From 00acc46ecaf8f3865e2e8ecea8f058cd8c7436e3 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Mon, 26 Apr 2021 19:49:43 +0200
Subject: [PATCH 1/3] Fix locating agent while correlating logs

---
 pandora_server/lib/PandoraFMS/Core.pm | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm
index 40cd75f4d9..18afba08cd 100644
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@@ -297,7 +297,10 @@ sub locate_agent {
 		# Locate agent first in tmetaconsole_agent
 		return undef if (! defined ($field) || $field eq '');
 
-		my $rs = enterprise_hook('get_metaconsole_agent_from_alias', [$dbh, $field, $relative]);
+		my $rs = enterprise_hook('get_metaconsole_agent_from_id', [$dbh, $field]);
+		return $rs if defined($rs) && (ref($rs)); # defined and not a scalar
+
+		$rs = enterprise_hook('get_metaconsole_agent_from_alias', [$dbh, $field, $relative]);
 		return $rs if defined($rs) && (ref($rs)); # defined and not a scalar
 
 		$rs = enterprise_hook('get_metaconsole_agent_from_addr', [$dbh, $field, $relative]);
@@ -322,7 +325,10 @@ sub get_agent {
 
     return undef if (! defined ($field) || $field eq '');
 
-    my $rs = get_agent_from_alias($dbh, $field, $relative);
+    my $rs = get_agent_from_id($dbh, $field);
+    return $rs if defined($rs) && (ref($rs)); # defined and not a scalar
+
+    $rs = get_agent_from_alias($dbh, $field, $relative);
     return $rs if defined($rs) && (ref($rs)); # defined and not a scalar
 
     $rs = get_agent_from_addr($dbh, $field);
@@ -378,6 +384,17 @@ sub get_agent_from_name ($$;$) {
 	return get_db_single_row ($dbh, 'SELECT * FROM tagente WHERE tagente.nombre = ?', safe_input($name));
 }
 
+##########################################################################
+# Return the agent given the agent id.
+##########################################################################
+sub get_agent_from_id ($$) {
+	my ($dbh, $id) = @_;
+	
+	return undef if (! defined ($id) || $id eq '');
+	
+	return get_db_single_row ($dbh, 'SELECT * FROM tagente WHERE tagente.id_agente = ?', $id);
+}
+
 ##########################################################################
 =head2 C<< pandora_generate_alerts (I<$pa_config> I<$data> I<$status> I<$agent> I<$module> I<$utimestamp> I<$dbh>  I<$timestamp> I<$extra_macros> I<$last_data_value>) >>
 

From 2ef9743d5bdca64074b2ca8589bfc65333557bb8 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Tue, 27 Apr 2021 14:59:59 +0200
Subject: [PATCH 2/3] Added elastic_query_size

---
 pandora_server/conf/pandora_server.conf.new | 3 +++
 pandora_server/lib/PandoraFMS/Config.pm     | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/pandora_server/conf/pandora_server.conf.new b/pandora_server/conf/pandora_server.conf.new
index 53ae7a4604..2f91bccf68 100644
--- a/pandora_server/conf/pandora_server.conf.new
+++ b/pandora_server/conf/pandora_server.conf.new
@@ -473,6 +473,9 @@ log_window 3600
 # Correlated Alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
 #event_server_cache_ttl 10
 
+# Log retrieving, items per request. (High values could make elasticsearch crash)
+#elastic_query_size 10
+
 # If set to 1, an alert will not be fired if the last event it generated is in 'in-process' status.
 
 event_inhibit_alerts 0
diff --git a/pandora_server/lib/PandoraFMS/Config.pm b/pandora_server/lib/PandoraFMS/Config.pm
index e0057f9da5..fc83623dec 100644
--- a/pandora_server/lib/PandoraFMS/Config.pm
+++ b/pandora_server/lib/PandoraFMS/Config.pm
@@ -302,6 +302,7 @@ sub pandora_load_config {
 	$pa_config->{"eventserver"} = 1; # 4.0
 	$pa_config->{"event_window"} = 3600; # 4.0
 	$pa_config->{"log_window"} = 3600; # 7.741
+	$pa_config->{"elastic_query_size"} = 10; # 7.754 Elements per request (ELK)
 	$pa_config->{"event_server_cache_ttl"} = 10; # 7.754
 	$pa_config->{"preload_windows"} = 0; # 7.741
 	$pa_config->{"icmpserver"} = 0; # 4.0
@@ -999,6 +1000,9 @@ sub pandora_load_config {
 		elsif ($parametro =~ m/^log_window\s+([0-9]*)/i) {
 			$pa_config->{'log_window'}= clean_blank($1);
 		}
+		elsif ($parametro =~ m/^elastic_query_size\s+([0-9]*)/i) {
+			$pa_config->{'elastic_query_size'}= clean_blank($1);
+		}
 		elsif ($parametro =~ m/^preload_windows\s+([0-9]*)/i) {
 			$pa_config->{'preload_windows'}= clean_blank($1);
 		}

From 24976c486048601e4791211c37fc47e40ac99388 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Tue, 27 Apr 2021 17:58:20 +0200
Subject: [PATCH 3/3] Disable timezone offset while setting timestamp from
 server

---
 pandora_server/lib/PandoraFMS/DataServer.pm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pandora_server/lib/PandoraFMS/DataServer.pm b/pandora_server/lib/PandoraFMS/DataServer.pm
index 0006482ea1..9445b518ee 100644
--- a/pandora_server/lib/PandoraFMS/DataServer.pm
+++ b/pandora_server/lib/PandoraFMS/DataServer.pm
@@ -280,6 +280,11 @@ sub process_xml_data ($$$$$) {
 		$timezone_offset = 0;
 	}
 	
+	# If set by server, do not use offset.
+	if ($pa_config->{'use_xml_timestamp'} eq '0') {
+		$timezone_offset = 0;
+	}
+	
 	# Parent Agent Name
 	my $parent_id = 0; # Default value for unknown parent
 	my $parent_agent_name = $data->{'parent_agent_name'};