From 6b7c06e77e9be3aede6b9689dc321c51d8d947b4 Mon Sep 17 00:00:00 2001 From: slerena Date: Tue, 1 Apr 2008 17:00:09 +0000 Subject: [PATCH] 2008-04-01 Sancho Lerena * bin/pandora_prediction: Fixed several problems with prediction on anomaly detection. Tested and works fine for me. * DB.pm: Fixed problem in combined alerts. Removed some log entries. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@784 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_server/ChangeLog | 8 ++++ pandora_server/bin/pandora_prediction | 64 +++++++++++++++------------ pandora_server/lib/PandoraFMS/DB.pm | 20 +++------ 3 files changed, 51 insertions(+), 41 deletions(-) diff --git a/pandora_server/ChangeLog b/pandora_server/ChangeLog index e29979ed1e..bbdd3cfd87 100644 --- a/pandora_server/ChangeLog +++ b/pandora_server/ChangeLog @@ -1,3 +1,11 @@ +2008-04-01 Sancho Lerena + + * bin/pandora_prediction: Fixed several problems with + prediction on anomaly detection. Tested and works fine for me. + + * DB.pm: Fixed problem in combined alerts. Removed some + log entries. + 2008-04-01 Ramon Novoa * util/tentacle_serverd: Changed default port and address (now diff --git a/pandora_server/bin/pandora_prediction b/pandora_server/bin/pandora_prediction index ce98a02242..a2a15a995a 100755 --- a/pandora_server/bin/pandora_prediction +++ b/pandora_server/bin/pandora_prediction @@ -140,7 +140,6 @@ sub pandora_prediction_consumer ($$) { { lock $queue_lock; $data_id_agent_module = shift(@pending_task); -print "[CLIENT] Pop out of queue module (pending queue) $data_id_agent_module \n"; delete($pending_task_hash{$data_id_agent_module}); $current_task_hash{$data_id_agent_module}=1; } @@ -149,7 +148,6 @@ print "[CLIENT] Pop out of queue module (pending queue) $data_id_agent_module \n eval { # Call network execution process # exec_network_module ( $pa_config, $data_id_agent_module, $dbh); -print "[PREDICT-CLIENT] Executing module # $data_id_agent_module \n"; exec_prediction_module ($pa_config, $data_id_agent_module, $dbh); }; if ($@){ @@ -161,7 +159,6 @@ print "[PREDICT-CLIENT] Executing module # $data_id_agent_module \n"; # not been processed, but has been freed from task queue { lock $queue_lock; -print "[CLIENT] Removing from queue (current task) module $data_id_agent_module \n"; delete($current_task_hash{$data_id_agent_module}); } $counter = 0; @@ -233,15 +230,11 @@ sub pandora_prediction_producer ($) { ((tagente_estado.last_execution_try + tagente_estado.current_interval) < UNIX_TIMESTAMP() OR tagente_modulo.flag = 1 ) ORDER BY last_execution_try ASC"; } -# print "[DEBUG] SQL is $query1 \n"; $exec_sql1 = $dbh->prepare($query1); $exec_sql1 ->execute; while (@sql_data1 = $exec_sql1->fetchrow_array()) { $data_id_agente_modulo = $sql_data1[0]; - $data_flag = $sql_data1[1]; -print "[DEBUG] Procesando candidato $data_id_agente_modulo\n"; - # Skip modules already queued if ((!defined($pending_task_hash{$data_id_agente_modulo})) && (!defined($current_task_hash{$data_id_agente_modulo}))) { @@ -250,7 +243,6 @@ print "[DEBUG] Procesando candidato $data_id_agente_modulo\n"; } # Locking scope, do not remove redundant { } { -print "[DEBUG] Metiendo $data_id_agente_modulo en cola \n"; lock $queue_lock; push (@pending_task, $data_id_agente_modulo); $pending_task_hash {$data_id_agente_modulo}=1; @@ -258,7 +250,6 @@ print "[DEBUG] Metiendo $data_id_agente_modulo en cola \n"; } } #logger ($pa_config, "Items in Network Pending Queue: ".scalar(@pending_task), 5); -print "[DEBUG] Items in Network Pending Queue: ".scalar(@pending_task); $exec_sql1->finish(); sleep($pa_config->{"server_threshold"}); } # Main loop @@ -293,7 +284,6 @@ sub exec_prediction_module { $exec_sql = $dbh->prepare($query_sql); $exec_sql ->execute; $target_module = $exec_sql->fetchrow_hashref; - # Prediction mode explanation # # 0 is for target type of generic_proc. It compares latest data with current data. Needs to get @@ -312,7 +302,7 @@ sub exec_prediction_module { } else { $prediction_mode = 1; # data } - + # Initialize another global sub variables. my $agent_name = dame_agente_nombre ($pa_config, $agent_module->{'id_agente'}, $dbh); my $module_data = 0; # 0 data for default @@ -338,13 +328,32 @@ sub exec_prediction_module { my $average = 0; my $temp1 = 0; for ($i=0; $i < 4; $i++){ -print "DEBUG HASH REF ".$target_module->{'id_agente_modulo'}; -print "\n"; + my $first_data; + my $last_data; + my $average_interval; + my $sum_data = 0; + $temp1 = $week_utimestamp[$i] + $agent_module->{'module_interval'}; # Get data for week $i in the past $query_sql = 'SELECT AVG(datos) FROM tagente_datos WHERE id_agente_modulo = '. $target_module->{'id_agente_modulo'}. ' AND utimestamp > '.$week_utimestamp[$i].' AND utimestamp < '.$temp1; -print "DEBUG SQL - $query_sql \n"; - $week_data[$i] = get_db_free_field ($query_sql, $dbh); + $average_interval = get_db_free_field ($query_sql, $dbh); + + # Need to get data outside interval because no data. + if ($average_interval == 0){ + $query_sql = 'SELECT datos FROM tagente_datos WHERE id_agente_modulo = '. $target_module->{'id_agente_modulo'}. ' AND utimestamp > '.$week_utimestamp[$i].' LIMIT 1'; + $last_data = get_db_free_field ($query_sql, $dbh); + if ($last_data != 0){ + $sum_data++; + } + $query_sql = 'SELECT datos FROM tagente_datos WHERE id_agente_modulo = '. $target_module->{'id_agente_modulo'}. ' AND utimestamp < '.$temp1.' LIMIT 1'; + $first_data = get_db_free_field ($query_sql, $dbh); + if ($first_data != 0){ + $sum_data++; + } + $week_data[$i] = (($last_data + $first_data) / $sum_data); + } else { + $week_data[$i] = $average_interval; + } # It's possible that one of the week_data[i] values was not valid (NULL) # so recheck it and relay on n=0 for "no data" values set to 0 in result @@ -357,27 +366,26 @@ print "DEBUG SQL - $query_sql \n"; } # Real average value -print "Value of n is $n \n"; if ($n > 0){ $average = $average / $n; } else { $average = 0; } - # Calculate typical deviation - my $typical_deviation = 0; - for ($i=0; $i< $n; $i++){ - if ( (is_numeric($week_data[$i])) && ($week_data[$i] > 0) ) { - $typical_deviation = $typical_deviation + (($week_data[$i] - $average)**2); - } - } - $typical_deviation = sqrt ($typical_deviation / ($n-1)); - # (PROC) Compare with current data if ($prediction_mode == 0){ - $query_sql = 'SELECT data FROM tagente_estado WHERE id_agente_modulo = '.$target_module->{'id_agente_modulo'}; + # Calculate typical deviation + my $typical_deviation = 0; + for ($i=0; $i< $n; $i++){ + if ( (is_numeric($week_data[$i])) && ($week_data[$i] > 0) ) { + $typical_deviation = $typical_deviation + (($week_data[$i] - $average)**2); + } + } + $typical_deviation = sqrt ($typical_deviation / ($n-1)); + + $query_sql = 'SELECT datos FROM tagente_estado WHERE id_agente_modulo = '.$target_module->{'id_agente_modulo'}; my $current_value = get_db_free_field ($query_sql, $dbh); - if ( ($current_value >= ($average - $typical_deviation)) || ($current_value <= ($average + $typical_deviation)) ){ + if ( ($current_value > ($average - $typical_deviation)) && ($current_value < ($average + $typical_deviation)) ){ $module_data = 1; # OK !! } else { $module_data = 0; # Out of predictions @@ -400,7 +408,7 @@ print "Value of n is $n \n"; module_generic_data ($pa_config, \%part, $timestamp, $agent_name, $tipo_modulo, $dbh); } elsif (2 == $agent_module->{'id_tipo_modulo'}) { - module_generic_data_inc ($pa_config, \%part, $timestamp, $agent_name, $tipo_modulo, $dbh); + module_generic_proc ($pa_config, \%part, $timestamp, $agent_name, $tipo_modulo, $dbh); } else { # Unknown module!, this IS a problem logger ($pa_config, "[FATAL] Prediction Server Problem with unknown module type '$tipo_modulo'", 0); diff --git a/pandora_server/lib/PandoraFMS/DB.pm b/pandora_server/lib/PandoraFMS/DB.pm index 6dbf7dda12..a8ab6231b3 100644 --- a/pandora_server/lib/PandoraFMS/DB.pm +++ b/pandora_server/lib/PandoraFMS/DB.pm @@ -221,7 +221,7 @@ sub pandora_calcula_alerta (%$$$$$$) { # -------------------------------------- # Now call to execute_alert to real exec execute_alert ($pa_config, $id_alerta, $campo1, $campo2, $campo3, -$nombre_agente, $timestamp, $datos, $comando, $alert_name, $descripcion, 1, $dbh); + $nombre_agente, $timestamp, $datos, $comando, $alert_name, $descripcion, 1, $dbh); # -------------------------------------- # Evaluate compound alerts, since an alert has changed its status. @@ -233,14 +233,8 @@ $nombre_agente, $timestamp, $datos, $comando, $alert_name, $descripcion, 1, $dbh $internal_counter++; # Now update new value for times_fired & last_fired # if we are below minlimit for triggering this alert - logger ($pa_config, "Alarm not fired because is below min limit",6); - } else { # Too many alerts fired (upper limit) - logger ($pa_config, "Alarm not fired because is above max limit",6); - } - $dbh->do("UPDATE talerta_agente_modulo SET times_fired = $times_fired, internal_counter = $internal_counter WHERE id_aam = $id_aam"); - - # Evaluate compound alerts, since an alert has changed its status. - pandora_evaluate_compound_alerts ($pa_config, $timestamp, $id_aam, $nombre_agente, 0, $dbh); + } + $dbh->do("UPDATE talerta_agente_modulo SET internal_counter = $internal_counter WHERE id_aam = $id_aam"); } } else { # This block is executed because actual data is OUTSIDE @@ -277,11 +271,11 @@ $nombre_agente, $timestamp, $datos, $comando, $alert_name, $descripcion, 1, $dbh # "alert_recovery" and set to 1 (disabled by default) if ($pa_config->{"alert_recovery"} eq "1"){ execute_alert ($pa_config, $id_alerta, $campo1, -"[RECOVERED ] - ".$campo2, "[ALERT CEASED - RECOVERED] - ".$campo3, $nombre_agente, $timestamp, $datos, $comando, -$alert_name, $descripcion, 0, $dbh); + "[RECOVERED ] - ".$campo2, "[ALERT CEASED - RECOVERED] - ".$campo3, $nombre_agente, $timestamp, $datos, $comando, + $alert_name, $descripcion, 0, $dbh); } } - } + } if (($times_fired > 0) || ($internal_counter > 0)){ $dbh->do("UPDATE talerta_agente_modulo SET internal_counter = 0, times_fired =0 WHERE id_aam = $id_aam"); @@ -488,7 +482,7 @@ sub execute_alert (%$$$$$$$$$$$$) { my $dbh = $_[12]; # Compound only - if ($id_alert == 0){ + if ($id_alert == 1){ return; }