2013-08-13 Ramon Novoa <rnovoa@artica.es>

* lib/PandoraFMS/NetworkServer.pm: Use the agent's address if ip_target is not set. * lib/PandoraFMS/Core.pm: Fixed a warning. * conf/pandora_server.conf.new, lib/PandoraFMS/Config.pm, lib/PandoraFMS/SNMPServer.pm: Added SNMP storm protection. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8658 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2013-08-13 17:04:56 +00:00 · 2013-08-13 17:04:56 +00:00 · adfadf5e2d
parent b8346a6e40
commit adfadf5e2d
6 changed files with 59 additions and 1 deletions
--- a/pandora_server/ChangeLog
+++ b/pandora_server/ChangeLog
@ -1,3 +1,14 @@
+2013-08-13  Ramon Novoa  <rnovoa@artica.es>
+
+	* lib/PandoraFMS/NetworkServer.pm: Use the agent's address if ip_target
+	  is not set.
+
+	* lib/PandoraFMS/Core.pm: Fixed a warning.
+
+	* conf/pandora_server.conf.new,
+	  lib/PandoraFMS/Config.pm,
+	  lib/PandoraFMS/SNMPServer.pm: Added SNMP storm protection.
+
 2013-08-05 Miguel de Dios <miguel.dedios@artica.es>

 	* ChangeLog: lost line about "lib/PandoraFMS/PredictionServer.pm"
--- a/pandora_server/conf/pandora_server.conf.new
+++ b/pandora_server/conf/pandora_server.conf.new
@ -415,3 +415,10 @@ event_auto_validation 1
 # If defined, events generated by Pandora FMS will be written to the specified text file.
 #event_file /var/log/pandora/pandora_events.txt

+# Set the maximum number of traps that will be processed from a single source in a
+# configured time interval.
+#snmp_storm_protection 10
+
+# Time interval for snmp_storm protection (in seconds).
+#snmp_storm_timeout 600
+
--- a/pandora_server/lib/PandoraFMS/Config.pm
+++ b/pandora_server/lib/PandoraFMS/Config.pm
@ -241,6 +241,8 @@ sub pandora_load_config {
 	$pa_config->{"max_queue_files"} = 500; 
 	$pa_config->{"snmp_ignore_authfailure"} = 1; # 5.0
 	$pa_config->{"snmp_pdu_address"} = 0; # 5.0
+	$pa_config->{"snmp_storm_protection"} = 0; # 5.0
+	$pa_config->{"snmp_storm_timeout"} = 600; # 5.0
 	
 	# Internal MTA for alerts, each server need its own config.
 	$pa_config->{"mta_address"} = '127.0.0.1'; # Introduced on 2.0
@ -422,6 +424,12 @@ sub pandora_load_config {
 		elsif ($parametro =~ m/^snmp_pdu_address\s+([0-1])/i) { 
 			$pa_config->{'snmp_pdu_address'}= clean_blank($1); 
 		}
+		elsif ($parametro =~ m/^snmp_storm_protection\s+(\d+)/i) { 
+			$pa_config->{'snmp_storm_protection'}= clean_blank($1); 
+		}
+		elsif ($parametro =~ m/^snmp_storm_timeout\s+(\d+)/i) { 
+			$pa_config->{'snmp_storm_timeout'}= clean_blank($1); 
+		}
 		elsif ($parametro =~ m/^dbengine\s(.*)/i) { 
 			$pa_config->{'dbengine'}= clean_blank($1); 
 		}
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@ -1017,7 +1017,7 @@ sub pandora_process_module ($$$$$$$$$;$) {
 	
 	# Calculate the current interval
 	my $current_interval;
-	if ($module->{'cron_interval'} ne '' && $module->{'cron_interval'} ne '* * * * *') {
+	if (defined ($module->{'cron_interval'}) && $module->{'cron_interval'} ne '' && $module->{'cron_interval'} ne '* * * * *') {
 		$current_interval = cron_next_execution ($module->{'cron_interval'});
 	}
 	elsif ($module->{'module_interval'} == 0) {
--- a/pandora_server/lib/PandoraFMS/NetworkServer.pm
+++ b/pandora_server/lib/PandoraFMS/NetworkServer.pm
@ -452,6 +452,11 @@ sub exec_network_module ($$$$) {
 	my $timeout = $module->{'max_timeout'};
 	my $retries = $module->{'max_retries'};

+	# Use the agent address by default
+	if (! defined($ip_target) || $ip_target eq '') {
+		$ip_target = $agent_row->{'direccion'};
+	}
+
 	if ((defined($ip_target)) && ($ip_target)) {

 	    # -------------------------------------------------------
--- a/pandora_server/lib/PandoraFMS/SNMPServer.pm
+++ b/pandora_server/lib/PandoraFMS/SNMPServer.pm
@ -41,6 +41,9 @@ our @ISA = qw(PandoraFMS::Server);
 # Tells the server to keep running
 my $RUN :shared;

+# Trap statistics by agent
+my %AGENTS = ();
+
 ########################################################################################
 # SNMP Server class constructor.
 ########################################################################################
@ -118,7 +121,16 @@ sub pandora_snmptrapd {
 		readline SNMPLOGFILE for (1..$last_line);

 		# Main loop
+		my $storm_ref = time ();
 		while ($RUN == 1) {
+			
+			# Reset storm protection counters
+			my $curr_time = time ();
+			if ($storm_ref + $pa_config->{"snmp_storm_timeout"} < $curr_time) {
+				$storm_ref = $curr_time;
+				%AGENTS = ();
+			}
+
 			while (my $line = <SNMPLOGFILE>) {
 				$last_line++;
 				$last_size = (stat ($log_file))[7];
@ -178,6 +190,21 @@ sub pandora_snmptrapd {
 				# custom_type, custom_value is not used since 4.0 version, all custom data goes on custom_oid
 				$custom_oid = $data;

+				# Storm protection
+				if (! defined ($AGENTS{$source})) {
+					$AGENTS{$source}{'count'} = 1;
+					$AGENTS{$source}{'event'} = 0;
+				} else {
+					$AGENTS{$source}{'count'} += 1;
+				}
+				if ($pa_config->{'snmp_storm_protection'} > 0 && $AGENTS{$source}{'count'} > $pa_config->{'snmp_storm_protection'}) {
+					if ($AGENTS{$source}{'event'} == 0) {
+						pandora_event ($pa_config, "Too many traps coming from $source. Silenced for " . int ($pa_config->{"snmp_storm_timeout"} / 60) . " minutes.", 0, 0, 4, 0, 0, 'system', 0, $dbh);
+					}
+					$AGENTS{$source}{'event'} = 1;
+					next;
+				}
+				
 				# Insert the trap into the DB
 				if (! defined(enterprise_hook ('snmp_insert_trap', [$pa_config, $source, $oid, $type, $value, $custom_oid, $custom_value, $custom_type, $timestamp, $self->getServerID (), $dbh]))) {
 					my $trap_id = db_insert ($dbh, 'id_trap', 'INSERT INTO ttrap (timestamp, source, oid, type, value, oid_custom, value_custom,  type_custom) VALUES (?, ?, ?, ?, ?, ?, ?, ?)',