ */
+ public function checkLogAlerts()
+ {
+ global $config;
+
+ if ((bool) check_acl($config['id_user'], 0, 'LM') === true) {
+ $current_package = (int) $config['current_package'];
+ if ($current_package >= 774 && $current_package <= 777) {
+ $url = '__url__index.php?sec=galertas&sec2=enterprise/godmode/alerts/event_alerts';
+ $this->notify(
+ [
+ 'type' => 'NOTIF.LOG.ALERT',
+ 'title' => __('Alert correlation changed since version 774'),
+ 'message' => __('Log correlation and log correlation with events will be disabled in this update. Some event correlation alerts may need to be modified to adapt to the new format'),
+ 'url' => $url,
+ ]
+ );
+ } else {
+ $this->cleanNotifications('NOTIF.LOG.ALERT');
+ }
+ }
+ }
+
+
}
diff --git a/pandora_console/include/constants.php b/pandora_console/include/constants.php
index 889e32f693..2dba4790e3 100644
--- a/pandora_console/include/constants.php
+++ b/pandora_console/include/constants.php
@@ -441,6 +441,7 @@ define('SERVER_TYPE_ALERT', 21);
define('SERVER_TYPE_CORRELATION', 22);
define('SERVER_TYPE_NCM', 23);
define('SERVER_TYPE_NETFLOW', 24);
+define('SERVER_TYPE_LOG', 25);
// REPORTS.
define('REPORT_TOP_N_MAX', 1);
@@ -887,3 +888,8 @@ define('HOME_SCREEN_ALERT_DETAIL', 'alert_detail');
define('HOME_SCREEN_EXTERNAL_LINK', 'external_link');
define('HOME_SCREEN_OTHER', 'other');
define('HOME_SCREEN_DASHBOARD', 'dashboard');
+
+
+// Alert correlation.
+define('EVENT_ALERTS', 1);
+define('LOG_ALERTS', 2);
diff --git a/pandora_console/include/functions_servers.php b/pandora_console/include/functions_servers.php
index 3a4273efa4..845a57a77b 100644
--- a/pandora_console/include/functions_servers.php
+++ b/pandora_console/include/functions_servers.php
@@ -906,7 +906,7 @@ function servers_get_info($id_server=-1, $sql_limit=-1)
'images/logs@svg.svg',
true,
[
- 'title' => __('Log server'),
+ 'title' => __('Syslog server'),
'class' => 'main_menu_icon invert_filter',
]
);
@@ -979,6 +979,19 @@ function servers_get_info($id_server=-1, $sql_limit=-1)
$id_modulo = 0;
break;
+ case SERVER_TYPE_LOG:
+ $server['img'] = html_print_image(
+ 'images/log_server.svg',
+ true,
+ [
+ 'title' => __('Log server'),
+ 'class' => 'main_menu_icon invert_filter',
+ ]
+ );
+ $server['type'] = 'log';
+ $id_modulo = 0;
+ break;
+
default:
$server['img'] = '';
$server['type'] = 'unknown';
diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql
index f3828b3204..141ab4344d 100644
--- a/pandora_console/pandoradb.sql
+++ b/pandora_console/pandoradb.sql
@@ -3131,6 +3131,110 @@ CREATE TABLE IF NOT EXISTS `tevent_alert_action` (
) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
+-- -----------------------------------------------------
+-- Table `tlog_alert`
+-- -----------------------------------------------------
+CREATE TABLE IF NOT EXISTS `tlog_alert` (
+ `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+ `name` TEXT ,
+ `description` MEDIUMTEXT,
+ `order` INT UNSIGNED DEFAULT 0,
+ `mode` ENUM('PASS','DROP'),
+ `field1` TEXT ,
+ `field2` TEXT ,
+ `field3` TEXT ,
+ `field4` TEXT ,
+ `field5` TEXT ,
+ `field6` TEXT ,
+ `field7` TEXT ,
+ `field8` TEXT ,
+ `field9` TEXT ,
+ `field10` TEXT ,
+ `time_threshold` INT NOT NULL DEFAULT 86400,
+ `max_alerts` INT UNSIGNED NOT NULL DEFAULT 1,
+ `min_alerts` INT UNSIGNED NOT NULL DEFAULT 0,
+ `time_from` time DEFAULT '00:00:00',
+ `time_to` time DEFAULT '00:00:00',
+ `monday` TINYINT DEFAULT 1,
+ `tuesday` TINYINT DEFAULT 1,
+ `wednesday` TINYINT DEFAULT 1,
+ `thursday` TINYINT DEFAULT 1,
+ `friday` TINYINT DEFAULT 1,
+ `saturday` TINYINT DEFAULT 1,
+ `sunday` TINYINT DEFAULT 1,
+ `recovery_notify` TINYINT DEFAULT 0,
+ `field1_recovery` TEXT,
+ `field2_recovery` TEXT,
+ `field3_recovery` TEXT,
+ `field4_recovery` TEXT,
+ `field5_recovery` TEXT,
+ `field6_recovery` TEXT,
+ `field7_recovery` TEXT,
+ `field8_recovery` TEXT,
+ `field9_recovery` TEXT,
+ `field10_recovery` TEXT,
+ `id_group` MEDIUMINT UNSIGNED NULL DEFAULT 0,
+ `internal_counter` INT DEFAULT 0,
+ `last_fired` BIGINT NOT NULL DEFAULT 0,
+ `last_reference` BIGINT NOT NULL DEFAULT 0,
+ `times_fired` INT NOT NULL DEFAULT 0,
+ `disabled` TINYINT DEFAULT 0,
+ `standby` TINYINT DEFAULT 0,
+ `priority` TINYINT DEFAULT 0,
+ `force_execution` TINYINT DEFAULT 0,
+ `group_by` enum ('','id_agente','id_agentmodule','id_alert_am','id_grupo') DEFAULT '',
+ `special_days` TINYINT DEFAULT 0,
+ `disable_event` TINYINT DEFAULT 0,
+ `id_template_conditions` INT UNSIGNED NOT NULL DEFAULT 0,
+ `id_template_fields` INT UNSIGNED NOT NULL DEFAULT 0,
+ `last_evaluation` BIGINT NOT NULL DEFAULT 0,
+ `pool_occurrences` INT UNSIGNED NOT NULL DEFAULT 0,
+ `schedule` TEXT,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
+
+
+-- -----------------------------------------------------
+-- Table `tlog_rule`
+-- -----------------------------------------------------
+CREATE TABLE IF NOT EXISTS `tlog_rule` (
+ `id_log_rule` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+ `id_log_alert` INT UNSIGNED NOT NULL,
+ `operation` ENUM('NOP', 'AND','OR','XOR','NAND','NOR','NXOR'),
+ `order` INT UNSIGNED DEFAULT 0,
+ `window` INT NOT NULL DEFAULT 0,
+ `count` INT NOT NULL DEFAULT 1,
+ `name` TEXT,
+ `log_content` TEXT,
+ `log_source` TEXT,
+ `log_agent` TEXT,
+ `operator_log_content` TEXT COMMENT 'Operator for log_content',
+ `operator_log_source` TEXT COMMENT 'Operator for log_source',
+ `operator_log_agent` TEXT COMMENT 'Operator for log_agent',
+ PRIMARY KEY (`id_log_rule`),
+ KEY `idx_id_log_alert` (`id_log_alert`)
+) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
+
+
+-- -----------------------------------------------------
+-- Table `tevent_alert_action`
+-- -----------------------------------------------------
+CREATE TABLE IF NOT EXISTS `tlog_alert_action` (
+ `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+ `id_log_alert` INT UNSIGNED NOT NULL,
+ `id_alert_action` INT UNSIGNED NOT NULL,
+ `fires_min` INT UNSIGNED DEFAULT 0,
+ `fires_max` INT UNSIGNED DEFAULT 0,
+ `module_action_threshold` INT NOT NULL DEFAULT 0,
+ `last_execution` BIGINT NOT NULL DEFAULT 0,
+ PRIMARY KEY (`id`),
+ FOREIGN KEY (`id_log_alert`) REFERENCES tlog_alert(`id`)
+ ON DELETE CASCADE ON UPDATE CASCADE,
+ FOREIGN KEY (`id_alert_action`) REFERENCES talert_actions(`id`)
+ ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
+
+
-- -----------------------------------------------------
-- Table `tmodule_synth`
-- -----------------------------------------------------
diff --git a/pandora_server/conf/pandora_server.conf.new b/pandora_server/conf/pandora_server.conf.new
index 5886355160..db6e45bebb 100644
--- a/pandora_server/conf/pandora_server.conf.new
+++ b/pandora_server/conf/pandora_server.conf.new
@@ -477,26 +477,30 @@ export_threads 1
eventserver 0
-# Enable (1) or disable (0) Pandora FMS Correlation Server (PANDORA FMS ENTERPRISE ONLY).
+# Number of threads for the Event Server (PANDORA FMS ENTERPRISE ONLY).
-correlationserver 0
+eventserver_threads 1
-# Time in seconds to re-evaluate correlation alerts pool (PANDORA FMS ENTERPRISE ONLY).
-
-correlation_threshold 30
-
-# Correlated alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
+# Event alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
event_window 3600
-# Correlated Alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
+# Enable (1) or disable (0) Pandora FMS Log Server (PANDORA FMS ENTERPRISE ONLY).
+
+logserver 0
+
+# Number of threads for the Log Server (PANDORA FMS ENTERPRISE ONLY).
+
+logserver_threads 1
+
+# Event alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
log_window 3600
# Pre-load windows on start with available information. (PANDORA FMS ENTERPRISE ONLY).
#preload_windows 0
-# Correlated Alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
+# Event alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
#event_server_cache_ttl 10
# Log retrieving, items per request. (High values could make elasticsearch crash)
diff --git a/pandora_server/conf/pandora_server_sec.conf.template b/pandora_server/conf/pandora_server_sec.conf.template
index e4cbe335c5..b070938187 100644
--- a/pandora_server/conf/pandora_server_sec.conf.template
+++ b/pandora_server/conf/pandora_server_sec.conf.template
@@ -470,26 +470,30 @@ export_threads 1
eventserver 0
-# Enable (1) or disable (0) Pandora FMS Correlation Server (PANDORA FMS ENTERPRISE ONLY).
+# Number of threads for the Event Server (PANDORA FMS ENTERPRISE ONLY).
-correlationserver 0
+eventserver_threads 1
-# Time in seconds to re-evaluate correlation alerts pool (PANDORA FMS ENTERPRISE ONLY).
-
-correlation_threshold 30
-
-# Correlated alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
+# Event alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
event_window 3600
-# Correlated Alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
+# Enable (1) or disable (0) Pandora FMS Log Server (PANDORA FMS ENTERPRISE ONLY).
+
+logserver 0
+
+# Number of threads for the Log Server (PANDORA FMS ENTERPRISE ONLY).
+
+logserver_threads 1
+
+# Log alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
log_window 3600
# Pre-load windows on start with available information. (PANDORA FMS ENTERPRISE ONLY).
#preload_windows 0
-# Correlated Alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
+# Event alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
#event_server_cache_ttl 10
# Log retrieving, items per request. (High values could make elasticsearch crash)
diff --git a/pandora_server/lib/PandoraFMS/Config.pm b/pandora_server/lib/PandoraFMS/Config.pm
index 115c493da6..a5477c7503 100644
--- a/pandora_server/lib/PandoraFMS/Config.pm
+++ b/pandora_server/lib/PandoraFMS/Config.pm
@@ -297,8 +297,9 @@ sub pandora_load_config {
$pa_config->{"google_maps_description"} = 0;
$pa_config->{'openstreetmaps_description'} = 0;
$pa_config->{"eventserver"} = 1; # 4.0
- $pa_config->{"correlationserver"} = 0; # 757
- $pa_config->{"correlation_threshold"} = 30; # 757
+ $pa_config->{"eventserver_threads"} = 1; # 4.0
+ $pa_config->{"logserver"} = 1; # 7.774
+ $pa_config->{"logserver_threads"} = 1; # 7.774
$pa_config->{"event_window"} = 3600; # 4.0
$pa_config->{"log_window"} = 3600; # 7.741
$pa_config->{"elastic_query_size"} = 10; # 7.754 Elements per request (ELK)
@@ -803,14 +804,17 @@ sub pandora_load_config {
$pa_config->{"transactional_pool"} = $pa_config->{"incomingdir"} . "/" . $tbuf;
}
}
- elsif ($parametro =~ m/^eventserver\s+([0-9]*)/i) {
+ elsif ($parametro =~ m/^eventserver\s+([0-1])/i) {
$pa_config->{'eventserver'}= clean_blank($1);
}
- elsif ($parametro =~ m/^correlationserver\s+([0-9]*)/i) {
- $pa_config->{'correlationserver'}= clean_blank($1);
+ elsif ($parametro =~ m/^eventserver_threads\s+([0-9]*)/i) {
+ $pa_config->{'eventserver_threads'}= clean_blank($1);
}
- elsif ($parametro =~ m/^correlation_threshold\s+([0-9]*)/i) {
- $pa_config->{'correlation_threshold'}= clean_blank($1);
+ elsif ($parametro =~ m/^logserver\s+([0-1])/i) {
+ $pa_config->{'logserver'}= clean_blank($1);
+ }
+ elsif ($parametro =~ m/^logserver_threads\s+([0-9]*)/i) {
+ $pa_config->{'logserver_threads'}= clean_blank($1);
}
elsif ($parametro =~ m/^icmpserver\s+([0-9]*)/i) {
$pa_config->{'icmpserver'}= clean_blank($1);
diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm
index 58815a4ff9..6da2b77b41 100644
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@@ -313,6 +313,7 @@ our @ServerTypes = qw (
icmpserver
snmpserver
satelliteserver
+ transactionalserver
mfserver
syncserver
wuxserver
@@ -323,6 +324,7 @@ our @ServerTypes = qw (
correlationserver
ncmserver
netflowserver
+ logserver
);
our @AlertStatus = ('Execute the alert', 'Do not execute the alert', 'Do not execute the alert, but increment its internal counter', 'Cease the alert', 'Recover the alert', 'Reset internal counter');
@@ -804,9 +806,9 @@ Process an alert given the status returned by pandora_evaluate_alert.
=cut
##########################################################################
-sub pandora_process_alert ($$$$$$$$;$$) {
+sub pandora_process_alert ($$$$$$$$;$) {
my ($pa_config, $data, $agent, $module, $alert, $rc, $dbh, $timestamp,
- $extra_macros, $is_correlated_alert) = @_;
+ $extra_macros) = @_;
if (defined ($agent)) {
logger ($pa_config, "Processing alert '" . safe_output($alert->{'name'}) . "' for agent '" . safe_output($agent->{'nombre'}) . "': " . (defined ($AlertStatus[$rc]) ? $AlertStatus[$rc] : 'Unknown status') . ".", 10);
@@ -814,15 +816,21 @@ sub pandora_process_alert ($$$$$$$$;$$) {
else {
logger ($pa_config, "Processing alert '" . safe_output($alert->{'name'}) . "': " . (defined ($AlertStatus[$rc]) ? $AlertStatus[$rc] : 'Unknown status') . ".", 10);
}
-
+
# Simple or event alert?
my ($id, $table) = (undef, undef);
if (defined ($alert->{'id_template_module'})) {
$id = $alert->{'id_template_module'};
$table = 'talert_template_modules';
- } else {
+ } elsif (defined ($alert->{'_log_alert'})) {
+ $id = $alert->{'id'};
+ $table = 'tlog_alert';
+ } elsif (defined ($alert->{'_event_alert'})) {
$id = $alert->{'id'};
$table = 'tevent_alert';
+ } else {
+ logger($pa_config, "pandora_process_alert received invalid data", 10);
+ return;
}
# Do not execute
@@ -874,10 +882,10 @@ sub pandora_process_alert ($$$$$$$$;$$) {
if ($pa_config->{'alertserver'} == 1 || $pa_config->{'alertserver_queue'} == 1) {
pandora_queue_alert($pa_config, $dbh, [$data, $agent, $module,
- $alert, 0, $timestamp, 0, $extra_macros, $is_correlated_alert]);
+ $alert, 0, $timestamp, 0, $extra_macros]);
} else {
pandora_execute_alert ($pa_config, $data, $agent, $module, $alert, 0, $dbh,
- $timestamp, 0, $extra_macros, $is_correlated_alert);
+ $timestamp, 0, $extra_macros);
}
return;
}
@@ -920,10 +928,10 @@ sub pandora_process_alert ($$$$$$$$;$$) {
if ($pa_config->{'alertserver'} == 1 || $pa_config->{'alertserver_queue'} == 1) {
pandora_queue_alert($pa_config, $dbh, [$data, $agent, $module,
- $alert, 1, $timestamp, 0, $extra_macros, $is_correlated_alert]);
+ $alert, 1, $timestamp, 0, $extra_macros]);
} else {
pandora_execute_alert ($pa_config, $data, $agent, $module, $alert, 1,
- $dbh, $timestamp, 0, $extra_macros, $is_correlated_alert);
+ $dbh, $timestamp, 0, $extra_macros);
}
return;
}
@@ -939,7 +947,7 @@ Execute the given alert.
sub pandora_execute_alert {
my ($pa_config, $data, $agent, $module,
$alert, $alert_mode, $dbh, $timestamp, $forced_alert,
- $extra_macros, $is_correlated_alert) = @_;
+ $extra_macros) = @_;
# 'in-process' events can inhibit alers too.
if ($pa_config->{'event_inhibit_alerts'} == 1 && $alert_mode != RECOVERED_ALERT) {
@@ -1029,7 +1037,7 @@ sub pandora_execute_alert {
}
}
# Event alert
- else {
+ elsif (defined($alert->{'_event_alert'})) {
if ($alert_mode == RECOVERED_ALERT) {
@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tevent_alert_action.*, talert_actions.*, talert_commands.*
FROM tevent_alert_action, talert_actions, talert_commands
@@ -1060,6 +1068,38 @@ sub pandora_execute_alert {
$alert->{'id_alert_action'});
}
}
+ # Log alert.
+ elsif (defined($alert->{'_log_alert'})) {
+ if ($alert_mode == RECOVERED_ALERT) {
+ @actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tlog_alert_action.*, talert_actions.*, talert_commands.*
+ FROM tlog_alert_action, talert_actions, talert_commands
+ WHERE tlog_alert_action.id_alert_action = talert_actions.id
+ AND talert_actions.id_alert_command = talert_commands.id
+ AND tlog_alert_action.id_log_alert = ?
+ AND ((fires_min = 0 AND fires_max = 0)
+ OR ? >= fires_min)',
+ $alert->{'id'}, $alert->{'times_fired'});
+ } else {
+ @actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tlog_alert_action.*, talert_actions.*, talert_commands.*
+ FROM tlog_alert_action, talert_actions, talert_commands
+ WHERE tlog_alert_action.id_alert_action = talert_actions.id
+ AND talert_actions.id_alert_command = talert_commands.id
+ AND tlog_alert_action.id_log_alert = ?
+ AND ((fires_min = 0 AND fires_max = 0)
+ OR (fires_min <= fires_max AND ? >= fires_min AND ? <= fires_max)
+ OR (fires_min > fires_max AND ? >= fires_min))',
+ $alert->{'id'}, $alert->{'times_fired'}, $alert->{'times_fired'}, $alert->{'times_fired'});
+ }
+
+ # Get default action
+ if ($#actions < 0) {
+ @actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, talert_actions.*, talert_commands.*
+ FROM talert_actions, talert_commands
+ WHERE talert_actions.id = ?
+ AND talert_actions.id_alert_command = talert_commands.id',
+ $alert->{'id_alert_action'});
+ }
+ }
# No actions defined
if ($#actions < 0) {
@@ -1148,8 +1188,33 @@ sub pandora_execute_alert {
#If we've spotted an alert recovered, we set the new event's severity to 2 (NORMAL), otherwise the original value is maintained.
my ($text, $event, $severity) = ($alert_mode == RECOVERED_ALERT) ? ('recovered', 'alert_recovered', 2) : ('fired', 'alert_fired', $alert->{'priority'});
- if (defined($is_correlated_alert) && $is_correlated_alert == 1) {
- $text = "Correlated alert $text";
+ if (defined($alert->{'_event_alert'})) {
+ $text = "Event alert $text";
+ pandora_event (
+ $pa_config,
+ "$text (" . safe_output($alert->{'name'}) . ") ",
+ (defined ($agent) ? $agent->{'id_grupo'} : 0),
+ # id agent.
+ 0,
+ $severity,
+ (defined ($alert->{'id_template_module'}) ? $alert->{'id_template_module'} : 0),
+ # id agent module.
+ 0,
+ $event,
+ 0,
+ $dbh,
+ 'monitoring_server',
+ '',
+ '',
+ '',
+ '',
+ $critical_instructions,
+ $warning_instructions,
+ $unknown_instructions,
+ p_encode_json($pa_config, $custom_data)
+ );
+ } elsif (defined($alert->{'_log_alert'})) {
+ $text = "Log alert $text";
pandora_event (
$pa_config,
"$text (" . safe_output($alert->{'name'}) . ") ",
diff --git a/pandora_server/lib/PandoraFMS/Tools.pm b/pandora_server/lib/PandoraFMS/Tools.pm
index c9a89938d7..4af9292467 100755
--- a/pandora_server/lib/PandoraFMS/Tools.pm
+++ b/pandora_server/lib/PandoraFMS/Tools.pm
@@ -67,7 +67,6 @@ our @EXPORT = qw(
INVENTORYSERVER
WEBSERVER
EVENTSERVER
- CORRELATIONSERVER
ICMPSERVER
SNMPSERVER
SATELLITESERVER
@@ -79,6 +78,7 @@ our @EXPORT = qw(
MIGRATIONSERVER
NCMSERVER
NETFLOWSERVER
+ LOGSERVER
METACONSOLE_LICENSE
OFFLINE_LICENSE
DISCOVERY_HOSTDEVICES
@@ -205,9 +205,10 @@ use constant SYSLOGSERVER => 18;
use constant PROVISIONINGSERVER => 19;
use constant MIGRATIONSERVER => 20;
use constant ALERTSERVER => 21;
-use constant CORRELATIONSERVER => 22;
+use constant CORRELATIONSERVER => 22; # Deprecated.
use constant NCMSERVER => 23;
use constant NETFLOWSERVER => 24;
+use constant LOGSERVER => 25;
# Module status
use constant MODULE_NORMAL => 0;
@@ -2974,6 +2975,7 @@ sub get_server_name {
return "CORRELATIONSERVER" if ($server_type eq CORRELATIONSERVER);
return "NCMSERVER" if ($server_type eq NCMSERVER);
return "NETFLOWSERVER" if ($server_type eq NETFLOWSERVER);
+ return "LOGSERVER" if ($server_type eq LOGSERVER);
return "UNKNOWN";
}