From d096fa263d07cb05ec7a0c31eddcdc470a70b5bd Mon Sep 17 00:00:00 2001
From: Daniel Maya <daniel.maya@pandorafms.com>
Date: Wed, 27 Sep 2023 11:05:06 +0200
Subject: [PATCH 1/7] #11914 Added log_alerts

---
 pandora_console/extras/mr/66.sql      |  92 +++++++++++++++++++++++
 pandora_console/godmode/menu.php      |   1 +
 pandora_console/include/constants.php |   5 ++
 pandora_console/pandoradb.sql         | 104 ++++++++++++++++++++++++++
 4 files changed, 202 insertions(+)

diff --git a/pandora_console/extras/mr/66.sql b/pandora_console/extras/mr/66.sql
index 0671d66c56..94cdc24b9e 100644
--- a/pandora_console/extras/mr/66.sql
+++ b/pandora_console/extras/mr/66.sql
@@ -5,6 +5,98 @@ ALTER TABLE `ttrap` ADD COLUMN `utimestamp` INT UNSIGNED NOT NULL DEFAULT 0;
 
 UPDATE ttrap SET utimestamp=UNIX_TIMESTAMP(timestamp);
 
+CREATE TABLE IF NOT EXISTS `tlog_alert` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `name` TEXT ,
+  `description` MEDIUMTEXT,
+  `order` INT UNSIGNED DEFAULT 0,
+  `mode` ENUM('PASS','DROP'),
+  `field1` TEXT ,
+  `field2` TEXT ,
+  `field3` TEXT ,
+  `field4` TEXT ,
+  `field5` TEXT ,
+  `field6` TEXT ,
+  `field7` TEXT ,
+  `field8` TEXT ,
+  `field9` TEXT ,
+  `field10` TEXT ,
+  `time_threshold` INT NOT NULL DEFAULT 86400,
+  `max_alerts` INT UNSIGNED NOT NULL DEFAULT 1,
+  `min_alerts` INT UNSIGNED NOT NULL DEFAULT 0,
+  `time_from` time DEFAULT '00:00:00',
+  `time_to` time DEFAULT '00:00:00',
+  `monday` TINYINT DEFAULT 1,
+  `tuesday` TINYINT DEFAULT 1,
+  `wednesday` TINYINT DEFAULT 1,
+  `thursday` TINYINT DEFAULT 1,
+  `friday` TINYINT DEFAULT 1,
+  `saturday` TINYINT DEFAULT 1,
+  `sunday` TINYINT DEFAULT 1,
+  `recovery_notify` TINYINT DEFAULT 0,
+  `field1_recovery` TEXT,
+  `field2_recovery` TEXT,
+  `field3_recovery` TEXT,
+  `field4_recovery` TEXT,
+  `field5_recovery` TEXT,
+  `field6_recovery` TEXT,
+  `field7_recovery` TEXT,
+  `field8_recovery` TEXT,
+  `field9_recovery` TEXT,
+  `field10_recovery` TEXT,
+  `id_group` MEDIUMINT UNSIGNED NULL DEFAULT 0,
+  `internal_counter` INT DEFAULT 0,
+  `last_fired` BIGINT NOT NULL DEFAULT 0,
+  `last_reference` BIGINT NOT NULL DEFAULT 0,
+  `times_fired` INT NOT NULL DEFAULT 0,
+  `disabled` TINYINT DEFAULT 0,
+  `standby` TINYINT DEFAULT 0,
+  `priority` TINYINT DEFAULT 0,
+  `force_execution` TINYINT DEFAULT 0,
+  `group_by` enum ('','id_agente','id_agentmodule','id_alert_am','id_grupo') DEFAULT '',
+  `special_days` TINYINT DEFAULT 0,
+  `disable_event` TINYINT DEFAULT 0,
+  `id_template_conditions` INT UNSIGNED NOT NULL DEFAULT 0,
+  `id_template_fields` INT UNSIGNED NOT NULL DEFAULT 0,
+  `last_evaluation` BIGINT NOT NULL DEFAULT 0,
+  `pool_occurrences` INT UNSIGNED NOT NULL DEFAULT 0,
+  `schedule` TEXT,
+  PRIMARY KEY  (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
+
+CREATE TABLE IF NOT EXISTS `tlog_rule` (
+  `id_log_rule` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `id_log_alert` INT UNSIGNED NOT NULL,
+  `operation` ENUM('NOP', 'AND','OR','XOR','NAND','NOR','NXOR'),
+  `order` INT UNSIGNED DEFAULT 0,
+  `window` INT NOT NULL DEFAULT 0,
+  `count` INT NOT NULL DEFAULT 1,
+  `name` TEXT,
+  `log_content` TEXT,
+  `log_source` TEXT,
+  `log_agent` TEXT,
+  `operator_log_content` TEXT COMMENT 'Operator for log_content',
+  `operator_log_source` TEXT COMMENT 'Operator for log_source',
+  `operator_log_agent` TEXT COMMENT 'Operator for log_agent',
+  PRIMARY KEY  (`id_log_rule`),
+  KEY `idx_id_log_alert` (`id_log_alert`)
+) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
+
+CREATE TABLE IF NOT EXISTS `tlog_alert_action` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `id_log_alert` INT UNSIGNED NOT NULL,
+  `id_alert_action` INT UNSIGNED NOT NULL,
+  `fires_min` INT UNSIGNED DEFAULT 0,
+  `fires_max` INT UNSIGNED DEFAULT 0,
+  `module_action_threshold` INT NOT NULL DEFAULT 0,
+  `last_execution` BIGINT NOT NULL DEFAULT 0,
+  PRIMARY KEY (`id`),
+  FOREIGN KEY (`id_log_alert`) REFERENCES tlog_alert(`id`)
+    ON DELETE CASCADE ON UPDATE CASCADE,
+  FOREIGN KEY (`id_alert_action`) REFERENCES talert_actions(`id`)
+    ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
+
 CREATE TABLE IF NOT EXISTS `tgraph_analytics_filter` (
 `id` INT NOT NULL auto_increment,
 `filter_name` VARCHAR(45) NULL,
diff --git a/pandora_console/godmode/menu.php b/pandora_console/godmode/menu.php
index 7cd504c8ac..276018fae1 100644
--- a/pandora_console/godmode/menu.php
+++ b/pandora_console/godmode/menu.php
@@ -383,6 +383,7 @@ if ($access_console_node === true) {
             $sub['godmode/alerts/alert_special_days']['pages'] = ['godmode/alerts/configure_alert_special_days'];
 
             enterprise_hook('eventalerts_submenu');
+            enterprise_hook('alert_log_submenu');
             $sub['godmode/snmpconsole/snmp_alert']['text'] = __('SNMP alerts');
             $sub['godmode/snmpconsole/snmp_alert']['id'] = 'SNMP_alerts';
             enterprise_hook('alert_inventory_submenu');
diff --git a/pandora_console/include/constants.php b/pandora_console/include/constants.php
index 889e32f693..928f3135d8 100644
--- a/pandora_console/include/constants.php
+++ b/pandora_console/include/constants.php
@@ -887,3 +887,8 @@ define('HOME_SCREEN_ALERT_DETAIL', 'alert_detail');
 define('HOME_SCREEN_EXTERNAL_LINK', 'external_link');
 define('HOME_SCREEN_OTHER', 'other');
 define('HOME_SCREEN_DASHBOARD', 'dashboard');
+
+
+// Alert correlation.
+define('EVENT_ALERTS', 1);
+define('LOG_ALERTS', 2);
diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql
index 662beb93af..a9405741ec 100644
--- a/pandora_console/pandoradb.sql
+++ b/pandora_console/pandoradb.sql
@@ -3168,6 +3168,110 @@ CREATE TABLE IF NOT EXISTS `tevent_alert_action` (
 ) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
 
 
+-- -----------------------------------------------------
+-- Table `tlog_alert`
+-- -----------------------------------------------------
+CREATE TABLE IF NOT EXISTS `tlog_alert` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `name` TEXT ,
+  `description` MEDIUMTEXT,
+  `order` INT UNSIGNED DEFAULT 0,
+  `mode` ENUM('PASS','DROP'),
+  `field1` TEXT ,
+  `field2` TEXT ,
+  `field3` TEXT ,
+  `field4` TEXT ,
+  `field5` TEXT ,
+  `field6` TEXT ,
+  `field7` TEXT ,
+  `field8` TEXT ,
+  `field9` TEXT ,
+  `field10` TEXT ,
+  `time_threshold` INT NOT NULL DEFAULT 86400,
+  `max_alerts` INT UNSIGNED NOT NULL DEFAULT 1,
+  `min_alerts` INT UNSIGNED NOT NULL DEFAULT 0,
+  `time_from` time DEFAULT '00:00:00',
+  `time_to` time DEFAULT '00:00:00',
+  `monday` TINYINT DEFAULT 1,
+  `tuesday` TINYINT DEFAULT 1,
+  `wednesday` TINYINT DEFAULT 1,
+  `thursday` TINYINT DEFAULT 1,
+  `friday` TINYINT DEFAULT 1,
+  `saturday` TINYINT DEFAULT 1,
+  `sunday` TINYINT DEFAULT 1,
+  `recovery_notify` TINYINT DEFAULT 0,
+  `field1_recovery` TEXT,
+  `field2_recovery` TEXT,
+  `field3_recovery` TEXT,
+  `field4_recovery` TEXT,
+  `field5_recovery` TEXT,
+  `field6_recovery` TEXT,
+  `field7_recovery` TEXT,
+  `field8_recovery` TEXT,
+  `field9_recovery` TEXT,
+  `field10_recovery` TEXT,
+  `id_group` MEDIUMINT UNSIGNED NULL DEFAULT 0,
+  `internal_counter` INT DEFAULT 0,
+  `last_fired` BIGINT NOT NULL DEFAULT 0,
+  `last_reference` BIGINT NOT NULL DEFAULT 0,
+  `times_fired` INT NOT NULL DEFAULT 0,
+  `disabled` TINYINT DEFAULT 0,
+  `standby` TINYINT DEFAULT 0,
+  `priority` TINYINT DEFAULT 0,
+  `force_execution` TINYINT DEFAULT 0,
+  `group_by` enum ('','id_agente','id_agentmodule','id_alert_am','id_grupo') DEFAULT '',
+  `special_days` TINYINT DEFAULT 0,
+  `disable_event` TINYINT DEFAULT 0,
+  `id_template_conditions` INT UNSIGNED NOT NULL DEFAULT 0,
+  `id_template_fields` INT UNSIGNED NOT NULL DEFAULT 0,
+  `last_evaluation` BIGINT NOT NULL DEFAULT 0,
+  `pool_occurrences` INT UNSIGNED NOT NULL DEFAULT 0,
+  `schedule` TEXT,
+  PRIMARY KEY  (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
+
+
+-- -----------------------------------------------------
+-- Table `tlog_rule`
+-- -----------------------------------------------------
+CREATE TABLE IF NOT EXISTS `tlog_rule` (
+  `id_log_rule` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `id_log_alert` INT UNSIGNED NOT NULL,
+  `operation` ENUM('NOP', 'AND','OR','XOR','NAND','NOR','NXOR'),
+  `order` INT UNSIGNED DEFAULT 0,
+  `window` INT NOT NULL DEFAULT 0,
+  `count` INT NOT NULL DEFAULT 1,
+  `name` TEXT,
+  `log_content` TEXT,
+  `log_source` TEXT,
+  `log_agent` TEXT,
+  `operator_log_content` TEXT COMMENT 'Operator for log_content',
+  `operator_log_source` TEXT COMMENT 'Operator for log_source',
+  `operator_log_agent` TEXT COMMENT 'Operator for log_agent',
+  PRIMARY KEY  (`id_log_rule`),
+  KEY `idx_id_log_alert` (`id_log_alert`)
+) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
+
+
+-- -----------------------------------------------------
+-- Table `tevent_alert_action`
+-- -----------------------------------------------------
+CREATE TABLE IF NOT EXISTS `tlog_alert_action` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `id_log_alert` INT UNSIGNED NOT NULL,
+  `id_alert_action` INT UNSIGNED NOT NULL,
+  `fires_min` INT UNSIGNED DEFAULT 0,
+  `fires_max` INT UNSIGNED DEFAULT 0,
+  `module_action_threshold` INT NOT NULL DEFAULT 0,
+  `last_execution` BIGINT NOT NULL DEFAULT 0,
+  PRIMARY KEY (`id`),
+  FOREIGN KEY (`id_log_alert`) REFERENCES tlog_alert(`id`)
+    ON DELETE CASCADE ON UPDATE CASCADE,
+  FOREIGN KEY (`id_alert_action`) REFERENCES talert_actions(`id`)
+    ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
+
+
 -- -----------------------------------------------------
 -- Table `tmodule_synth`
 -- -----------------------------------------------------

From c90cca5cb92bf7d44b747f5ad00f76e45ada6a8c Mon Sep 17 00:00:00 2001
From: Ramon Novoa <ramon.novoa@pandorafms.com>
Date: Wed, 4 Oct 2023 14:07:11 +0200
Subject: [PATCH 2/7] Add support for the new Event and Log Servers.

---
 pandora_server/conf/pandora_server.conf.new   | 22 +++--
 .../conf/pandora_server_sec.conf.template     | 22 +++--
 pandora_server/lib/PandoraFMS/Config.pm       | 18 ++--
 pandora_server/lib/PandoraFMS/Core.pm         | 91 ++++++++++++++++---
 pandora_server/lib/PandoraFMS/Tools.pm        |  6 +-
 5 files changed, 119 insertions(+), 40 deletions(-)

diff --git a/pandora_server/conf/pandora_server.conf.new b/pandora_server/conf/pandora_server.conf.new
index 816fcc4244..43310070e0 100644
--- a/pandora_server/conf/pandora_server.conf.new
+++ b/pandora_server/conf/pandora_server.conf.new
@@ -471,26 +471,30 @@ export_threads 1
 
 eventserver 0
 
-# Enable (1) or disable (0) Pandora FMS Correlation Server (PANDORA FMS ENTERPRISE ONLY).
+# Number of threads for the Event Server (PANDORA FMS ENTERPRISE ONLY).
 
-correlationserver 0
+eventserver_threads 1
 
-# Time in seconds to re-evaluate correlation alerts pool (PANDORA FMS ENTERPRISE ONLY).
-
-correlation_threshold 30
-
-# Correlated alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
+# Event alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
 
 event_window 3600
 
-# Correlated Alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
+# Enable (1) or disable (0) Pandora FMS Log Server (PANDORA FMS ENTERPRISE ONLY).
+
+logserver 0
+
+# Number of threads for the Log Server (PANDORA FMS ENTERPRISE ONLY).
+
+logserver_threads 1
+
+# Event alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
 
 log_window 3600
 
 # Pre-load windows on start with available information. (PANDORA FMS ENTERPRISE ONLY).
 #preload_windows 0
 
-# Correlated Alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
+# Event alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
 #event_server_cache_ttl 10
 
 # Log retrieving, items per request. (High values could make elasticsearch crash)
diff --git a/pandora_server/conf/pandora_server_sec.conf.template b/pandora_server/conf/pandora_server_sec.conf.template
index e4cbe335c5..b070938187 100644
--- a/pandora_server/conf/pandora_server_sec.conf.template
+++ b/pandora_server/conf/pandora_server_sec.conf.template
@@ -470,26 +470,30 @@ export_threads 1
 
 eventserver 0
 
-# Enable (1) or disable (0) Pandora FMS Correlation Server (PANDORA FMS ENTERPRISE ONLY).
+# Number of threads for the Event Server (PANDORA FMS ENTERPRISE ONLY).
 
-correlationserver 0
+eventserver_threads 1
 
-# Time in seconds to re-evaluate correlation alerts pool (PANDORA FMS ENTERPRISE ONLY).
-
-correlation_threshold 30
-
-# Correlated alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
+# Event alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
 
 event_window 3600
 
-# Correlated Alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
+# Enable (1) or disable (0) Pandora FMS Log Server (PANDORA FMS ENTERPRISE ONLY).
+
+logserver 0
+
+# Number of threads for the Log Server (PANDORA FMS ENTERPRISE ONLY).
+
+logserver_threads 1
+
+# Log alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
 
 log_window 3600
 
 # Pre-load windows on start with available information. (PANDORA FMS ENTERPRISE ONLY).
 #preload_windows 0
 
-# Correlated Alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
+# Event alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
 #event_server_cache_ttl 10
 
 # Log retrieving, items per request. (High values could make elasticsearch crash)
diff --git a/pandora_server/lib/PandoraFMS/Config.pm b/pandora_server/lib/PandoraFMS/Config.pm
index 147896cdb3..c6e929fd0e 100644
--- a/pandora_server/lib/PandoraFMS/Config.pm
+++ b/pandora_server/lib/PandoraFMS/Config.pm
@@ -296,8 +296,9 @@ sub pandora_load_config {
 	$pa_config->{"google_maps_description"} = 0;
 	$pa_config->{'openstreetmaps_description'} = 0;
 	$pa_config->{"eventserver"} = 1; # 4.0
-	$pa_config->{"correlationserver"} = 0; # 757
-	$pa_config->{"correlation_threshold"} = 30; # 757
+	$pa_config->{"eventserver_threads"} = 1; # 4.0
+	$pa_config->{"logserver"} = 1; # 7.774
+	$pa_config->{"logserver_threads"} = 1; # 7.774
 	$pa_config->{"event_window"} = 3600; # 4.0
 	$pa_config->{"log_window"} = 3600; # 7.741
 	$pa_config->{"elastic_query_size"} = 10; # 7.754 Elements per request (ELK)
@@ -800,14 +801,17 @@ sub pandora_load_config {
 				$pa_config->{"transactional_pool"} = $pa_config->{"incomingdir"} . "/" . $tbuf;
 			}
 		}
-		elsif ($parametro =~ m/^eventserver\s+([0-9]*)/i) {
+		elsif ($parametro =~ m/^eventserver\s+([0-1])/i) {
 			$pa_config->{'eventserver'}= clean_blank($1);
 		}
-		elsif ($parametro =~ m/^correlationserver\s+([0-9]*)/i) {
-			$pa_config->{'correlationserver'}= clean_blank($1);
+		elsif ($parametro =~ m/^eventserver_threads\s+([0-9]*)/i) {
+			$pa_config->{'eventserver_threads'}= clean_blank($1);
 		}
-		elsif ($parametro =~ m/^correlation_threshold\s+([0-9]*)/i) {
-			$pa_config->{'correlation_threshold'}= clean_blank($1);
+		elsif ($parametro =~ m/^logserver\s+([0-1])/i) {
+			$pa_config->{'logserver'}= clean_blank($1);
+		}
+		elsif ($parametro =~ m/^logserver_threads\s+([0-9]*)/i) {
+			$pa_config->{'logserver_threads'}= clean_blank($1);
 		}
 		elsif ($parametro =~ m/^icmpserver\s+([0-9]*)/i) {
 			$pa_config->{'icmpserver'}= clean_blank($1);
diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm
index e7ac485a1d..fcd1c68b2e 100644
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@@ -307,6 +307,7 @@ our @ServerTypes = qw (
 	icmpserver
 	snmpserver
 	satelliteserver
+	transactionalserver
 	mfserver
 	syncserver
 	wuxserver
@@ -317,6 +318,7 @@ our @ServerTypes = qw (
 	correlationserver
 	ncmserver
 	netflowserver
+	logserver
 );
 our @AlertStatus = ('Execute the alert', 'Do not execute the alert', 'Do not execute the alert, but increment its internal counter', 'Cease the alert', 'Recover the alert', 'Reset internal counter');
 
@@ -568,7 +570,7 @@ sub pandora_evaluate_alert ($$$$$$$;$$$$) {
 	my $schedule;
 	if (defined($alert->{'schedule'}) && $alert->{'schedule'} ne '') {
 		$schedule = PandoraFMS::Tools::p_decode_json($pa_config, $alert->{'schedule'});
-		if ($special_day != 0) {
+		if (defined($special_day) && $special_day != 0) {
 			return $status if (!defined($schedule->{$weeks[$special_day]}));
 		}
 	}
@@ -790,9 +792,9 @@ Process an alert given the status returned by pandora_evaluate_alert.
 
 =cut
 ##########################################################################
-sub pandora_process_alert ($$$$$$$$;$$) {
+sub pandora_process_alert ($$$$$$$$;$) {
 	my ($pa_config, $data, $agent, $module, $alert, $rc, $dbh, $timestamp,
-			$extra_macros, $is_correlated_alert) = @_;
+			$extra_macros) = @_;
 
 	if (defined ($agent)) {
 		logger ($pa_config, "Processing alert '" . safe_output($alert->{'name'}) . "' for agent '" . safe_output($agent->{'nombre'}) . "': " . (defined ($AlertStatus[$rc]) ? $AlertStatus[$rc] : 'Unknown status') . ".", 10);
@@ -800,15 +802,21 @@ sub pandora_process_alert ($$$$$$$$;$$) {
 	else {
 		logger ($pa_config, "Processing alert '" . safe_output($alert->{'name'}) . "': " . (defined ($AlertStatus[$rc]) ? $AlertStatus[$rc] : 'Unknown status') . ".", 10);
 	}
-	
+
 	# Simple or event alert?
 	my ($id, $table) = (undef, undef);
 	if (defined ($alert->{'id_template_module'})) {
 		$id = $alert->{'id_template_module'};
 		$table = 'talert_template_modules';
-	} else {
+	} elsif (defined ($alert->{'_log_alert'})) {
+		$id = $alert->{'id'};
+		$table = 'tlog_alert';
+	} elsif (defined ($alert->{'_event_alert'})) {
 		$id = $alert->{'id'};
 		$table = 'tevent_alert';
+	} else {
+		logger($pa_config, "pandora_process_alert received invalid data", 10);
+		return;
 	}
 	
 	# Do not execute
@@ -860,10 +868,10 @@ sub pandora_process_alert ($$$$$$$$;$$) {
 
 		if ($pa_config->{'alertserver'} == 1 || $pa_config->{'alertserver_queue'} == 1) {
 			pandora_queue_alert($pa_config, $dbh, [$data, $agent, $module,
-				$alert, 0, $timestamp, 0, $extra_macros, $is_correlated_alert]);
+				$alert, 0, $timestamp, 0, $extra_macros]);
 		} else {
 			pandora_execute_alert ($pa_config, $data, $agent, $module, $alert, 0, $dbh,
-				$timestamp, 0, $extra_macros, $is_correlated_alert);
+				$timestamp, 0, $extra_macros);
 		}
 		return;
 	}
@@ -906,10 +914,10 @@ sub pandora_process_alert ($$$$$$$$;$$) {
 		
 		if ($pa_config->{'alertserver'} == 1 || $pa_config->{'alertserver_queue'} == 1) {
 			pandora_queue_alert($pa_config, $dbh, [$data, $agent, $module,
-				$alert, 1, $timestamp, 0, $extra_macros, $is_correlated_alert]);
+				$alert, 1, $timestamp, 0, $extra_macros]);
 		} else {
 			pandora_execute_alert ($pa_config, $data, $agent, $module, $alert, 1,
-				$dbh, $timestamp, 0, $extra_macros, $is_correlated_alert);
+				$dbh, $timestamp, 0, $extra_macros);
 		}
 		return;
 	}
@@ -925,7 +933,7 @@ Execute the given alert.
 sub pandora_execute_alert {
 	my ($pa_config, $data, $agent, $module,
 		$alert, $alert_mode, $dbh, $timestamp, $forced_alert,
-		$extra_macros, $is_correlated_alert) = @_;
+		$extra_macros) = @_;
 	
 	# 'in-process' events can inhibit alers too.
 	if ($pa_config->{'event_inhibit_alerts'} == 1 && $alert_mode != RECOVERED_ALERT) {
@@ -1015,7 +1023,7 @@ sub pandora_execute_alert {
 		}
 	}
 	# Event alert
-	else {
+	elsif (defined($alert->{'_event_alert'})) {
 		if ($alert_mode == RECOVERED_ALERT) {
 			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tevent_alert_action.*, talert_actions.*, talert_commands.*
 						FROM tevent_alert_action, talert_actions, talert_commands
@@ -1046,6 +1054,38 @@ sub pandora_execute_alert {
 						$alert->{'id_alert_action'});
 		}
 	}
+	# Log alert.
+	elsif (defined($alert->{'_log_alert'})) {
+		if ($alert_mode == RECOVERED_ALERT) {
+			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tlog_alert_action.*, talert_actions.*, talert_commands.*
+						FROM tlog_alert_action, talert_actions, talert_commands
+						WHERE tlog_alert_action.id_alert_action = talert_actions.id
+						AND talert_actions.id_alert_command = talert_commands.id
+						AND tlog_alert_action.id_log_alert = ?
+						AND ((fires_min = 0 AND fires_max = 0)
+						OR ? >= fires_min)',
+						$alert->{'id'}, $alert->{'times_fired'});
+		} else {
+			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tlog_alert_action.*, talert_actions.*, talert_commands.*
+						FROM tlog_alert_action, talert_actions, talert_commands
+						WHERE tlog_alert_action.id_alert_action = talert_actions.id
+						AND talert_actions.id_alert_command = talert_commands.id
+						AND tlog_alert_action.id_log_alert = ?
+						AND ((fires_min = 0 AND fires_max = 0)
+						OR (fires_min <= fires_max AND ? >= fires_min AND ? <= fires_max)
+						OR (fires_min > fires_max AND ? >= fires_min))', 
+						$alert->{'id'}, $alert->{'times_fired'}, $alert->{'times_fired'}, $alert->{'times_fired'});
+		}
+
+		# Get default action
+		if ($#actions < 0) {
+			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, talert_actions.*, talert_commands.*
+						FROM talert_actions, talert_commands
+						WHERE talert_actions.id = ?
+						AND talert_actions.id_alert_command = talert_commands.id',
+						$alert->{'id_alert_action'});
+		}
+	}
 
 	# No actions defined
 	if ($#actions < 0) {
@@ -1134,8 +1174,33 @@ sub pandora_execute_alert {
 		#If we've spotted an alert recovered, we set the new event's severity to 2 (NORMAL), otherwise the original value is maintained.
 		my ($text, $event, $severity) = ($alert_mode == RECOVERED_ALERT) ? ('recovered', 'alert_recovered', 2) : ('fired', 'alert_fired', $alert->{'priority'});
 
-		if (defined($is_correlated_alert) && $is_correlated_alert == 1) {
-			$text = "Correlated alert $text";
+		if (defined($alert->{'_event_alert'})) {
+			$text = "Event alert $text";
+			pandora_event (
+				$pa_config,
+				"$text (" . safe_output($alert->{'name'}) . ") ",
+				(defined ($agent) ? $agent->{'id_grupo'} : 0),
+				# id agent.
+				0,
+				$severity,
+				(defined ($alert->{'id_template_module'}) ? $alert->{'id_template_module'} : 0),
+				# id agent module.
+				0,
+				$event,
+				0,
+				$dbh,
+				'monitoring_server',
+				'',
+				'',
+				'',
+				'',
+				$critical_instructions,
+				$warning_instructions,
+				$unknown_instructions,
+				p_encode_json($pa_config, $custom_data)
+			);
+		} elsif (defined($alert->{'_log_alert'})) {
+			$text = "Log alert $text";
 			pandora_event (
 				$pa_config,
 				"$text (" . safe_output($alert->{'name'}) . ") ",
diff --git a/pandora_server/lib/PandoraFMS/Tools.pm b/pandora_server/lib/PandoraFMS/Tools.pm
index 326e4692ad..d8e6ad66ac 100755
--- a/pandora_server/lib/PandoraFMS/Tools.pm
+++ b/pandora_server/lib/PandoraFMS/Tools.pm
@@ -67,7 +67,6 @@ our @EXPORT = qw(
 	INVENTORYSERVER
 	WEBSERVER
 	EVENTSERVER
-	CORRELATIONSERVER
 	ICMPSERVER
 	SNMPSERVER
 	SATELLITESERVER
@@ -79,6 +78,7 @@ our @EXPORT = qw(
 	MIGRATIONSERVER
 	NCMSERVER
 	NETFLOWSERVER
+	LOGSERVER
 	METACONSOLE_LICENSE
 	OFFLINE_LICENSE
 	DISCOVERY_HOSTDEVICES
@@ -201,9 +201,10 @@ use constant SYSLOGSERVER => 18;
 use constant PROVISIONINGSERVER => 19;
 use constant MIGRATIONSERVER => 20;
 use constant ALERTSERVER => 21;
-use constant CORRELATIONSERVER => 22;
+use constant CORRELATIONSERVER => 22; # Deprecated.
 use constant NCMSERVER => 23;
 use constant NETFLOWSERVER => 24;
+use constant LOGSERVER => 25;
 
 # Module status
 use constant MODULE_NORMAL => 0;
@@ -2855,6 +2856,7 @@ sub get_server_name {
 	return "CORRELATIONSERVER" if ($server_type eq CORRELATIONSERVER);
 	return "NCMSERVER" if ($server_type eq NCMSERVER);
 	return "NETFLOWSERVER" if ($server_type eq NETFLOWSERVER);
+	return "LOGSERVER" if ($server_type eq LOGSERVER);
 
 	return "UNKNOWN";
 }

From 455ffd83261140f4c4ce7354839f18837dd1731a Mon Sep 17 00:00:00 2001
From: Daniel Maya <daniel.maya@pandorafms.com>
Date: Tue, 10 Oct 2023 14:16:01 +0200
Subject: [PATCH 3/7] #11914 Fied icon

---
 pandora_console/include/constants.php         |  1 +
 pandora_console/include/functions_servers.php | 13 +++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/pandora_console/include/constants.php b/pandora_console/include/constants.php
index 928f3135d8..2dba4790e3 100644
--- a/pandora_console/include/constants.php
+++ b/pandora_console/include/constants.php
@@ -441,6 +441,7 @@ define('SERVER_TYPE_ALERT', 21);
 define('SERVER_TYPE_CORRELATION', 22);
 define('SERVER_TYPE_NCM', 23);
 define('SERVER_TYPE_NETFLOW', 24);
+define('SERVER_TYPE_LOG', 25);
 
 // REPORTS.
 define('REPORT_TOP_N_MAX', 1);
diff --git a/pandora_console/include/functions_servers.php b/pandora_console/include/functions_servers.php
index 3a4273efa4..4b48f1e2dc 100644
--- a/pandora_console/include/functions_servers.php
+++ b/pandora_console/include/functions_servers.php
@@ -979,6 +979,19 @@ function servers_get_info($id_server=-1, $sql_limit=-1)
                 $id_modulo = 0;
             break;
 
+            case SERVER_TYPE_LOG:
+                $server['img'] = html_print_image(
+                    'images/gm_log@svg.svg',
+                    true,
+                    [
+                        'title' => __('Log server'),
+                        'class' => 'main_menu_icon invert_filter',
+                    ]
+                );
+                $server['type'] = 'log';
+                $id_modulo = 0;
+            break;
+
             default:
                 $server['img'] = '';
                 $server['type'] = 'unknown';

From f5535a1fc8490766b0d453b09e42182f73d9158e Mon Sep 17 00:00:00 2001
From: Daniel Maya <daniel.maya@pandorafms.com>
Date: Wed, 11 Oct 2023 17:10:14 +0200
Subject: [PATCH 4/7] #11914 Added update

---
 pandora_console/extras/mr/66.sql              |  2 ++
 .../include/class/ConsoleSupervisor.php       | 35 +++++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/pandora_console/extras/mr/66.sql b/pandora_console/extras/mr/66.sql
index 560afb32fe..690f3f11d9 100644
--- a/pandora_console/extras/mr/66.sql
+++ b/pandora_console/extras/mr/66.sql
@@ -295,4 +295,6 @@ ALTER TABLE `treport_content`  ADD COLUMN `status_of_check` TINYTEXT;
 
 ALTER TABLE `tservice` ADD COLUMN `enable_horizontal_tree` TINYINT NOT NULL DEFAULT 0;
 
+UPDATE `tevent_alert` ea INNER JOIN `tevent_rule` er ON ea.id = er.id_event_alert SET disabled=1 WHERE er.log_agent IS NOT NULL OR er.log_content IS NOT NULL OR er.log_source IS NOT NULL;
+
 COMMIT;
diff --git a/pandora_console/include/class/ConsoleSupervisor.php b/pandora_console/include/class/ConsoleSupervisor.php
index a434a30e7f..f1c3e1f953 100644
--- a/pandora_console/include/class/ConsoleSupervisor.php
+++ b/pandora_console/include/class/ConsoleSupervisor.php
@@ -258,6 +258,7 @@ class ConsoleSupervisor
         /*
          * Check if performance variables are corrects
          */
+
         $this->checkPerformanceVariables();
 
         /*
@@ -291,6 +292,12 @@ class ConsoleSupervisor
          */
 
         $this->checkMYSQLSettings();
+
+        /*
+         * Check log alerts version
+         */
+
+        $this->checkLogAlerts();
     }
 
 
@@ -3104,4 +3111,32 @@ class ConsoleSupervisor
     }
 
 
+    /**
+     * Checks log alerts version.
+     *
+     * @return void
+     */
+    public function checkLogAlerts()
+    {
+        global $config;
+
+        if ((bool) check_acl($config['id_user'], 0, 'LM') === true) {
+            $current_package = (int) $config['current_package'];
+            if ($current_package >= 773 && $current_package <= 777) {
+                $url = '__url__index.php?sec=galertas&sec2=enterprise/godmode/alerts/event_alerts';
+                $this->notify(
+                    [
+                        'type'    => 'NOTIF.LOG.ALERT',
+                        'title'   => __('Alert correlation changed since version 774'),
+                        'message' => __('Log correlation and log correlation with events will be disabled in this update. Some event correlation alerts may need to be modified to adapt to the new format'),
+                        'url'     => $url,
+                    ]
+                );
+            } else {
+                $this->cleanNotifications('NOTIF.LOG.ALERT');
+            }
+        }
+    }
+
+
 }

From 58261effaf448e0f4bd0b796ef627935efd1fc23 Mon Sep 17 00:00:00 2001
From: Daniel Maya <daniel.maya@pandorafms.com>
Date: Wed, 11 Oct 2023 17:12:10 +0200
Subject: [PATCH 5/7] #11914 Added update 2

---
 pandora_console/include/class/ConsoleSupervisor.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_console/include/class/ConsoleSupervisor.php b/pandora_console/include/class/ConsoleSupervisor.php
index f1c3e1f953..b0961df1f3 100644
--- a/pandora_console/include/class/ConsoleSupervisor.php
+++ b/pandora_console/include/class/ConsoleSupervisor.php
@@ -3122,7 +3122,7 @@ class ConsoleSupervisor
 
         if ((bool) check_acl($config['id_user'], 0, 'LM') === true) {
             $current_package = (int) $config['current_package'];
-            if ($current_package >= 773 && $current_package <= 777) {
+            if ($current_package >= 774 && $current_package <= 777) {
                 $url = '__url__index.php?sec=galertas&sec2=enterprise/godmode/alerts/event_alerts';
                 $this->notify(
                     [

From ddc29e9bb94779afd060a3040f64b9f8e24c0e59 Mon Sep 17 00:00:00 2001
From: Daniel Maya <daniel.maya@pandorafms.com>
Date: Fri, 13 Oct 2023 09:40:28 +0200
Subject: [PATCH 6/7] #11914 Added icon

---
 pandora_console/images/log_server.svg         | 29 +++++++++++++++++++
 pandora_console/include/functions_servers.php |  4 +--
 2 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 pandora_console/images/log_server.svg

diff --git a/pandora_console/images/log_server.svg b/pandora_console/images/log_server.svg
new file mode 100644
index 0000000000..26f27c6ae9
--- /dev/null
+++ b/pandora_console/images/log_server.svg
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 28.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 20 20" style="enable-background:new 0 0 20 20;" xml:space="preserve">
+<style type="text/css">
+	.st0{fill:#3F3F3F;}
+</style>
+<g>
+	<path class="st0" d="M4.8,8C4.8,8,4.8,8,4.8,8C4.8,8,4.9,8,4.8,8c0.3,0.1,0.5,0.1,0.7,0.2c0,0,0.1,0,0.1,0c0.3,0,0.5,0.1,0.8,0.1
+		c0.1,0,0.1,0,0.2,0c0.2,0,0.4,0,0.7,0.1c0.1,0,0.2,0,0.2,0c0.3,0,0.6,0,0.9,0c0.3,0,0.6,0,0.9,0c0.1,0,0.2,0,0.2,0
+		c0.2,0,0.4,0,0.7-0.1c0.1,0,0.1,0,0.2,0c0.3,0,0.5-0.1,0.8-0.1c0,0,0.1,0,0.1,0c0.2,0,0.4-0.1,0.6-0.1c0,0,0.1,0,0.1,0c0,0,0,0,0,0
+		c2-0.5,3.3-1.4,3.3-2.4V4.2c0-1.6-3.1-2.8-6.8-2.8S1.6,2.6,1.6,4.2v1.4C1.6,6.6,2.9,7.5,4.8,8z"/>
+	<path class="st0" d="M13.8,8.8c0.5,0.1,1,0.2,1.4,0.4l0-1.2C14.8,8.4,14.3,8.6,13.8,8.8z"/>
+	<path class="st0" d="M7.6,17.3c-1.1-0.6-1.9-1.4-2.7-2.3c-0.7-0.1-1.3-0.3-1.9-0.5c-0.5-0.2-1-0.5-1.5-0.8v1.8
+		c0,0.9,1.1,1.8,2.9,2.3c0,0,0,0,0,0c0,0,0,0,0.1,0c0.2,0.1,0.5,0.1,0.8,0.2c0.1,0,0.1,0,0.2,0C5.6,18,5.9,18,6.2,18.1
+		c0,0,0.1,0,0.1,0c0.3,0,0.6,0.1,0.9,0.1c0.1,0,0.1,0,0.2,0c0.3,0,0.6,0,1,0c0.3,0,0.7,0,1,0c0,0,0.1,0,0.1,0
+		C8.9,18,8.2,17.7,7.6,17.3z"/>
+	<path class="st0" d="M4,13.3c0.1-0.2,0.3-0.4,0.4-0.6c1-1.2,2.1-2.2,3.6-3c-0.4,0-0.8,0-1.2-0.1c-0.2,0-0.3,0-0.5-0.1
+		c-0.3,0-0.7-0.1-1-0.2C4.4,9.3,3.7,9.1,3,8.9C2.5,8.7,2,8.4,1.6,8l0,3.2C1.6,12.1,2.5,12.8,4,13.3z"/>
+</g>
+<g>
+	<path class="st0" d="M5.4,13.6c0.1-0.2,0.3-0.4,0.4-0.6c0.8-1.1,1.8-1.9,3.1-2.5c0.8-0.4,1.7-0.6,2.6-0.7c1.8-0.2,3.4,0.3,4.8,1.3
+		c0.9,0.6,1.8,1.5,2.4,2.3c0.2,0.2,0.2,0.4,0,0.7c-0.8,1.1-1.7,1.9-2.8,2.6c-0.9,0.5-2,0.9-3.1,1.1c-1.6,0.1-3.1-0.2-4.4-1.1
+		C7.3,16,6.5,15,5.6,14c0-0.1-0.1-0.1-0.1-0.2C5.4,13.7,5.4,13.6,5.4,13.6z M12.1,10.8c-1.6,0-2.7,1.4-2.7,2.9s1.4,2.7,2.9,2.7
+		c1.5,0,2.7-1.4,2.7-2.9C15,12,13.6,10.8,12.1,10.8z"/>
+	<path class="st0" d="M12.2,12.1c0.8,0,1.5,0.6,1.5,1.5c0,0.8-0.6,1.6-1.6,1.6c-0.8,0-1.5-0.6-1.5-1.5
+		C10.7,12.8,11.3,12.1,12.2,12.1z"/>
+</g>
+</svg>
diff --git a/pandora_console/include/functions_servers.php b/pandora_console/include/functions_servers.php
index 4b48f1e2dc..845a57a77b 100644
--- a/pandora_console/include/functions_servers.php
+++ b/pandora_console/include/functions_servers.php
@@ -906,7 +906,7 @@ function servers_get_info($id_server=-1, $sql_limit=-1)
                     'images/logs@svg.svg',
                     true,
                     [
-                        'title' => __('Log server'),
+                        'title' => __('Syslog server'),
                         'class' => 'main_menu_icon invert_filter',
                     ]
                 );
@@ -981,7 +981,7 @@ function servers_get_info($id_server=-1, $sql_limit=-1)
 
             case SERVER_TYPE_LOG:
                 $server['img'] = html_print_image(
-                    'images/gm_log@svg.svg',
+                    'images/log_server.svg',
                     true,
                     [
                         'title' => __('Log server'),

From dbc4d35a64694814364031c8f27db69158f7f386 Mon Sep 17 00:00:00 2001
From: Daniel Maya <daniel.maya@pandorafms.com>
Date: Fri, 13 Oct 2023 10:27:43 +0200
Subject: [PATCH 7/7] #11914 Added alert_correlation in delete_file

---
 pandora_console/extras/delete_files/delete_files.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pandora_console/extras/delete_files/delete_files.txt b/pandora_console/extras/delete_files/delete_files.txt
index 513b626262..53a0042dc8 100644
--- a/pandora_console/extras/delete_files/delete_files.txt
+++ b/pandora_console/extras/delete_files/delete_files.txt
@@ -106,6 +106,7 @@ enterprise/godmode/alerts/alert_events.php
 enterprise/godmode/alerts/alert_events_list.php
 enterprise/godmode/alerts/alert_events_rules.php
 enterprise/godmode/alerts/configure_alert_rule.php
+enterprise/godmode/alerts/alert_correlation.php
 enterprise/include/functions_networkmap.php
 enterprise/operation/agentes/pandora_networkmap.view.php
 enterprise/include/ajax/map_enterprise.ajax.php