Merge branch 'ent-11914-editor-de-alertas-de-logs' into 'develop'

Ent 11914 editor de alertas de logs See merge request artica/pandorafms!6505
2025-07-29 16:55:05 +02:00 · 2023-10-23 12:34:32 +00:00 · 2023-10-23 12:34:32 +00:00 · 1f8554e8d1
commit 1f8554e8d1
parent 48c314669a dbc4d35a64
13 changed files with 402 additions and 40 deletions
--- a/pandora_console/extras/delete_files/delete_files.txt
+++ b/pandora_console/extras/delete_files/delete_files.txt
@ -106,6 +106,7 @@ enterprise/godmode/alerts/alert_events.php
 enterprise/godmode/alerts/alert_events_list.php
 enterprise/godmode/alerts/alert_events_rules.php
 enterprise/godmode/alerts/configure_alert_rule.php
 enterprise/godmode/alerts/alert_correlation.php
 enterprise/include/functions_networkmap.php
 enterprise/operation/agentes/pandora_networkmap.view.php
 enterprise/include/ajax/map_enterprise.ajax.php
--- a/pandora_console/extras/mr/66.sql
+++ b/pandora_console/extras/mr/66.sql
@ -5,6 +5,98 @@ ALTER TABLE `ttrap` ADD COLUMN `utimestamp` INT UNSIGNED NOT NULL DEFAULT 0;
 UPDATE ttrap SET utimestamp=UNIX_TIMESTAMP(timestamp);
 CREATE TABLE IF NOT EXISTS `tlog_alert` (
  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
  `name` TEXT ,
  `description` MEDIUMTEXT,
  `order` INT UNSIGNED DEFAULT 0,
  `mode` ENUM('PASS','DROP'),
  `field1` TEXT ,
  `field2` TEXT ,
  `field3` TEXT ,
  `field4` TEXT ,
  `field5` TEXT ,
  `field6` TEXT ,
  `field7` TEXT ,
  `field8` TEXT ,
  `field9` TEXT ,
  `field10` TEXT ,
  `time_threshold` INT NOT NULL DEFAULT 86400,
  `max_alerts` INT UNSIGNED NOT NULL DEFAULT 1,
  `min_alerts` INT UNSIGNED NOT NULL DEFAULT 0,
  `time_from` time DEFAULT '00:00:00',
  `time_to` time DEFAULT '00:00:00',
  `monday` TINYINT DEFAULT 1,
  `tuesday` TINYINT DEFAULT 1,
  `wednesday` TINYINT DEFAULT 1,
  `thursday` TINYINT DEFAULT 1,
  `friday` TINYINT DEFAULT 1,
  `saturday` TINYINT DEFAULT 1,
  `sunday` TINYINT DEFAULT 1,
  `recovery_notify` TINYINT DEFAULT 0,
  `field1_recovery` TEXT,
  `field2_recovery` TEXT,
  `field3_recovery` TEXT,
  `field4_recovery` TEXT,
  `field5_recovery` TEXT,
  `field6_recovery` TEXT,
  `field7_recovery` TEXT,
  `field8_recovery` TEXT,
  `field9_recovery` TEXT,
  `field10_recovery` TEXT,
  `id_group` MEDIUMINT UNSIGNED NULL DEFAULT 0,
  `internal_counter` INT DEFAULT 0,
  `last_fired` BIGINT NOT NULL DEFAULT 0,
  `last_reference` BIGINT NOT NULL DEFAULT 0,
  `times_fired` INT NOT NULL DEFAULT 0,
  `disabled` TINYINT DEFAULT 0,
  `standby` TINYINT DEFAULT 0,
  `priority` TINYINT DEFAULT 0,
  `force_execution` TINYINT DEFAULT 0,
  `group_by` enum ('','id_agente','id_agentmodule','id_alert_am','id_grupo') DEFAULT '',
  `special_days` TINYINT DEFAULT 0,
  `disable_event` TINYINT DEFAULT 0,
  `id_template_conditions` INT UNSIGNED NOT NULL DEFAULT 0,
  `id_template_fields` INT UNSIGNED NOT NULL DEFAULT 0,
  `last_evaluation` BIGINT NOT NULL DEFAULT 0,
  `pool_occurrences` INT UNSIGNED NOT NULL DEFAULT 0,
  `schedule` TEXT,
  PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
 CREATE TABLE IF NOT EXISTS `tlog_rule` (
  `id_log_rule` INT UNSIGNED NOT NULL AUTO_INCREMENT,
  `id_log_alert` INT UNSIGNED NOT NULL,
  `operation` ENUM('NOP', 'AND','OR','XOR','NAND','NOR','NXOR'),
  `order` INT UNSIGNED DEFAULT 0,
  `window` INT NOT NULL DEFAULT 0,
  `count` INT NOT NULL DEFAULT 1,
  `name` TEXT,
  `log_content` TEXT,
  `log_source` TEXT,
  `log_agent` TEXT,
  `operator_log_content` TEXT COMMENT 'Operator for log_content',
  `operator_log_source` TEXT COMMENT 'Operator for log_source',
  `operator_log_agent` TEXT COMMENT 'Operator for log_agent',
  PRIMARY KEY  (`id_log_rule`),
  KEY `idx_id_log_alert` (`id_log_alert`)
 ) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
 CREATE TABLE IF NOT EXISTS `tlog_alert_action` (
  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
  `id_log_alert` INT UNSIGNED NOT NULL,
  `id_alert_action` INT UNSIGNED NOT NULL,
  `fires_min` INT UNSIGNED DEFAULT 0,
  `fires_max` INT UNSIGNED DEFAULT 0,
  `module_action_threshold` INT NOT NULL DEFAULT 0,
  `last_execution` BIGINT NOT NULL DEFAULT 0,
  PRIMARY KEY (`id`),
  FOREIGN KEY (`id_log_alert`) REFERENCES tlog_alert(`id`)
    ON DELETE CASCADE ON UPDATE CASCADE,
  FOREIGN KEY (`id_alert_action`) REFERENCES talert_actions(`id`)
    ON DELETE CASCADE ON UPDATE CASCADE
 ) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
 CREATE TABLE IF NOT EXISTS `tgraph_analytics_filter` (
 `id` INT NOT NULL auto_increment,
 `filter_name` VARCHAR(45) NULL,
@ -268,4 +360,6 @@ INSERT INTO tmodule_inventory (`id_os`, `name`, `description`, `interpreter`, `d
 SELECT * FROM (SELECT @id_os id_os, @tmodule_name name, @tmodule_description description, '' interpreter, 'ID:STATUS' data_format, '' code, '0' block_mode, 2 script_mode) AS tmp 
 WHERE NOT EXISTS (SELECT name, description FROM tmodule_inventory WHERE name = @tmodule_name and description = @tmodule_description and id_os = @id_os);
 UPDATE `tevent_alert` ea INNER JOIN `tevent_rule` er ON ea.id = er.id_event_alert SET disabled=1 WHERE er.log_agent IS NOT NULL OR er.log_content IS NOT NULL OR er.log_source IS NOT NULL;
 COMMIT;
--- a/pandora_console/godmode/menu.php
+++ b/pandora_console/godmode/menu.php
@ -384,6 +384,7 @@ if ($access_console_node === true) {
            $sub['godmode/alerts/alert_special_days']['pages'] = ['godmode/alerts/configure_alert_special_days'];
            enterprise_hook('eventalerts_submenu');
            enterprise_hook('alert_log_submenu');
            $sub['godmode/snmpconsole/snmp_alert']['text'] = __('SNMP alerts');
            $sub['godmode/snmpconsole/snmp_alert']['id'] = 'SNMP_alerts';
            enterprise_hook('alert_inventory_submenu');
--- a/pandora_console/images/log_server.svg
+++ b/pandora_console/images/log_server.svg
@ -0,0 +1,29 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!-- Generator: Adobe Illustrator 28.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
 <svg version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
 	 viewBox="0 0 20 20" style="enable-background:new 0 0 20 20;" xml:space="preserve">
 <style type="text/css">
 	.st0{fill:#3F3F3F;}
 </style>
 <g>
 	<path class="st0" d="M4.8,8C4.8,8,4.8,8,4.8,8C4.8,8,4.9,8,4.8,8c0.3,0.1,0.5,0.1,0.7,0.2c0,0,0.1,0,0.1,0c0.3,0,0.5,0.1,0.8,0.1
 		c0.1,0,0.1,0,0.2,0c0.2,0,0.4,0,0.7,0.1c0.1,0,0.2,0,0.2,0c0.3,0,0.6,0,0.9,0c0.3,0,0.6,0,0.9,0c0.1,0,0.2,0,0.2,0
 		c0.2,0,0.4,0,0.7-0.1c0.1,0,0.1,0,0.2,0c0.3,0,0.5-0.1,0.8-0.1c0,0,0.1,0,0.1,0c0.2,0,0.4-0.1,0.6-0.1c0,0,0.1,0,0.1,0c0,0,0,0,0,0
 		c2-0.5,3.3-1.4,3.3-2.4V4.2c0-1.6-3.1-2.8-6.8-2.8S1.6,2.6,1.6,4.2v1.4C1.6,6.6,2.9,7.5,4.8,8z"/>
 	<path class="st0" d="M13.8,8.8c0.5,0.1,1,0.2,1.4,0.4l0-1.2C14.8,8.4,14.3,8.6,13.8,8.8z"/>
 	<path class="st0" d="M7.6,17.3c-1.1-0.6-1.9-1.4-2.7-2.3c-0.7-0.1-1.3-0.3-1.9-0.5c-0.5-0.2-1-0.5-1.5-0.8v1.8
 		c0,0.9,1.1,1.8,2.9,2.3c0,0,0,0,0,0c0,0,0,0,0.1,0c0.2,0.1,0.5,0.1,0.8,0.2c0.1,0,0.1,0,0.2,0C5.6,18,5.9,18,6.2,18.1
 		c0,0,0.1,0,0.1,0c0.3,0,0.6,0.1,0.9,0.1c0.1,0,0.1,0,0.2,0c0.3,0,0.6,0,1,0c0.3,0,0.7,0,1,0c0,0,0.1,0,0.1,0
 		C8.9,18,8.2,17.7,7.6,17.3z"/>
 	<path class="st0" d="M4,13.3c0.1-0.2,0.3-0.4,0.4-0.6c1-1.2,2.1-2.2,3.6-3c-0.4,0-0.8,0-1.2-0.1c-0.2,0-0.3,0-0.5-0.1
 		c-0.3,0-0.7-0.1-1-0.2C4.4,9.3,3.7,9.1,3,8.9C2.5,8.7,2,8.4,1.6,8l0,3.2C1.6,12.1,2.5,12.8,4,13.3z"/>
 </g>
 <g>
 	<path class="st0" d="M5.4,13.6c0.1-0.2,0.3-0.4,0.4-0.6c0.8-1.1,1.8-1.9,3.1-2.5c0.8-0.4,1.7-0.6,2.6-0.7c1.8-0.2,3.4,0.3,4.8,1.3
 		c0.9,0.6,1.8,1.5,2.4,2.3c0.2,0.2,0.2,0.4,0,0.7c-0.8,1.1-1.7,1.9-2.8,2.6c-0.9,0.5-2,0.9-3.1,1.1c-1.6,0.1-3.1-0.2-4.4-1.1
 		C7.3,16,6.5,15,5.6,14c0-0.1-0.1-0.1-0.1-0.2C5.4,13.7,5.4,13.6,5.4,13.6z M12.1,10.8c-1.6,0-2.7,1.4-2.7,2.9s1.4,2.7,2.9,2.7
 		c1.5,0,2.7-1.4,2.7-2.9C15,12,13.6,10.8,12.1,10.8z"/>
 	<path class="st0" d="M12.2,12.1c0.8,0,1.5,0.6,1.5,1.5c0,0.8-0.6,1.6-1.6,1.6c-0.8,0-1.5-0.6-1.5-1.5
 		C10.7,12.8,11.3,12.1,12.2,12.1z"/>
 </g>
 </svg>
--- a/pandora_console/include/class/ConsoleSupervisor.php
+++ b/pandora_console/include/class/ConsoleSupervisor.php
@ -256,6 +256,7 @@ class ConsoleSupervisor
        /*
         * Check if performance variables are corrects
         */
        $this->checkPerformanceVariables();
        /*
@ -289,6 +290,12 @@ class ConsoleSupervisor
         */
        $this->checkMYSQLSettings();
        /*
         * Check log alerts version
         */
        $this->checkLogAlerts();
    }
@ -3106,4 +3113,32 @@ class ConsoleSupervisor
    }
    /**
     * Checks log alerts version.
     *
     * @return void
     */
    public function checkLogAlerts()
    {
        global $config;
        if ((bool) check_acl($config['id_user'], 0, 'LM') === true) {
            $current_package = (int) $config['current_package'];
            if ($current_package >= 774 && $current_package <= 777) {
                $url = '__url__index.php?sec=galertas&sec2=enterprise/godmode/alerts/event_alerts';
                $this->notify(
                    [
                        'type'    => 'NOTIF.LOG.ALERT',
                        'title'   => __('Alert correlation changed since version 774'),
                        'message' => __('Log correlation and log correlation with events will be disabled in this update. Some event correlation alerts may need to be modified to adapt to the new format'),
                        'url'     => $url,
                    ]
                );
            } else {
                $this->cleanNotifications('NOTIF.LOG.ALERT');
            }
        }
    }
 }
--- a/pandora_console/include/constants.php
+++ b/pandora_console/include/constants.php
@ -441,6 +441,7 @@ define('SERVER_TYPE_ALERT', 21);
 define('SERVER_TYPE_CORRELATION', 22);
 define('SERVER_TYPE_NCM', 23);
 define('SERVER_TYPE_NETFLOW', 24);
 define('SERVER_TYPE_LOG', 25);
 // REPORTS.
 define('REPORT_TOP_N_MAX', 1);
@ -887,3 +888,8 @@ define('HOME_SCREEN_ALERT_DETAIL', 'alert_detail');
 define('HOME_SCREEN_EXTERNAL_LINK', 'external_link');
 define('HOME_SCREEN_OTHER', 'other');
 define('HOME_SCREEN_DASHBOARD', 'dashboard');
 // Alert correlation.
 define('EVENT_ALERTS', 1);
 define('LOG_ALERTS', 2);
--- a/pandora_console/include/functions_servers.php
+++ b/pandora_console/include/functions_servers.php
@ -906,7 +906,7 @@ function servers_get_info($id_server=-1, $sql_limit=-1)
                    'images/logs@svg.svg',
                    true,
                    [
-                        'title' => __('Log server'),
+                        'title' => __('Syslog server'),
                        'class' => 'main_menu_icon invert_filter',
                    ]
                );
@ -979,6 +979,19 @@ function servers_get_info($id_server=-1, $sql_limit=-1)
                $id_modulo = 0;
            break;
            case SERVER_TYPE_LOG:
                $server['img'] = html_print_image(
                    'images/log_server.svg',
                    true,
                    [
                        'title' => __('Log server'),
                        'class' => 'main_menu_icon invert_filter',
                    ]
                );
                $server['type'] = 'log';
                $id_modulo = 0;
            break;
            default:
                $server['img'] = '';
                $server['type'] = 'unknown';
--- a/pandora_console/pandoradb.sql
+++ b/pandora_console/pandoradb.sql
@ -3131,6 +3131,110 @@ CREATE TABLE IF NOT EXISTS `tevent_alert_action` (
 ) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
 -- -----------------------------------------------------
 -- Table `tlog_alert`
 -- -----------------------------------------------------
 CREATE TABLE IF NOT EXISTS `tlog_alert` (
  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
  `name` TEXT ,
  `description` MEDIUMTEXT,
  `order` INT UNSIGNED DEFAULT 0,
  `mode` ENUM('PASS','DROP'),
  `field1` TEXT ,
  `field2` TEXT ,
  `field3` TEXT ,
  `field4` TEXT ,
  `field5` TEXT ,
  `field6` TEXT ,
  `field7` TEXT ,
  `field8` TEXT ,
  `field9` TEXT ,
  `field10` TEXT ,
  `time_threshold` INT NOT NULL DEFAULT 86400,
  `max_alerts` INT UNSIGNED NOT NULL DEFAULT 1,
  `min_alerts` INT UNSIGNED NOT NULL DEFAULT 0,
  `time_from` time DEFAULT '00:00:00',
  `time_to` time DEFAULT '00:00:00',
  `monday` TINYINT DEFAULT 1,
  `tuesday` TINYINT DEFAULT 1,
  `wednesday` TINYINT DEFAULT 1,
  `thursday` TINYINT DEFAULT 1,
  `friday` TINYINT DEFAULT 1,
  `saturday` TINYINT DEFAULT 1,
  `sunday` TINYINT DEFAULT 1,
  `recovery_notify` TINYINT DEFAULT 0,
  `field1_recovery` TEXT,
  `field2_recovery` TEXT,
  `field3_recovery` TEXT,
  `field4_recovery` TEXT,
  `field5_recovery` TEXT,
  `field6_recovery` TEXT,
  `field7_recovery` TEXT,
  `field8_recovery` TEXT,
  `field9_recovery` TEXT,
  `field10_recovery` TEXT,
  `id_group` MEDIUMINT UNSIGNED NULL DEFAULT 0,
  `internal_counter` INT DEFAULT 0,
  `last_fired` BIGINT NOT NULL DEFAULT 0,
  `last_reference` BIGINT NOT NULL DEFAULT 0,
  `times_fired` INT NOT NULL DEFAULT 0,
  `disabled` TINYINT DEFAULT 0,
  `standby` TINYINT DEFAULT 0,
  `priority` TINYINT DEFAULT 0,
  `force_execution` TINYINT DEFAULT 0,
  `group_by` enum ('','id_agente','id_agentmodule','id_alert_am','id_grupo') DEFAULT '',
  `special_days` TINYINT DEFAULT 0,
  `disable_event` TINYINT DEFAULT 0,
  `id_template_conditions` INT UNSIGNED NOT NULL DEFAULT 0,
  `id_template_fields` INT UNSIGNED NOT NULL DEFAULT 0,
  `last_evaluation` BIGINT NOT NULL DEFAULT 0,
  `pool_occurrences` INT UNSIGNED NOT NULL DEFAULT 0,
  `schedule` TEXT,
  PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
 -- -----------------------------------------------------
 -- Table `tlog_rule`
 -- -----------------------------------------------------
 CREATE TABLE IF NOT EXISTS `tlog_rule` (
  `id_log_rule` INT UNSIGNED NOT NULL AUTO_INCREMENT,
  `id_log_alert` INT UNSIGNED NOT NULL,
  `operation` ENUM('NOP', 'AND','OR','XOR','NAND','NOR','NXOR'),
  `order` INT UNSIGNED DEFAULT 0,
  `window` INT NOT NULL DEFAULT 0,
  `count` INT NOT NULL DEFAULT 1,
  `name` TEXT,
  `log_content` TEXT,
  `log_source` TEXT,
  `log_agent` TEXT,
  `operator_log_content` TEXT COMMENT 'Operator for log_content',
  `operator_log_source` TEXT COMMENT 'Operator for log_source',
  `operator_log_agent` TEXT COMMENT 'Operator for log_agent',
  PRIMARY KEY  (`id_log_rule`),
  KEY `idx_id_log_alert` (`id_log_alert`)
 ) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
 -- -----------------------------------------------------
 -- Table `tevent_alert_action`
 -- -----------------------------------------------------
 CREATE TABLE IF NOT EXISTS `tlog_alert_action` (
  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
  `id_log_alert` INT UNSIGNED NOT NULL,
  `id_alert_action` INT UNSIGNED NOT NULL,
  `fires_min` INT UNSIGNED DEFAULT 0,
  `fires_max` INT UNSIGNED DEFAULT 0,
  `module_action_threshold` INT NOT NULL DEFAULT 0,
  `last_execution` BIGINT NOT NULL DEFAULT 0,
  PRIMARY KEY (`id`),
  FOREIGN KEY (`id_log_alert`) REFERENCES tlog_alert(`id`)
    ON DELETE CASCADE ON UPDATE CASCADE,
  FOREIGN KEY (`id_alert_action`) REFERENCES talert_actions(`id`)
    ON DELETE CASCADE ON UPDATE CASCADE
 ) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
 -- -----------------------------------------------------
 -- Table `tmodule_synth`
 -- -----------------------------------------------------
--- a/pandora_server/conf/pandora_server.conf.new
+++ b/pandora_server/conf/pandora_server.conf.new
@ -477,26 +477,30 @@ export_threads 1
 eventserver 0
-# Enable (1) or disable (0) Pandora FMS Correlation Server (PANDORA FMS ENTERPRISE ONLY).
+# Number of threads for the Event Server (PANDORA FMS ENTERPRISE ONLY).
-correlationserver 0
+eventserver_threads 1
-# Time in seconds to re-evaluate correlation alerts pool (PANDORA FMS ENTERPRISE ONLY).
+# Event alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
 correlation_threshold 30
 # Correlated alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
 event_window 3600
-# Correlated Alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
+# Enable (1) or disable (0) Pandora FMS Log Server (PANDORA FMS ENTERPRISE ONLY).
 logserver 0
 # Number of threads for the Log Server (PANDORA FMS ENTERPRISE ONLY).
 logserver_threads 1
 # Event alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
 log_window 3600
 # Pre-load windows on start with available information. (PANDORA FMS ENTERPRISE ONLY).
 #preload_windows 0
-# Correlated Alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
+# Event alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
 #event_server_cache_ttl 10
 # Log retrieving, items per request. (High values could make elasticsearch crash)
--- a/pandora_server/conf/pandora_server_sec.conf.template
+++ b/pandora_server/conf/pandora_server_sec.conf.template
@ -470,26 +470,30 @@ export_threads 1
 eventserver 0
-# Enable (1) or disable (0) Pandora FMS Correlation Server (PANDORA FMS ENTERPRISE ONLY).
+# Number of threads for the Event Server (PANDORA FMS ENTERPRISE ONLY).
-correlationserver 0
+eventserver_threads 1
-# Time in seconds to re-evaluate correlation alerts pool (PANDORA FMS ENTERPRISE ONLY).
+# Event alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
 correlation_threshold 30
 # Correlated alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
 event_window 3600
-# Correlated Alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
+# Enable (1) or disable (0) Pandora FMS Log Server (PANDORA FMS ENTERPRISE ONLY).
 logserver 0
 # Number of threads for the Log Server (PANDORA FMS ENTERPRISE ONLY).
 logserver_threads 1
 # Log alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
 log_window 3600
 # Pre-load windows on start with available information. (PANDORA FMS ENTERPRISE ONLY).
 #preload_windows 0
-# Correlated Alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
+# Event alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
 #event_server_cache_ttl 10
 # Log retrieving, items per request. (High values could make elasticsearch crash)
--- a/pandora_server/lib/PandoraFMS/Config.pm
+++ b/pandora_server/lib/PandoraFMS/Config.pm
@ -297,8 +297,9 @@ sub pandora_load_config {
 	$pa_config->{"google_maps_description"} = 0;
 	$pa_config->{'openstreetmaps_description'} = 0;
 	$pa_config->{"eventserver"} = 1; # 4.0
-	$pa_config->{"correlationserver"} = 0; # 757
+	$pa_config->{"eventserver_threads"} = 1; # 4.0
-	$pa_config->{"correlation_threshold"} = 30; # 757
+	$pa_config->{"logserver"} = 1; # 7.774
 	$pa_config->{"logserver_threads"} = 1; # 7.774
 	$pa_config->{"event_window"} = 3600; # 4.0
 	$pa_config->{"log_window"} = 3600; # 7.741
 	$pa_config->{"elastic_query_size"} = 10; # 7.754 Elements per request (ELK)
@ -803,14 +804,17 @@ sub pandora_load_config {
 				$pa_config->{"transactional_pool"} = $pa_config->{"incomingdir"} . "/" . $tbuf;
 			}
 		}
-		elsif ($parametro =~ m/^eventserver\s+([0-9]*)/i) {
+		elsif ($parametro =~ m/^eventserver\s+([0-1])/i) {
 			$pa_config->{'eventserver'}= clean_blank($1);
 		}
-		elsif ($parametro =~ m/^correlationserver\s+([0-9]*)/i) {
+		elsif ($parametro =~ m/^eventserver_threads\s+([0-9]*)/i) {
-			$pa_config->{'correlationserver'}= clean_blank($1);
+			$pa_config->{'eventserver_threads'}= clean_blank($1);
 		}
-		elsif ($parametro =~ m/^correlation_threshold\s+([0-9]*)/i) {
+		elsif ($parametro =~ m/^logserver\s+([0-1])/i) {
-			$pa_config->{'correlation_threshold'}= clean_blank($1);
+			$pa_config->{'logserver'}= clean_blank($1);
 		}
 		elsif ($parametro =~ m/^logserver_threads\s+([0-9]*)/i) {
 			$pa_config->{'logserver_threads'}= clean_blank($1);
 		}
 		elsif ($parametro =~ m/^icmpserver\s+([0-9]*)/i) {
 			$pa_config->{'icmpserver'}= clean_blank($1);
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@ -313,6 +313,7 @@ our @ServerTypes = qw (
 	icmpserver
 	snmpserver
 	satelliteserver
 	transactionalserver
 	mfserver
 	syncserver
 	wuxserver
@ -323,6 +324,7 @@ our @ServerTypes = qw (
 	correlationserver
 	ncmserver
 	netflowserver
 	logserver
 );
 our @AlertStatus = ('Execute the alert', 'Do not execute the alert', 'Do not execute the alert, but increment its internal counter', 'Cease the alert', 'Recover the alert', 'Reset internal counter');
@ -804,9 +806,9 @@ Process an alert given the status returned by pandora_evaluate_alert.
 =cut
 ##########################################################################
-sub pandora_process_alert ($$$$$$$$;$$) {
+sub pandora_process_alert ($$$$$$$$;$) {
 	my ($pa_config, $data, $agent, $module, $alert, $rc, $dbh, $timestamp,
-			$extra_macros, $is_correlated_alert) = @_;
+			$extra_macros) = @_;
 	if (defined ($agent)) {
 		logger ($pa_config, "Processing alert '" . safe_output($alert->{'name'}) . "' for agent '" . safe_output($agent->{'nombre'}) . "': " . (defined ($AlertStatus[$rc]) ? $AlertStatus[$rc] : 'Unknown status') . ".", 10);
@ -820,9 +822,15 @@ sub pandora_process_alert ($$$$$$$$;$$) {
 	if (defined ($alert->{'id_template_module'})) {
 		$id = $alert->{'id_template_module'};
 		$table = 'talert_template_modules';
-	} else {
+	} elsif (defined ($alert->{'_log_alert'})) {
 		$id = $alert->{'id'};
 		$table = 'tlog_alert';
 	} elsif (defined ($alert->{'_event_alert'})) {
 		$id = $alert->{'id'};
 		$table = 'tevent_alert';
 	} else {
 		logger($pa_config, "pandora_process_alert received invalid data", 10);
 		return;
 	}
 	# Do not execute
@ -874,10 +882,10 @@ sub pandora_process_alert ($$$$$$$$;$$) {
 		if ($pa_config->{'alertserver'} == 1 || $pa_config->{'alertserver_queue'} == 1) {
 			pandora_queue_alert($pa_config, $dbh, [$data, $agent, $module,
-				$alert, 0, $timestamp, 0, $extra_macros, $is_correlated_alert]);
+				$alert, 0, $timestamp, 0, $extra_macros]);
 		} else {
 			pandora_execute_alert ($pa_config, $data, $agent, $module, $alert, 0, $dbh,
-				$timestamp, 0, $extra_macros, $is_correlated_alert);
+				$timestamp, 0, $extra_macros);
 		}
 		return;
 	}
@ -920,10 +928,10 @@ sub pandora_process_alert ($$$$$$$$;$$) {
 		if ($pa_config->{'alertserver'} == 1 || $pa_config->{'alertserver_queue'} == 1) {
 			pandora_queue_alert($pa_config, $dbh, [$data, $agent, $module,
-				$alert, 1, $timestamp, 0, $extra_macros, $is_correlated_alert]);
+				$alert, 1, $timestamp, 0, $extra_macros]);
 		} else {
 			pandora_execute_alert ($pa_config, $data, $agent, $module, $alert, 1,
-				$dbh, $timestamp, 0, $extra_macros, $is_correlated_alert);
+				$dbh, $timestamp, 0, $extra_macros);
 		}
 		return;
 	}
@ -939,7 +947,7 @@ Execute the given alert.
 sub pandora_execute_alert {
 	my ($pa_config, $data, $agent, $module,
 		$alert, $alert_mode, $dbh, $timestamp, $forced_alert,
-		$extra_macros, $is_correlated_alert) = @_;
+		$extra_macros) = @_;
 	# 'in-process' events can inhibit alers too.
 	if ($pa_config->{'event_inhibit_alerts'} == 1 && $alert_mode != RECOVERED_ALERT) {
@ -1029,7 +1037,7 @@ sub pandora_execute_alert {
 		}
 	}
 	# Event alert
-	else {
+	elsif (defined($alert->{'_event_alert'})) {
 		if ($alert_mode == RECOVERED_ALERT) {
 			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tevent_alert_action.*, talert_actions.*, talert_commands.*
 						FROM tevent_alert_action, talert_actions, talert_commands
@ -1060,6 +1068,38 @@ sub pandora_execute_alert {
 						$alert->{'id_alert_action'});
 		}
 	}
 	# Log alert.
 	elsif (defined($alert->{'_log_alert'})) {
 		if ($alert_mode == RECOVERED_ALERT) {
 			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tlog_alert_action.*, talert_actions.*, talert_commands.*
 						FROM tlog_alert_action, talert_actions, talert_commands
 						WHERE tlog_alert_action.id_alert_action = talert_actions.id
 						AND talert_actions.id_alert_command = talert_commands.id
 						AND tlog_alert_action.id_log_alert = ?
 						AND ((fires_min = 0 AND fires_max = 0)
 						OR ? >= fires_min)',
 						$alert->{'id'}, $alert->{'times_fired'});
 		} else {
 			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tlog_alert_action.*, talert_actions.*, talert_commands.*
 						FROM tlog_alert_action, talert_actions, talert_commands
 						WHERE tlog_alert_action.id_alert_action = talert_actions.id
 						AND talert_actions.id_alert_command = talert_commands.id
 						AND tlog_alert_action.id_log_alert = ?
 						AND ((fires_min = 0 AND fires_max = 0)
 						OR (fires_min <= fires_max AND ? >= fires_min AND ? <= fires_max)
 						OR (fires_min > fires_max AND ? >= fires_min))', 
 						$alert->{'id'}, $alert->{'times_fired'}, $alert->{'times_fired'}, $alert->{'times_fired'});
 		}
 		# Get default action
 		if ($#actions < 0) {
 			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, talert_actions.*, talert_commands.*
 						FROM talert_actions, talert_commands
 						WHERE talert_actions.id = ?
 						AND talert_actions.id_alert_command = talert_commands.id',
 						$alert->{'id_alert_action'});
 		}
 	}
 	# No actions defined
 	if ($#actions < 0) {
@ -1148,8 +1188,33 @@ sub pandora_execute_alert {
 		#If we've spotted an alert recovered, we set the new event's severity to 2 (NORMAL), otherwise the original value is maintained.
 		my ($text, $event, $severity) = ($alert_mode == RECOVERED_ALERT) ? ('recovered', 'alert_recovered', 2) : ('fired', 'alert_fired', $alert->{'priority'});
-		if (defined($is_correlated_alert) && $is_correlated_alert == 1) {
+		if (defined($alert->{'_event_alert'})) {
-			$text = "Correlated alert $text";
+			$text = "Event alert $text";
 			pandora_event (
 				$pa_config,
 				"$text (" . safe_output($alert->{'name'}) . ") ",
 				(defined ($agent) ? $agent->{'id_grupo'} : 0),
 				# id agent.
 				0,
 				$severity,
 				(defined ($alert->{'id_template_module'}) ? $alert->{'id_template_module'} : 0),
 				# id agent module.
 				0,
 				$event,
 				0,
 				$dbh,
 				'monitoring_server',
 				'',
 				'',
 				'',
 				'',
 				$critical_instructions,
 				$warning_instructions,
 				$unknown_instructions,
 				p_encode_json($pa_config, $custom_data)
 			);
 		} elsif (defined($alert->{'_log_alert'})) {
 			$text = "Log alert $text";
 			pandora_event (
 				$pa_config,
 				"$text (" . safe_output($alert->{'name'}) . ") ",
--- a/pandora_server/lib/PandoraFMS/Tools.pm
+++ b/pandora_server/lib/PandoraFMS/Tools.pm
@ -67,7 +67,6 @@ our @EXPORT = qw(
 	INVENTORYSERVER
 	WEBSERVER
 	EVENTSERVER
 	CORRELATIONSERVER
 	ICMPSERVER
 	SNMPSERVER
 	SATELLITESERVER
@ -79,6 +78,7 @@ our @EXPORT = qw(
 	MIGRATIONSERVER
 	NCMSERVER
 	NETFLOWSERVER
 	LOGSERVER
 	METACONSOLE_LICENSE
 	OFFLINE_LICENSE
 	DISCOVERY_HOSTDEVICES
@ -205,9 +205,10 @@ use constant SYSLOGSERVER => 18;
 use constant PROVISIONINGSERVER => 19;
 use constant MIGRATIONSERVER => 20;
 use constant ALERTSERVER => 21;
-use constant CORRELATIONSERVER => 22;
+use constant CORRELATIONSERVER => 22; # Deprecated.
 use constant NCMSERVER => 23;
 use constant NETFLOWSERVER => 24;
 use constant LOGSERVER => 25;
 # Module status
 use constant MODULE_NORMAL => 0;
@ -2974,6 +2975,7 @@ sub get_server_name {
 	return "CORRELATIONSERVER" if ($server_type eq CORRELATIONSERVER);
 	return "NCMSERVER" if ($server_type eq NCMSERVER);
 	return "NETFLOWSERVER" if ($server_type eq NETFLOWSERVER);
 	return "LOGSERVER" if ($server_type eq LOGSERVER);
 	return "UNKNOWN";
 }