From f0791cbd4f7a120d7f951a550bf51784da801ad6 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Fri, 27 Aug 2021 15:07:14 +0200
Subject: [PATCH 01/14] WIP CorrelationServer

---
 pandora_console/extras/mr/49.sql                     |  3 +++
 .../extras/pandoradb_migrate_6.0_to_7.0.mysql.sql    |  2 ++
 pandora_console/pandoradb.sql                        |  2 ++
 pandora_console/pandoradb_data.sql                   |  4 ++--
 pandora_server/conf/pandora_server.conf.new          | 12 ++++++++++++
 pandora_server/lib/PandoraFMS/Config.pm              |  4 ++++
 pandora_server/lib/PandoraFMS/Tools.pm               |  2 ++
 7 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/pandora_console/extras/mr/49.sql b/pandora_console/extras/mr/49.sql
index 68de9070ed..6d1108f2e5 100644
--- a/pandora_console/extras/mr/49.sql
+++ b/pandora_console/extras/mr/49.sql
@@ -3,4 +3,7 @@ START TRANSACTION;
 UPDATE `tconfig` set value = 'Lato-Regular.ttf' WHERE token LIKE 'custom_report_front_font';
 UPDATE `tconfig` set value = 'Lato-Regular.ttf' WHERE token LIKE 'fontpath';
 
+ALTER TABLE `tevent_alert` ADD COLUMN `last_evaluation` bigint(20) NOT NULL default 0;
+ALTER TABLE `tevent_alert` ADD COLUMN `pool_occurrences` int unsigned not null default 0;
+
 COMMIT;
diff --git a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql
index 6c130bd6a5..c1f82a79bc 100644
--- a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql
+++ b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql
@@ -710,6 +710,8 @@ CREATE TABLE IF NOT EXISTS `tevent_alert` (
 ALTER TABLE `tevent_alert` ADD COLUMN `special_days` tinyint(1) default 0;
 ALTER TABLE `tevent_alert` MODIFY COLUMN `time_threshold` int(10) NOT NULL default 86400;
 ALTER TABLE `tevent_alert` ADD COLUMN `disable_event` tinyint(1) DEFAULT 0;
+ALTER TABLE `tevent_alert` ADD COLUMN `last_evaluation` bigint(20) NOT NULL default 0;
+ALTER TABLE `tevent_alert` ADD COLUMN `pool_occurrences` int unsigned not null default 0;
 
 -- -----------------------------------------------------
 -- Table `tevent_alert_action`
diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql
index 3b49b2b97e..ea4bd00d56 100644
--- a/pandora_console/pandoradb.sql
+++ b/pandora_console/pandoradb.sql
@@ -3012,6 +3012,8 @@ CREATE TABLE IF NOT EXISTS `tevent_alert` (
 	`group_by` enum ('','id_agente','id_agentmodule','id_alert_am','id_grupo') default '',
 	`special_days` tinyint(1) default 0,
 	`disable_event` tinyint(1) default 0,
+	`last_evaluation` bigint(20) NOT NULL default 0,
+	`pool_occurrences` int unsigned not null default 0,
 	PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
diff --git a/pandora_console/pandoradb_data.sql b/pandora_console/pandoradb_data.sql
index 738eb1f5f6..7db6e226df 100644
--- a/pandora_console/pandoradb_data.sql
+++ b/pandora_console/pandoradb_data.sql
@@ -109,10 +109,10 @@ INSERT INTO `tconfig` (`token`, `value`) VALUES
 ('custom_report_front_logo', 'images/pandora_logo_white.jpg'),
 ('custom_report_front_header', ''),
 ('custom_report_front_footer', ''),
-('MR', 48),
+('MR', 49),
 ('identification_reminder', 1),
 ('identification_reminder_timestamp', 0),
-('current_package', 756),
+('current_package', 757),
 ('post_process_custom_values', '{"0.00000038580247":"Seconds&#x20;to&#x20;months","0.00000165343915":"Seconds&#x20;to&#x20;weeks","0.00001157407407":"Seconds&#x20;to&#x20;days","0.01666666666667":"Seconds&#x20;to&#x20;minutes","0.00000000093132":"Bytes&#x20;to&#x20;Gigabytes","0.00000095367432":"Bytes&#x20;to&#x20;Megabytes","0.00097656250000":"Bytes&#x20;to&#x20;Kilobytes","0.00000001653439":"Timeticks&#x20;to&#x20;weeks","0.00000011574074":"Timeticks&#x20;to&#x20;days"}'),
 ('custom_docs_logo', 'default_docs.png'),
 ('custom_support_logo', 'default_support.png'),
diff --git a/pandora_server/conf/pandora_server.conf.new b/pandora_server/conf/pandora_server.conf.new
index 6cc743999b..a3a930c5d6 100644
--- a/pandora_server/conf/pandora_server.conf.new
+++ b/pandora_server/conf/pandora_server.conf.new
@@ -478,6 +478,18 @@ export_threads 1
 
 eventserver 0
 
+# Enable (1) or disable (0) Pandora FMS Correlation Server (PANDORA FMS ENTERPRISE ONLY).
+
+correlationserver 0
+
+# Number of threads for Correlation Server (PANDORA FMS ENTERPRISE ONLY).
+
+correlation_threads 1
+
+# Time in seconds to re-evaluate correlation alerts pool (PANDORA FMS ENTERPRISE ONLY).
+
+correlation_threshold 30
+
 # Correlated alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
 
 event_window 3600
diff --git a/pandora_server/lib/PandoraFMS/Config.pm b/pandora_server/lib/PandoraFMS/Config.pm
index a0b3566581..718b3e6b60 100644
--- a/pandora_server/lib/PandoraFMS/Config.pm
+++ b/pandora_server/lib/PandoraFMS/Config.pm
@@ -303,6 +303,7 @@ sub pandora_load_config {
 	$pa_config->{"google_maps_description"} = 0;
 	$pa_config->{'openstreetmaps_description'} = 0;
 	$pa_config->{"eventserver"} = 1; # 4.0
+	$pa_config->{"correlationserver"} = 1; # 757
 	$pa_config->{"event_window"} = 3600; # 4.0
 	$pa_config->{"log_window"} = 3600; # 7.741
 	$pa_config->{"elastic_query_size"} = 10; # 7.754 Elements per request (ELK)
@@ -787,6 +788,9 @@ sub pandora_load_config {
 		elsif ($parametro =~ m/^eventserver\s+([0-9]*)/i) {
 			$pa_config->{'eventserver'}= clean_blank($1);
 		}
+		elsif ($parametro =~ m/^correlationserver\s+([0-9]*)/i) {
+			$pa_config->{'correlationserver'}= clean_blank($1);
+		}
 		elsif ($parametro =~ m/^icmpserver\s+([0-9]*)/i) {
 			$pa_config->{'icmpserver'}= clean_blank($1);
 		}
diff --git a/pandora_server/lib/PandoraFMS/Tools.pm b/pandora_server/lib/PandoraFMS/Tools.pm
index f499c39f38..7fcca66b85 100755
--- a/pandora_server/lib/PandoraFMS/Tools.pm
+++ b/pandora_server/lib/PandoraFMS/Tools.pm
@@ -67,6 +67,7 @@ our @EXPORT = qw(
 	INVENTORYSERVER
 	WEBSERVER
 	EVENTSERVER
+	CORRELATIONSERVER
 	ICMPSERVER
 	SNMPSERVER
 	SATELLITESERVER
@@ -191,6 +192,7 @@ use constant SYSLOGSERVER => 18;
 use constant PROVISIONINGSERVER => 19;
 use constant MIGRATIONSERVER => 20;
 use constant ALERTSERVER => 21;
+use constant CORRELATIONSERVER => 22;
 
 # Module status
 use constant MODULE_NORMAL => 0;

From e075c8339d37ccf81960e014ac7ed1a1f0db4c47 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Wed, 1 Sep 2021 17:56:14 +0200
Subject: [PATCH 02/14] CorrelationServer rc1

---
 pandora_server/lib/PandoraFMS/Config.pm |  4 ++
 pandora_server/lib/PandoraFMS/Core.pm   | 64 ++++++++++++++++++++-----
 pandora_server/lib/PandoraFMS/DB.pm     |  2 +-
 pandora_server/lib/PandoraFMS/Tools.pm  |  1 +
 4 files changed, 57 insertions(+), 14 deletions(-)

diff --git a/pandora_server/lib/PandoraFMS/Config.pm b/pandora_server/lib/PandoraFMS/Config.pm
index 718b3e6b60..f9b86637b0 100644
--- a/pandora_server/lib/PandoraFMS/Config.pm
+++ b/pandora_server/lib/PandoraFMS/Config.pm
@@ -304,6 +304,7 @@ sub pandora_load_config {
 	$pa_config->{'openstreetmaps_description'} = 0;
 	$pa_config->{"eventserver"} = 1; # 4.0
 	$pa_config->{"correlationserver"} = 1; # 757
+	$pa_config->{"correlation_threshold"} = 30; # 757
 	$pa_config->{"event_window"} = 3600; # 4.0
 	$pa_config->{"log_window"} = 3600; # 7.741
 	$pa_config->{"elastic_query_size"} = 10; # 7.754 Elements per request (ELK)
@@ -791,6 +792,9 @@ sub pandora_load_config {
 		elsif ($parametro =~ m/^correlationserver\s+([0-9]*)/i) {
 			$pa_config->{'correlationserver'}= clean_blank($1);
 		}
+		elsif ($parametro =~ m/^correlation_threshold\s+([0-9]*)/i) {
+			$pa_config->{'correlation_threshold'}= clean_blank($1);
+		}
 		elsif ($parametro =~ m/^icmpserver\s+([0-9]*)/i) {
 			$pa_config->{'icmpserver'}= clean_blank($1);
 		}
diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm
index 6f4e16e9fe..7bfcd5ce35 100644
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@@ -278,7 +278,31 @@ our @EXPORT = qw(
 
 # Some global variables
 our @DayNames = qw(sunday monday tuesday wednesday thursday friday saturday);
-our @ServerTypes = qw (dataserver networkserver snmpconsole reconserver pluginserver predictionserver wmiserver exportserver inventoryserver webserver eventserver icmpserver snmpserver satelliteserver transactionalserver mfserver syncserver wuxserver syslogserver provisioningserver migrationserver);
+our @ServerTypes = qw (
+	dataserver
+	networkserver
+	snmpconsole
+	reconserver
+	pluginserver
+	predictionserver
+	wmiserver
+	exportserver
+	inventoryserver
+	webserver
+	eventserver
+	icmpserver
+	snmpserver
+	satelliteserver
+	transactionalserver
+	mfserver
+	syncserver
+	wuxserver
+	syslogserver
+	provisioningserver
+	migrationserver
+	alertserver
+	correlationserver
+);
 our @AlertStatus = ('Execute the alert', 'Do not execute the alert', 'Do not execute the alert, but increment its internal counter', 'Cease the alert', 'Recover the alert', 'Reset internal counter');
 
 # Event storm protection (no alerts or events)
@@ -624,19 +648,33 @@ sub pandora_evaluate_alert ($$$$$$$;$$$$) {
 	}
 	# Correlated alert
 	else {
-		my $rc = enterprise_hook (
-			'evaluate_correlated_alert',
-			[
-				$pa_config,
-				$dbh,
-				$alert,
-				$correlatedItems,
-				$event,
-				$log
-			]
-		);
+		if (defined($data)) {
+			# Data contains the number of occurrences of correlated alert.
+			if ($data < $alert->{'pool_occurrences'}) {
+				# Less occurrences than previous execution, recovered.
+				# 4 Recover the alert
+				return 4;
+			} elsif ($data eq $alert->{'pool_occurrences'}) {
+				# Same occurrences as previous execution, nothing new, but present in pool.
+				# 1 Do not execute the alert.
+				return 1;
+			}
 
-		return $status unless (defined ($rc) && $rc == 1);
+		} else {
+			my $rc = enterprise_hook (
+				'evaluate_correlated_alert',
+				[
+					$pa_config,
+					$dbh,
+					$alert,
+					$correlatedItems,
+					$event,
+					$log
+				]
+			);
+
+			return $status unless (defined ($rc) && $rc == 1);
+		}
 	}
 	
 	# Check min and max alert limits
diff --git a/pandora_server/lib/PandoraFMS/DB.pm b/pandora_server/lib/PandoraFMS/DB.pm
index 1f53cb228b..26d8338f17 100644
--- a/pandora_server/lib/PandoraFMS/DB.pm
+++ b/pandora_server/lib/PandoraFMS/DB.pm
@@ -917,7 +917,7 @@ sub get_db_value_limit ($$$;@) {
 
 ##########################################################################
 ## Get a single row returned by an SQL query as a hash reference. Returns
-## -1 on error.
+## hash or undef on error.
 ##########################################################################
 sub get_db_single_row ($$;@) {
 	my ($dbh, $query, @values) = @_;
diff --git a/pandora_server/lib/PandoraFMS/Tools.pm b/pandora_server/lib/PandoraFMS/Tools.pm
index 7fcca66b85..1e489fb084 100755
--- a/pandora_server/lib/PandoraFMS/Tools.pm
+++ b/pandora_server/lib/PandoraFMS/Tools.pm
@@ -2524,6 +2524,7 @@ sub get_server_name {
 	return "PROVISIONINGSERVER" if ($server_type eq PROVISIONINGSERVER);
 	return "MIGRATIONSERVER" if ($server_type eq MIGRATIONSERVER);
 	return "ALERTSERVER" if ($server_type eq ALERTSERVER);
+	return "CORRELATIONSERVER" if ($server_type eq CORRELATIONSERVER);
 
 	return "UNKNOWN";
 }

From df95cbf960e8954ed161ab71c97aed5ecc234d9d Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Wed, 1 Sep 2021 21:10:11 +0200
Subject: [PATCH 03/14] Minor changes

---
 pandora_server/lib/PandoraFMS/Core.pm | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm
index 7bfcd5ce35..7512de0cfd 100644
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@@ -651,14 +651,17 @@ sub pandora_evaluate_alert ($$$$$$$;$$$$) {
 		if (defined($data)) {
 			# Data contains the number of occurrences of correlated alert.
 			if ($data < $alert->{'pool_occurrences'}) {
-				# Less occurrences than previous execution, recovered.
-				# 4 Recover the alert
-				return 4;
+				# Less occurrences than previous execution, alert ceased.
+				# 3 Alert ceased
+				return 3;
 			} elsif ($data eq $alert->{'pool_occurrences'}) {
 				# Same occurrences as previous execution, nothing new, but present in pool.
 				# 1 Do not execute the alert.
 				return 1;
-			}
+			} elsif ($data eq 0) {
+				# 4 Recover the alert
+				return 4;
+			} # else fire the alert, at the end of this sub.
 
 		} else {
 			my $rc = enterprise_hook (

From 6756c16c35f1ee4ac6987233bb022452998dcb22 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Thu, 2 Sep 2021 12:21:31 +0200
Subject: [PATCH 04/14] Added correlation server to server list

---
 .../godmode/servers/modificar_server.php            |  4 ++--
 pandora_console/include/constants.php               |  1 +
 pandora_console/include/functions_servers.php       | 13 +++++++++++++
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/pandora_console/godmode/servers/modificar_server.php b/pandora_console/godmode/servers/modificar_server.php
index d1ac51b279..d0bc6d791b 100644
--- a/pandora_console/godmode/servers/modificar_server.php
+++ b/pandora_console/godmode/servers/modificar_server.php
@@ -231,8 +231,8 @@ if (isset($_GET['server'])) {
 <script language="javascript" type="text/javascript">
 
 $(document).ready (function () {
-    var id_server = <?php echo $id_server; ?>;
-    var server_type = <?php echo $row['server_type']; ?>;
+    var id_server = '<?php echo $id_server; ?>';
+    var server_type = '<?php echo $row['server_type']; ?>';
     $("#check_exec_server img").on("click", function () {
         $("#check_exec_server img").attr("src", "images/spinner.gif");
 
diff --git a/pandora_console/include/constants.php b/pandora_console/include/constants.php
index f844d2f4b9..94ecaff5b5 100644
--- a/pandora_console/include/constants.php
+++ b/pandora_console/include/constants.php
@@ -424,6 +424,7 @@ define('SERVER_TYPE_SYSLOG', 18);
 define('SERVER_TYPE_AUTOPROVISION', 19);
 define('SERVER_TYPE_MIGRATION', 20);
 define('SERVER_TYPE_ALERT', 21);
+define('SERVER_TYPE_CORRELATION', 22);
 
 // REPORTS.
 define('REPORT_TOP_N_MAX', 1);
diff --git a/pandora_console/include/functions_servers.php b/pandora_console/include/functions_servers.php
index b8d7d4926c..5a7ff3156c 100644
--- a/pandora_console/include/functions_servers.php
+++ b/pandora_console/include/functions_servers.php
@@ -696,6 +696,19 @@ function servers_get_info($id_server=-1)
                 $id_modulo = 2;
             break;
 
+            case SERVER_TYPE_CORRELATION:
+                $server['img'] = html_print_image(
+                    'images/lightning_go.png',
+                    true,
+                    [
+                        'title' => __('Correlation server'),
+                        'class' => 'invert_filter',
+                    ]
+                );
+                $server['type'] = 'correlation';
+                $id_modulo = 0;
+            break;
+
             case SERVER_TYPE_ENTERPRISE_ICMP:
                 $server['img'] = html_print_image(
                     'images/network.png',

From d8b12233eddc4c7f0cecfade037102eba9236cad Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Thu, 2 Sep 2021 12:53:57 +0200
Subject: [PATCH 05/14] correlation_threads

---
 pandora_server/lib/PandoraFMS/Config.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pandora_server/lib/PandoraFMS/Config.pm b/pandora_server/lib/PandoraFMS/Config.pm
index f9b86637b0..ccb1c95836 100644
--- a/pandora_server/lib/PandoraFMS/Config.pm
+++ b/pandora_server/lib/PandoraFMS/Config.pm
@@ -304,6 +304,7 @@ sub pandora_load_config {
 	$pa_config->{'openstreetmaps_description'} = 0;
 	$pa_config->{"eventserver"} = 1; # 4.0
 	$pa_config->{"correlationserver"} = 1; # 757
+	$pa_config->{"correlation_threads"} = 1; # 757
 	$pa_config->{"correlation_threshold"} = 30; # 757
 	$pa_config->{"event_window"} = 3600; # 4.0
 	$pa_config->{"log_window"} = 3600; # 7.741
@@ -792,6 +793,9 @@ sub pandora_load_config {
 		elsif ($parametro =~ m/^correlationserver\s+([0-9]*)/i) {
 			$pa_config->{'correlationserver'}= clean_blank($1);
 		}
+		elsif ($parametro =~ m/^correlation_threads\s+([0-9]*)/i) {
+			$pa_config->{'correlation_threads'}= clean_blank($1);
+		}
 		elsif ($parametro =~ m/^correlation_threshold\s+([0-9]*)/i) {
 			$pa_config->{'correlation_threshold'}= clean_blank($1);
 		}

From ce3dce926a991647c514c878f2765c5696cfbdef Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Mon, 6 Sep 2021 18:14:58 +0200
Subject: [PATCH 06/14] use safe_output only when message is going to be used
 logger

---
 pandora_server/lib/PandoraFMS/Tools.pm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pandora_server/lib/PandoraFMS/Tools.pm b/pandora_server/lib/PandoraFMS/Tools.pm
index 1e489fb084..827c46cf80 100755
--- a/pandora_server/lib/PandoraFMS/Tools.pm
+++ b/pandora_server/lib/PandoraFMS/Tools.pm
@@ -780,12 +780,12 @@ sub md5check {
 sub logger ($$;$) {
 	my ($pa_config, $message, $level) = @_;
 
-	# Clean any string and ready to be printed in screen/file
-	$message = safe_output ($message);
-
 	$level = 1 unless defined ($level);
 	return if (!defined ($pa_config->{'verbosity'}) || $level > $pa_config->{'verbosity'});
 
+	# Clean any string and ready to be printed in screen/file
+	$message = safe_output ($message);
+
 	if (!defined($pa_config->{'log_file'})) {
 		print strftime ("%Y-%m-%d %H:%M:%S", localtime()) . " [V". $level ."] " . $message . "\n";
 		return;

From 6f50aed48dd1626ab72628a147cfc45d8b0b91a0 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Wed, 8 Sep 2021 19:48:20 +0200
Subject: [PATCH 07/14] Some improvements

---
 pandora_server/conf/pandora_server.conf.new | 4 ----
 pandora_server/lib/PandoraFMS/Config.pm     | 6 +-----
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/pandora_server/conf/pandora_server.conf.new b/pandora_server/conf/pandora_server.conf.new
index a3a930c5d6..8650ece15d 100644
--- a/pandora_server/conf/pandora_server.conf.new
+++ b/pandora_server/conf/pandora_server.conf.new
@@ -482,10 +482,6 @@ eventserver 0
 
 correlationserver 0
 
-# Number of threads for Correlation Server (PANDORA FMS ENTERPRISE ONLY).
-
-correlation_threads 1
-
 # Time in seconds to re-evaluate correlation alerts pool (PANDORA FMS ENTERPRISE ONLY).
 
 correlation_threshold 30
diff --git a/pandora_server/lib/PandoraFMS/Config.pm b/pandora_server/lib/PandoraFMS/Config.pm
index ccb1c95836..4dcaa193aa 100644
--- a/pandora_server/lib/PandoraFMS/Config.pm
+++ b/pandora_server/lib/PandoraFMS/Config.pm
@@ -303,8 +303,7 @@ sub pandora_load_config {
 	$pa_config->{"google_maps_description"} = 0;
 	$pa_config->{'openstreetmaps_description'} = 0;
 	$pa_config->{"eventserver"} = 1; # 4.0
-	$pa_config->{"correlationserver"} = 1; # 757
-	$pa_config->{"correlation_threads"} = 1; # 757
+	$pa_config->{"correlationserver"} = 0; # 757
 	$pa_config->{"correlation_threshold"} = 30; # 757
 	$pa_config->{"event_window"} = 3600; # 4.0
 	$pa_config->{"log_window"} = 3600; # 7.741
@@ -793,9 +792,6 @@ sub pandora_load_config {
 		elsif ($parametro =~ m/^correlationserver\s+([0-9]*)/i) {
 			$pa_config->{'correlationserver'}= clean_blank($1);
 		}
-		elsif ($parametro =~ m/^correlation_threads\s+([0-9]*)/i) {
-			$pa_config->{'correlation_threads'}= clean_blank($1);
-		}
 		elsif ($parametro =~ m/^correlation_threshold\s+([0-9]*)/i) {
 			$pa_config->{'correlation_threshold'}= clean_blank($1);
 		}

From b7879f8815a3a444ba4e54bfe88166ca92ad1864 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Mon, 27 Sep 2021 12:25:43 +0200
Subject: [PATCH 08/14] CorrelationServer with iterative evaluation

---
 pandora_server/lib/PandoraFMS/Core.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm
index fc26576910..16b01e90c9 100644
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@@ -812,7 +812,7 @@ sub pandora_process_alert ($$$$$$$$;$$) {
 		# Update alert status
 		$alert->{'times_fired'} += 1;
 		$alert->{'internal_counter'} += 1;
-		
+	print "Pium pium\n";
 		db_do($dbh, 'UPDATE ' . $table . ' SET times_fired = ?,
 				last_fired = ?, internal_counter = ? ' . $new_interval . ' WHERE id = ?',
 			$alert->{'times_fired'}, $utimestamp, $alert->{'internal_counter'}, $id);

From 198340332765b737235820829a82a9572574c1e9 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Mon, 27 Sep 2021 14:50:34 +0200
Subject: [PATCH 09/14] Some improvements

---
 pandora_server/lib/PandoraFMS/Core.pm | 45 +++++++++------------------
 1 file changed, 15 insertions(+), 30 deletions(-)

diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm
index 16b01e90c9..9690ad9c4c 100644
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@@ -648,36 +648,21 @@ sub pandora_evaluate_alert ($$$$$$$;$$$$) {
 	}
 	# Correlated alert
 	else {
-		if (defined($data)) {
-			# Data contains the number of occurrences of correlated alert.
-			if ($data < $alert->{'pool_occurrences'}) {
-				# Less occurrences than previous execution, alert ceased.
-				# 3 Alert ceased
-				return 3;
-			} elsif ($data eq $alert->{'pool_occurrences'}) {
-				# Same occurrences as previous execution, nothing new, but present in pool.
-				# 1 Do not execute the alert.
-				return 1;
-			} elsif ($data eq 0) {
-				# 4 Recover the alert
-				return 4;
-			} # else fire the alert, at the end of this sub.
+		my $rc = enterprise_hook (
+			'evaluate_correlated_alert',
+			[
+				$pa_config,
+				$dbh,
+				$alert,
+				$correlatedItems,
+				$event,
+				$log
+			]
+		);
 
-		} else {
-			my $rc = enterprise_hook (
-				'evaluate_correlated_alert',
-				[
-					$pa_config,
-					$dbh,
-					$alert,
-					$correlatedItems,
-					$event,
-					$log
-				]
-			);
-
-			return $status unless (defined ($rc) && $rc == 1);
-		}
+		return $status unless defined ($rc);
+		
+		return $rc unless $rc == 0;
 	}
 	
 	# Check min and max alert limits
@@ -812,7 +797,7 @@ sub pandora_process_alert ($$$$$$$$;$$) {
 		# Update alert status
 		$alert->{'times_fired'} += 1;
 		$alert->{'internal_counter'} += 1;
-	print "Pium pium\n";
+
 		db_do($dbh, 'UPDATE ' . $table . ' SET times_fired = ?,
 				last_fired = ?, internal_counter = ? ' . $new_interval . ' WHERE id = ?',
 			$alert->{'times_fired'}, $utimestamp, $alert->{'internal_counter'}, $id);

From 4f76a44ffa7a5bacb0a02ff64e89ec2e9c882b87 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Mon, 27 Sep 2021 15:12:20 +0200
Subject: [PATCH 10/14] Several fixes for correlation recovery

---
 pandora_server/lib/PandoraFMS/Core.pm | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm
index 9690ad9c4c..164e9b44f0 100644
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@@ -660,9 +660,7 @@ sub pandora_evaluate_alert ($$$$$$$;$$$$) {
 			]
 		);
 
-		return $status unless defined ($rc);
-		
-		return $rc unless $rc == 0;
+		return $status unless !PandoraFMS::Tools::is_empty($rc) && $rc == 1;
 	}
 	
 	# Check min and max alert limits

From d683e192b57fe92218f3309b6a18d8401b0d5705 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Wed, 29 Sep 2021 13:43:08 +0200
Subject: [PATCH 11/14] Moved changes for CorrelationServer schema to MR50

---
 pandora_console/extras/mr/49.sql | 3 ---
 pandora_console/extras/mr/50.sql | 3 +++
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pandora_console/extras/mr/49.sql b/pandora_console/extras/mr/49.sql
index 35a285f0e6..c00b6ad2bd 100644
--- a/pandora_console/extras/mr/49.sql
+++ b/pandora_console/extras/mr/49.sql
@@ -6,7 +6,4 @@ UPDATE `tconfig` set value = 'Lato-Regular.ttf' WHERE token LIKE 'custom_report_
 UPDATE `tconfig` set value = 'Lato-Regular.ttf' WHERE token LIKE 'fontpath';
 UPDATE `tlanguage` SET `name` = 'Deutsch' WHERE `id_language` = 'de';
 
-ALTER TABLE `tevent_alert` ADD COLUMN `last_evaluation` bigint(20) NOT NULL default 0;
-ALTER TABLE `tevent_alert` ADD COLUMN `pool_occurrences` int unsigned not null default 0;
-
 COMMIT;
diff --git a/pandora_console/extras/mr/50.sql b/pandora_console/extras/mr/50.sql
index aa14a62917..e519fb0f30 100644
--- a/pandora_console/extras/mr/50.sql
+++ b/pandora_console/extras/mr/50.sql
@@ -5,4 +5,7 @@ ALTER TABLE `tevent_alert` ADD COLUMN `id_template_fields` int(10) unsigned NOT
 ALTER TABLE `tevent_filter` ADD COLUMN `time_from` TIME NULL;
 ALTER TABLE `tevent_filter` ADD COLUMN `time_to` TIME NULL;
 
+ALTER TABLE `tevent_alert` ADD COLUMN `last_evaluation` bigint(20) NOT NULL default 0;
+ALTER TABLE `tevent_alert` ADD COLUMN `pool_occurrences` int unsigned not null default 0;
+
 COMMIT;
\ No newline at end of file

From 35aa6b5258702f0922dd74d45e0a710b3a0b2243 Mon Sep 17 00:00:00 2001
From: Ramon Novoa <ramonnovoa@gmail.com>
Date: Tue, 26 Oct 2021 13:24:23 +0200
Subject: [PATCH 12/14] Fix SQL errors in action queries.

---
 pandora_server/lib/PandoraFMS/Core.pm | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm
index b6ea5d25fa..a1db3d666f 100644
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@@ -905,7 +905,8 @@ sub pandora_execute_alert ($$$$$$$$$;$$) {
 
 		# Get default action
 		if ($#actions < 0) {
-			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, * FROM talert_actions, talert_commands
+			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, talert_actions.*, talert_commands.*
+						FROM talert_actions, talert_commands
 						WHERE talert_actions.id = ?
 						AND talert_actions.id_alert_command = talert_commands.id',
 						$alert->{'id_alert_action'});
@@ -914,7 +915,8 @@ sub pandora_execute_alert ($$$$$$$$$;$$) {
 	# Event alert
 	else {
 		if ($alert_mode == RECOVERED_ALERT) {
-			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, * FROM tevent_alert_action, talert_actions, talert_commands
+			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tevent_alert_action.*, talert_actions.*, talert_commands.*
+						FROM tevent_alert_action, talert_actions, talert_commands
 						WHERE tevent_alert_action.id_alert_action = talert_actions.id
 						AND talert_actions.id_alert_command = talert_commands.id
 						AND tevent_alert_action.id_event_alert = ?
@@ -922,7 +924,8 @@ sub pandora_execute_alert ($$$$$$$$$;$$) {
 						OR ? >= fires_min)',
 						$alert->{'id'}, $alert->{'times_fired'});
 		} else {
-			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, * FROM tevent_alert_action, talert_actions, talert_commands
+			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tevent_alert_action.*, talert_actions.*, talert_commands.*
+						FROM tevent_alert_action, talert_actions, talert_commands
 						WHERE tevent_alert_action.id_alert_action = talert_actions.id
 						AND talert_actions.id_alert_command = talert_commands.id
 						AND tevent_alert_action.id_event_alert = ?
@@ -934,7 +937,8 @@ sub pandora_execute_alert ($$$$$$$$$;$$) {
 
 		# Get default action
 		if ($#actions < 0) {
-			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, * FROM talert_actions, talert_commands
+			@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, talert_actions.*, talert_commands.*
+						FROM talert_actions, talert_commands
 						WHERE talert_actions.id = ?
 						AND talert_actions.id_alert_command = talert_commands.id',
 						$alert->{'id_alert_action'});
@@ -4242,7 +4246,7 @@ sub pandora_evaluate_snmp_alerts ($$$$$$$$$) {
 			}
 			
 			# Execute alert
-			my $action = get_db_single_row ($dbh, 'SELECT talert_actions.name as action_name, *
+			my $action = get_db_single_row ($dbh, 'SELECT talert_actions.name as action_name, talert_actions.*, talert_commands.*
 							FROM talert_actions, talert_commands
 							WHERE talert_actions.id_alert_command = talert_commands.id
 							AND talert_actions.id = ?', $alert->{'id_alert'});
@@ -4276,7 +4280,7 @@ sub pandora_evaluate_snmp_alerts ($$$$$$$$$) {
 					$alert->{'id_as'});
 					
 			foreach my $other_alert (@more_actions_snmp) {
-				my $other_action = get_db_single_row ($dbh, 'SELECT talert_actions.name as action_name, *
+				my $other_action = get_db_single_row ($dbh, 'SELECT talert_actions.name as action_name, talert_actions.*, talert_commands.*
 					FROM talert_actions, talert_commands
 					WHERE talert_actions.id_alert_command = talert_commands.id
 					AND talert_actions.id = ?', $other_alert->{'alert_type'});

From 701c384c5469af1170f4ead75dbaa3b5fa88c507 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Thu, 28 Oct 2021 13:01:18 +0200
Subject: [PATCH 13/14] More accurated message when recovering event alerts

---
 pandora_server/lib/PandoraFMS/Core.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm
index 8aceb3c6f0..ef23adab6b 100644
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@@ -733,7 +733,7 @@ sub pandora_process_alert ($$$$$$$$;$$) {
 
 		# Generate an event
 		if ($table eq 'tevent_alert') {
-			pandora_event ($pa_config, "Alert ceased (" .
+			pandora_event ($pa_config, "Correlated alert ceased (" .
 				safe_output($alert->{'name'}) . ")", 0, 0, $alert->{'priority'}, $id,
 				(defined ($alert->{'id_agent_module'}) ? $alert->{'id_agent_module'} : 0), 
 				"alert_ceased", 0, $dbh, 'monitoring_server', '', '', '', '', $critical_instructions, $warning_instructions, $unknown_instructions);
@@ -762,7 +762,7 @@ sub pandora_process_alert ($$$$$$$$;$$) {
 		if ($pa_config->{'alertserver'} == 1 && defined ($alert->{'id_template_module'})) {
 			pandora_queue_alert($pa_config, $dbh, $data, $alert, 0, $extra_macros);
 		} else {
-			pandora_execute_alert ($pa_config, $data, $agent, $module, $alert, 0, $dbh, $timestamp, 0, $extra_macros);
+			pandora_execute_alert ($pa_config, $data, $agent, $module, $alert, 0, $dbh, $timestamp, 0, $extra_macros, $is_correlated_alert);
 		}
 		return;
 	}

From bf0064d486a0f16a441c592a2acf83e3346aa44f Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Thu, 28 Oct 2021 17:21:02 +0200
Subject: [PATCH 14/14] Correlated alerts are not being linked to modules

---
 pandora_server/lib/PandoraFMS/Core.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm
index ef23adab6b..c57df509ff 100644
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@@ -1007,7 +1007,7 @@ sub pandora_execute_alert ($$$$$$$$$;$$) {
 			$text = "Correlated alert $text";
 			pandora_event (
 				$pa_config,
-				"$text (" . safe_output($alert->{'name'}) . ") " . (defined ($module) ? 'assigned to ('. safe_output($module->{'nombre'}) . ")" : ""),
+				"$text (" . safe_output($alert->{'name'}) . ") ",
 				(defined ($agent) ? $agent->{'id_grupo'} : 0),
 				# id agent.
 				0,