From c1a7fc2e9a53bed6e8c97343542034ea0391fa70 Mon Sep 17 00:00:00 2001
From: Daniel Maya <daniel.maya@artica.es>
Date: Wed, 28 Oct 2020 10:57:21 +0100
Subject: [PATCH] Added snmp_storm_silence_period

---
 pandora_server/FreeBSD/pandora_server.conf.new  |  3 +++
 pandora_server/conf/pandora_server.conf.new     |  3 +++
 pandora_server/conf/pandora_server.conf.windows |  3 +++
 pandora_server/lib/PandoraFMS/Config.pm         |  4 ++++
 pandora_server/lib/PandoraFMS/SNMPServer.pm     | 15 +++++++++++++--
 5 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/pandora_server/FreeBSD/pandora_server.conf.new b/pandora_server/FreeBSD/pandora_server.conf.new
index c6394319b5..c303931b49 100644
--- a/pandora_server/FreeBSD/pandora_server.conf.new
+++ b/pandora_server/FreeBSD/pandora_server.conf.new
@@ -481,6 +481,9 @@ snmp_storm_protection 25
 # Time interval for snmp_storm protection (in seconds).
 snmp_storm_timeout 10
 
+# Silenced time period in seconds, when trap storm is detected
+snmp_storm_silence_period 300
+
 # Default texts for some events. The macros _module_ and _data_ are supported.
 #text_going_down_normal Module '_module_' is going to NORMAL (_data_)
 #text_going_up_critical Module '_module_' is going to CRITICAL (_data_)
diff --git a/pandora_server/conf/pandora_server.conf.new b/pandora_server/conf/pandora_server.conf.new
index 2c5e6d0c1b..98eff5ca78 100644
--- a/pandora_server/conf/pandora_server.conf.new
+++ b/pandora_server/conf/pandora_server.conf.new
@@ -537,6 +537,9 @@ snmp_storm_protection 25
 # Time interval for snmp_storm protection (in seconds).
 snmp_storm_timeout 10
 
+# Silenced time period in seconds, when trap storm is detected
+snmp_storm_silence_period 300
+
 # Default texts for some events. The macros _module_ and _data_ are supported.
 #text_going_down_normal Module '_module_' is going to NORMAL (_data_)
 #text_going_up_critical Module '_module_' is going to CRITICAL (_data_)
diff --git a/pandora_server/conf/pandora_server.conf.windows b/pandora_server/conf/pandora_server.conf.windows
index 3c890f83eb..226efc52fe 100644
--- a/pandora_server/conf/pandora_server.conf.windows
+++ b/pandora_server/conf/pandora_server.conf.windows
@@ -471,6 +471,9 @@ snmp_storm_protection 25
 # Time interval for snmp_storm protection (in seconds).
 snmp_storm_timeout 10
 
+# Silenced time period in seconds, when trap storm is detected
+snmp_storm_silence_period 300
+
 # Default texts for some events. The macros _module_ and _data_ are supported.
 #text_going_down_normal Module '_module_' is going to NORMAL (_data_)
 #text_going_up_critical Module '_module_' is going to CRITICAL (_data_)
diff --git a/pandora_server/lib/PandoraFMS/Config.pm b/pandora_server/lib/PandoraFMS/Config.pm
index 4029ed9bc3..093224acea 100644
--- a/pandora_server/lib/PandoraFMS/Config.pm
+++ b/pandora_server/lib/PandoraFMS/Config.pm
@@ -321,6 +321,7 @@ sub pandora_load_config {
 	$pa_config->{"snmp_pdu_address"} = 0; # 5.0
 	$pa_config->{"snmp_storm_protection"} = 0; # 5.0
 	$pa_config->{"snmp_storm_timeout"} = 600; # 5.0
+	$pa_config->{"snmp_storm_silence_period"} = 0; # 7.0
 	$pa_config->{"snmp_delay"} = 0; # > 6.0SP3
 	$pa_config->{"snmpconsole_threads"} = 1; # 5.1
 	$pa_config->{"translate_variable_bindings"} = 0; # 5.1
@@ -675,6 +676,9 @@ sub pandora_load_config {
 		elsif ($parametro =~ m/^snmp_storm_timeout\s+(\d+)/i) { 
 			$pa_config->{'snmp_storm_timeout'}= clean_blank($1); 
 		}
+		elsif ($parametro =~ m/^snmp_storm_silence_period\s+(\d+)/i) { 
+			$pa_config->{'snmp_storm_silence_period'}= clean_blank($1); 
+		}
 		elsif ($parametro =~ m/^snmp_delay\s+(\d+)/i) { 
 			$pa_config->{'snmp_delay'}= clean_blank($1); 
 		}
diff --git a/pandora_server/lib/PandoraFMS/SNMPServer.pm b/pandora_server/lib/PandoraFMS/SNMPServer.pm
index 5a5a741525..06e5a15c2f 100644
--- a/pandora_server/lib/PandoraFMS/SNMPServer.pm
+++ b/pandora_server/lib/PandoraFMS/SNMPServer.pm
@@ -49,6 +49,8 @@ my $TaskSem :shared;
 
 # Trap statistics by agent
 my %AGENTS = ();
+# Sources silenced by storm protection.
+my %SILENCEDSOURCES = ();
 
 # Index and buffer management for trap log files
 my $SNMPTRAPD =   { 'log_file' => '', 'fd' => undef, 'idx_file' => '', 'last_line' => 0, 'last_size' => 0, 'read_ahead_line' => '', 'read_ahead_pos' => 0 };
@@ -167,17 +169,26 @@ sub data_producer ($) {
 			if (! defined ($AGENTS{$source})) {
 				$AGENTS{$source}{'count'} = 1;
 				$AGENTS{$source}{'event'} = 0;
+				if (! defined ($SILENCEDSOURCES{$source})) {
+					$SILENCEDSOURCES{$source} = 0;
+				}
 			} else {
 				$AGENTS{$source}{'count'} += 1;
 			}
+			# Silence source.
+			if ((defined ($SILENCEDSOURCES{$source})) && ($SILENCEDSOURCES{$source} > $curr_time)) {
+				next;
+			}
 			if ($pa_config->{'snmp_storm_protection'} > 0 && $AGENTS{$source}{'count'} > $pa_config->{'snmp_storm_protection'}) {
 				if ($AGENTS{$source}{'event'} == 0) {
-					pandora_event ($pa_config, "Too many traps coming from $source. Silenced for " . int ($pa_config->{"snmp_storm_timeout"} / 60) . " minutes.", 0, 0, 4, 0, 0, 'system', 0, $dbh);
+					$SILENCEDSOURCES{$source} = $curr_time + $pa_config->{'snmp_storm_silence_period'};
+					my $silenced_time = ($pa_config->{'snmp_storm_silence_period'} eq 0 ? $pa_config->{"snmp_storm_timeout"} : $pa_config->{'snmp_storm_silence_period'});
+					pandora_event ($pa_config, "Too many traps coming from $source. Silenced for " . $silenced_time . " seconds.", 0, 0, 4, 0, 0, 'system', 0, $dbh);
 				}
 				$AGENTS{$source}{'event'} = 1;
 				next;
 			}
-	
+
 			push (@tasks, $line);
 		}
 	}