2013-09-09 Ramon Novoa <rnovoa@artica.es>
* conf/pandora_server.conf.new, lib/PandoraFMS/Config.pm, lib/PandoraFMS/Core.pm, bin/pandora_server: Added support for event auto-expiry and small fixes. * util/pandora_manage.pl: Added support for event custom data. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8753 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
Ramon Novoa
parent
9726ed98d3
commit
9173d085b7
|
|
@ -1,3 +1,13 @@
|
|||
2013-09-09 Ramon Novoa <rnovoa@artica.es>
|
||||
|
||||
* conf/pandora_server.conf.new,
|
||||
lib/PandoraFMS/Config.pm,
|
||||
lib/PandoraFMS/Core.pm,
|
||||
bin/pandora_server: Added support for event auto-expiry and small
|
||||
fixes.
|
||||
|
||||
* util/pandora_manage.pl: Added support for event custom data.
|
||||
|
||||
2013-09-05 Ramon Novoa <rnovoa@artica.es>
|
||||
|
||||
* lib/PandoraFMS/Core.pm: Added support for module macros.
|
||||
|
|
|
|||
|
|
@ -306,6 +306,16 @@ sub pandora_server_tasks ($) {
|
|||
&& $pa_config->{"self_monitoring"} == 1){
|
||||
pandora_self_monitoring ($pa_config, $dbh);
|
||||
}
|
||||
|
||||
# Event auto-expiry
|
||||
my $expiry_time = $pa_config->{"event_expiry_time"};
|
||||
my $expiry_window = $pa_config->{"event_expiry_window"};
|
||||
if ($expiry_time > 0 && $expiry_window > 0 && $expiry_window > $expiry_time) {
|
||||
my $time_ref = time ();
|
||||
my $expiry_limit = $time_ref - $expiry_time;
|
||||
my $expiry_window = $time_ref - $expiry_window;
|
||||
db_do ($dbh, 'UPDATE tevento SET estado=1, ack_utimestamp=? WHERE estado=0 AND utimestamp < ? AND utimestamp > ?', $time_ref, $expiry_limit, $expiry_window);
|
||||
}
|
||||
}
|
||||
|
||||
# Avoid counter overflow
|
||||
|
|
|
|||
|
|
@ -428,3 +428,11 @@ event_auto_validation 1
|
|||
#text_going_up_warning Module '_module_' is going to WARNING (_data_)
|
||||
#text_going_down_warning Module '_module_' is going to WARNING (_data_)
|
||||
#text_going_unknown Module '_module_' is going to UNKNOWN
|
||||
|
||||
# Events older that the specified time (in seconds) will be auto-validated. Set to 0 to disable this feature.
|
||||
event_expiry_time 0
|
||||
|
||||
# Only events more recent than the specified time window (in seconds) will be auto-validated. This value must
|
||||
# be greater than event_expiry_time.
|
||||
#event_expiry_window 86400
|
||||
|
||||
|
|
|
|||
|
|
@ -313,6 +313,12 @@ sub pandora_load_config {
|
|||
$pa_config->{"text_going_down_warning"} = "Module '_module_' is going to WARNING (_data_)"; # 5.0
|
||||
$pa_config->{"text_going_unknown"} = "Module '_module_' is going to UNKNOWN"; # 5.0
|
||||
|
||||
# Event auto-expiry time
|
||||
$pa_config->{"event_expiry_time"} = 0; # 5.0
|
||||
|
||||
# Event auto-expiry time window
|
||||
$pa_config->{"event_expiry_window"} = 86400; # 5.0
|
||||
|
||||
# -------------------------------------------------------------------------
|
||||
# This values are not stored in .conf files.
|
||||
# This values should be stored in database, not in .conf files!
|
||||
|
|
@ -693,6 +699,12 @@ sub pandora_load_config {
|
|||
elsif ($parametro =~ m/^text_going_unknown\s+(.*)/i) {
|
||||
$pa_config->{'text_going_unknown'} = safe_input ($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^event_expiry_time\s+([0-9]*)/i) {
|
||||
$pa_config->{'event_expiry_time'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^event_expiry_window\s+([0-9]*)/i) {
|
||||
$pa_config->{'event_expiry_window'}= clean_blank($1);
|
||||
}
|
||||
} # end of loop for parameter #
|
||||
|
||||
# Set to RDBMS' standard port
|
||||
|
|
|
|||
|
|
@ -657,6 +657,7 @@ sub pandora_execute_alert ($$$$$$$$;$) {
|
|||
}
|
||||
|
||||
# Execute actions
|
||||
my $event_generated = 0;
|
||||
foreach my $action (@actions) {
|
||||
|
||||
# Check the action threshold (template_action_threshold takes precedence over action_threshold)
|
||||
|
|
@ -665,6 +666,12 @@ sub pandora_execute_alert ($$$$$$$$;$) {
|
|||
$threshold = $action->{'action_threshold'} if (defined ($action->{'action_threshold'}) && $action->{'action_threshold'} > 0);
|
||||
$threshold = $action->{'module_action_threshold'} if (defined ($action->{'module_action_threshold'}) && $action->{'module_action_threshold'} > 0);
|
||||
if (time () >= ($action->{'last_execution'} + $threshold)) {
|
||||
|
||||
# Does the action generate an event?
|
||||
if (safe_output($action->{'name'}) eq "Pandora FMS Event") {
|
||||
$event_generated = 1;
|
||||
}
|
||||
|
||||
pandora_execute_action ($pa_config, $data, $agent, $alert, $alert_mode, $action, $module, $dbh, $timestamp, $extra_macros);
|
||||
} else {
|
||||
if (defined ($module)) {
|
||||
|
|
@ -680,14 +687,16 @@ sub pandora_execute_alert ($$$$$$$$;$) {
|
|||
my $warning_instructions = get_db_value ($dbh, 'SELECT warning_instructions FROM tagente_modulo WHERE id_agente_modulo = ?', $alert->{'id_agent_module'});
|
||||
my $unknown_instructions = get_db_value ($dbh, 'SELECT unknown_instructions FROM tagente_modulo WHERE id_agente_modulo = ?', $alert->{'id_agent_module'});
|
||||
|
||||
# Generate an event
|
||||
#If we've spotted an alert recovered, we set the new event's severity to 0, otherwise the original value is maintained.
|
||||
my ($text, $event, $severity) = ($alert_mode == 0) ? ('recovered', 'alert_recovered', 0) : ('fired', 'alert_fired', $alert->{'priority'});
|
||||
|
||||
|
||||
pandora_event ($pa_config, "Alert $text (" . safe_output($alert->{'name'}) . ") " . (defined ($module) ? 'assigned to ('. safe_output($module->{'nombre'}) . ")" : ""),
|
||||
# Generate an event only if an event has not already been generated by an alert action
|
||||
if ($event_generated == 0) {
|
||||
|
||||
#If we've spotted an alert recovered, we set the new event's severity to 0, otherwise the original value is maintained.
|
||||
my ($text, $event, $severity) = ($alert_mode == 0) ? ('recovered', 'alert_recovered', 0) : ('fired', 'alert_fired', $alert->{'priority'});
|
||||
|
||||
pandora_event ($pa_config, "Alert $text (" . safe_output($alert->{'name'}) . ") " . (defined ($module) ? 'assigned to ('. safe_output($module->{'nombre'}) . ")" : ""),
|
||||
(defined ($agent) ? $agent->{'id_grupo'} : 0), (defined ($agent) ? $agent->{'id_agente'} : 0), $alert->{'priority'}, (defined ($alert->{'id_template_module'}) ? $alert->{'id_template_module'} : 0),
|
||||
(defined ($alert->{'id_agent_module'}) ? $alert->{'id_agent_module'} : 0), $event, 0, $dbh, 'Pandora', '', '', '', '', $critical_instructions, $warning_instructions, $unknown_instructions);
|
||||
}
|
||||
}
|
||||
|
||||
##########################################################################
|
||||
|
|
@ -733,16 +742,16 @@ sub pandora_execute_action ($$$$$$$$$;$) {
|
|||
}
|
||||
|
||||
# Recovery fields, thanks to Kato Atsushi
|
||||
if ($alert_mode == 0){
|
||||
$field2 = $alert->{'field2_recovery'} ne "" ? $alert->{'field2_recovery'} : "[RECOVER]" . $field2;
|
||||
$field3 = $alert->{'field3_recovery'} ne "" ? $alert->{'field3_recovery'} : "[RECOVER]" . $field3;
|
||||
$field4 = $alert->{'field4_recovery'} ne "" ? $alert->{'field4_recovery'} : "[RECOVER]" . $field4;
|
||||
$field5 = $alert->{'field5_recovery'} ne "" ? $alert->{'field5_recovery'} : "[RECOVER]" . $field5;
|
||||
$field6 = $alert->{'field6_recovery'} ne "" ? $alert->{'field6_recovery'} : "[RECOVER]" . $field6;
|
||||
$field7 = $alert->{'field7_recovery'} ne "" ? $alert->{'field7_recovery'} : "[RECOVER]" . $field7;
|
||||
$field8 = $alert->{'field8_recovery'} ne "" ? $alert->{'field8_recovery'} : "[RECOVER]" . $field8;
|
||||
$field9 = $alert->{'field9_recovery'} ne "" ? $alert->{'field9_recovery'} : "[RECOVER]" . $field9;
|
||||
$field10 = $alert->{'field10_recovery'} ne "" ? $alert->{'field10_recovery'} : "[RECOVER]" . $field10;
|
||||
if ($alert_mode == 0) {
|
||||
$field2 = $alert->{'field2_recovery'} ne "" ? $alert->{'field2_recovery'} : ($field2 ne "" ? "[RECOVER]" . $field2 : "");
|
||||
$field3 = $alert->{'field3_recovery'} ne "" ? $alert->{'field3_recovery'} : ($field3 ne "" ? "[RECOVER]" . $field3 : "");
|
||||
$field4 = $alert->{'field4_recovery'} ne "" ? $alert->{'field4_recovery'} : ($field4 ne "" ? "[RECOVER]" . $field4 : "");
|
||||
$field5 = $alert->{'field5_recovery'} ne "" ? $alert->{'field5_recovery'} : ($field5 ne "" ? "[RECOVER]" . $field5 : "");
|
||||
$field6 = $alert->{'field6_recovery'} ne "" ? $alert->{'field6_recovery'} : ($field6 ne "" ? "[RECOVER]" . $field6 : "");
|
||||
$field7 = $alert->{'field7_recovery'} ne "" ? $alert->{'field7_recovery'} : ($field7 ne "" ? "[RECOVER]" . $field7 : "");
|
||||
$field8 = $alert->{'field8_recovery'} ne "" ? $alert->{'field8_recovery'} : ($field8 ne "" ? "[RECOVER]" . $field8 : "");
|
||||
$field9 = $alert->{'field9_recovery'} ne "" ? $alert->{'field9_recovery'} : ($field9 ne "" ? "[RECOVER]" . $field9 : "");
|
||||
$field10 = $alert->{'field10_recovery'} ne "" ? $alert->{'field10_recovery'} : ($field10 ne "" ? "[RECOVER]" . $field10 : "");
|
||||
}
|
||||
|
||||
$field1 = decode_entities ($field1);
|
||||
|
|
@ -2528,7 +2537,7 @@ sub pandora_event ($$$$$$$$$$;$$$$$$$$$) {
|
|||
my ($pa_config, $evento, $id_grupo, $id_agente, $severity,
|
||||
$id_alert_am, $id_agentmodule, $event_type, $event_status, $dbh,
|
||||
$source, $user_name, $comment, $id_extra, $tags,
|
||||
$critical_instructions, $warning_instructions, $unknown_instructions) = @_;
|
||||
$critical_instructions, $warning_instructions, $unknown_instructions, $custom_data) = @_;
|
||||
|
||||
my $agent = undef;
|
||||
if ($id_agente != 0) {
|
||||
|
|
@ -2568,6 +2577,7 @@ sub pandora_event ($$$$$$$$$$;$$$$$$$$$) {
|
|||
$critical_instructions = '' unless defined ($critical_instructions);
|
||||
$warning_instructions = '' unless defined ($warning_instructions);
|
||||
$unknown_instructions = '' unless defined ($unknown_instructions);
|
||||
$custom_data = '' unless defined ($custom_data);
|
||||
|
||||
# If the event is created with validated status, assign ack_utimestamp
|
||||
my $ack_utimestamp = $event_status == 1 ? time() : 0;
|
||||
|
|
@ -2587,13 +2597,13 @@ sub pandora_event ($$$$$$$$$$;$$$$$$$$$) {
|
|||
if ($count > 0) {
|
||||
logger($pa_config, "Updating event '$evento' with extended id '$id_extra' for agent ID $id_agente module ID $id_agentmodule.", 10);
|
||||
|
||||
db_do ($dbh, 'UPDATE tevento SET id_agente=?, id_grupo=?, evento=?, timestamp=?, estado=?, utimestamp=?, event_type=?, id_agentmodule=?, id_alert_am=?, criticity=?, user_comment=?, tags=?, source=?, id_extra=?, id_usuario=?, critical_instructions=?, warning_instructions=?, unknown_instructions=?, ack_utimestamp=?
|
||||
WHERE id_extra=?', $id_agente, $id_grupo, safe_input ($evento), $timestamp, $event_status, $utimestamp, $event_type, $id_agentmodule, $id_alert_am, $severity, $comment, $module_tags, $source, $id_extra, $user_name, $critical_instructions, $warning_instructions, $unknown_instructions, $ack_utimestamp, $id_extra);
|
||||
db_do ($dbh, 'UPDATE tevento SET id_agente=?, id_grupo=?, evento=?, timestamp=?, estado=?, utimestamp=?, event_type=?, id_agentmodule=?, id_alert_am=?, criticity=?, user_comment=?, tags=?, source=?, id_extra=?, id_usuario=?, critical_instructions=?, warning_instructions=?, unknown_instructions=?, ack_utimestamp=?, custom_data=?
|
||||
WHERE id_extra=?', $id_agente, $id_grupo, safe_input ($evento), $timestamp, $event_status, $utimestamp, $event_type, $id_agentmodule, $id_alert_am, $severity, $comment, $module_tags, $source, $id_extra, $user_name, $critical_instructions, $warning_instructions, $unknown_instructions, $ack_utimestamp, $custom_data, $id_extra);
|
||||
} else {
|
||||
logger($pa_config, "Generating event '$evento' for agent ID $id_agente module ID $id_agentmodule.", 10);
|
||||
|
||||
db_do ($dbh, 'INSERT INTO tevento (id_agente, id_grupo, evento, timestamp, estado, utimestamp, event_type, id_agentmodule, id_alert_am, criticity, user_comment, tags, source, id_extra, id_usuario, critical_instructions, warning_instructions, unknown_instructions, ack_utimestamp)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', $id_agente, $id_grupo, safe_input ($evento), $timestamp, $event_status, $utimestamp, $event_type, $id_agentmodule, $id_alert_am, $severity, $comment, $module_tags, $source, $id_extra, $user_name, $critical_instructions, $warning_instructions, $unknown_instructions, $ack_utimestamp);
|
||||
db_do ($dbh, 'INSERT INTO tevento (id_agente, id_grupo, evento, timestamp, estado, utimestamp, event_type, id_agentmodule, id_alert_am, criticity, user_comment, tags, source, id_extra, id_usuario, critical_instructions, warning_instructions, unknown_instructions, ack_utimestamp, custom_data)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', $id_agente, $id_grupo, safe_input ($evento), $timestamp, $event_status, $utimestamp, $event_type, $id_agentmodule, $id_alert_am, $severity, $comment, $module_tags, $source, $id_extra, $user_name, $critical_instructions, $warning_instructions, $unknown_instructions, $ack_utimestamp, $custom_data);
|
||||
}
|
||||
|
||||
# Do not write to the event file
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ use POSIX;
|
|||
use HTML::Entities; # Encode or decode strings with HTML entities
|
||||
use File::Basename;
|
||||
use JSON qw(encode_json);
|
||||
use MIME::Base64;
|
||||
|
||||
# Default lib dir for RPM and DEB packages
|
||||
use lib '/usr/lib/perl5';
|
||||
|
|
@ -135,7 +136,7 @@ sub help_screen{
|
|||
help_screen_line('--disable_eacl', '', 'Disable enterprise ACL system');
|
||||
help_screen_line('--enable_eacl', '', 'Enable enterprise ACL system');
|
||||
print "\nEVENTS:\n\n" unless $param ne '';
|
||||
help_screen_line('--create_event', "<event> <event_type> <group_name> [<agent_name> <module_name>\n\t <event_status> <severity> <template_name> <user_name> <comment> \n\t <source> <id_extra> <tags>]", 'Add event');
|
||||
help_screen_line('--create_event', "<event> <event_type> <group_name> [<agent_name> <module_name>\n\t <event_status> <severity> <template_name> <user_name> <comment> \n\t <source> <id_extra> <tags> <custom_data_json>]", 'Add event');
|
||||
help_screen_line('--validate_event', "<agent_name> <module_name> <datetime_min> <datetime_max>\n\t <user_name> <criticity> <template_name>", 'Validate events');
|
||||
help_screen_line('--validate_event_id', '<event_id>', 'Validate event given a event id');
|
||||
help_screen_line('--get_event_info', '<event_id>[<csv_separator>]', 'Show info about a event given a event id');
|
||||
|
|
@ -2396,7 +2397,7 @@ sub cli_delete_profile() {
|
|||
##############################################################################
|
||||
|
||||
sub cli_create_event() {
|
||||
my ($event,$event_type,$group_name,$agent_name,$module_name,$event_status,$severity,$template_name, $user_name, $comment, $source, $id_extra, $tags) = @ARGV[2..14];
|
||||
my ($event,$event_type,$group_name,$agent_name,$module_name,$event_status,$severity,$template_name, $user_name, $comment, $source, $id_extra, $tags, $custom_data) = @ARGV[2..15];
|
||||
|
||||
$event_status = 0 unless defined($event_status);
|
||||
$severity = 0 unless defined($severity);
|
||||
|
|
@ -2458,8 +2459,11 @@ sub cli_create_event() {
|
|||
}
|
||||
print_log "[INFO] Adding event '$event' for agent '$agent_name' \n\n";
|
||||
|
||||
# Base64 encode custom data
|
||||
$custom_data = encode_base64 ($custom_data);
|
||||
|
||||
pandora_event ($conf, $event, $id_group, $id_agent, $severity,
|
||||
$id_alert_agent_module, $id_agentmodule, $event_type, $event_status, $dbh, $source, $user_name, $comment, $id_extra, $tags);
|
||||
$id_alert_agent_module, $id_agentmodule, $event_type, $event_status, $dbh, $source, $user_name, $comment, $id_extra, $tags, '', '', '', $custom_data);
|
||||
}
|
||||
|
||||
##############################################################################
|
||||
|
|
@ -3466,7 +3470,7 @@ sub pandora_manage_main ($$$) {
|
|||
cli_delete_profile();
|
||||
}
|
||||
elsif ($param eq '--create_event') {
|
||||
param_check($ltotal, 13, 10);
|
||||
param_check($ltotal, 14, 10);
|
||||
cli_create_event();
|
||||
}
|
||||
elsif ($param eq '--validate_event') {
|
||||
|
|
|
|||
Loading…
Reference in New Issue