Add support for the new Event and Log Servers.
This commit is contained in:
Ramon Novoa
parent
d096fa263d
commit
c90cca5cb9
|
|
@ -471,26 +471,30 @@ export_threads 1
|
|||
|
||||
eventserver 0
|
||||
|
||||
# Enable (1) or disable (0) Pandora FMS Correlation Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Number of threads for the Event Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
correlationserver 0
|
||||
eventserver_threads 1
|
||||
|
||||
# Time in seconds to re-evaluate correlation alerts pool (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
correlation_threshold 30
|
||||
|
||||
# Correlated alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Event alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
event_window 3600
|
||||
|
||||
# Correlated Alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Enable (1) or disable (0) Pandora FMS Log Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
logserver 0
|
||||
|
||||
# Number of threads for the Log Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
logserver_threads 1
|
||||
|
||||
# Event alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
log_window 3600
|
||||
|
||||
# Pre-load windows on start with available information. (PANDORA FMS ENTERPRISE ONLY).
|
||||
#preload_windows 0
|
||||
|
||||
# Correlated Alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Event alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
|
||||
#event_server_cache_ttl 10
|
||||
|
||||
# Log retrieving, items per request. (High values could make elasticsearch crash)
|
||||
|
|
|
|||
|
|
@ -470,26 +470,30 @@ export_threads 1
|
|||
|
||||
eventserver 0
|
||||
|
||||
# Enable (1) or disable (0) Pandora FMS Correlation Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Number of threads for the Event Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
correlationserver 0
|
||||
eventserver_threads 1
|
||||
|
||||
# Time in seconds to re-evaluate correlation alerts pool (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
correlation_threshold 30
|
||||
|
||||
# Correlated alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Event alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
event_window 3600
|
||||
|
||||
# Correlated Alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Enable (1) or disable (0) Pandora FMS Log Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
logserver 0
|
||||
|
||||
# Number of threads for the Log Server (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
logserver_threads 1
|
||||
|
||||
# Log alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
|
||||
|
||||
log_window 3600
|
||||
|
||||
# Pre-load windows on start with available information. (PANDORA FMS ENTERPRISE ONLY).
|
||||
#preload_windows 0
|
||||
|
||||
# Correlated Alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
|
||||
# Event alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY).
|
||||
#event_server_cache_ttl 10
|
||||
|
||||
# Log retrieving, items per request. (High values could make elasticsearch crash)
|
||||
|
|
|
|||
|
|
@ -296,8 +296,9 @@ sub pandora_load_config {
|
|||
$pa_config->{"google_maps_description"} = 0;
|
||||
$pa_config->{'openstreetmaps_description'} = 0;
|
||||
$pa_config->{"eventserver"} = 1; # 4.0
|
||||
$pa_config->{"correlationserver"} = 0; # 757
|
||||
$pa_config->{"correlation_threshold"} = 30; # 757
|
||||
$pa_config->{"eventserver_threads"} = 1; # 4.0
|
||||
$pa_config->{"logserver"} = 1; # 7.774
|
||||
$pa_config->{"logserver_threads"} = 1; # 7.774
|
||||
$pa_config->{"event_window"} = 3600; # 4.0
|
||||
$pa_config->{"log_window"} = 3600; # 7.741
|
||||
$pa_config->{"elastic_query_size"} = 10; # 7.754 Elements per request (ELK)
|
||||
|
|
@ -800,14 +801,17 @@ sub pandora_load_config {
|
|||
$pa_config->{"transactional_pool"} = $pa_config->{"incomingdir"} . "/" . $tbuf;
|
||||
}
|
||||
}
|
||||
elsif ($parametro =~ m/^eventserver\s+([0-9]*)/i) {
|
||||
elsif ($parametro =~ m/^eventserver\s+([0-1])/i) {
|
||||
$pa_config->{'eventserver'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^correlationserver\s+([0-9]*)/i) {
|
||||
$pa_config->{'correlationserver'}= clean_blank($1);
|
||||
elsif ($parametro =~ m/^eventserver_threads\s+([0-9]*)/i) {
|
||||
$pa_config->{'eventserver_threads'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^correlation_threshold\s+([0-9]*)/i) {
|
||||
$pa_config->{'correlation_threshold'}= clean_blank($1);
|
||||
elsif ($parametro =~ m/^logserver\s+([0-1])/i) {
|
||||
$pa_config->{'logserver'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^logserver_threads\s+([0-9]*)/i) {
|
||||
$pa_config->{'logserver_threads'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^icmpserver\s+([0-9]*)/i) {
|
||||
$pa_config->{'icmpserver'}= clean_blank($1);
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@ our @ServerTypes = qw (
|
|||
icmpserver
|
||||
snmpserver
|
||||
satelliteserver
|
||||
transactionalserver
|
||||
mfserver
|
||||
syncserver
|
||||
wuxserver
|
||||
|
|
@ -317,6 +318,7 @@ our @ServerTypes = qw (
|
|||
correlationserver
|
||||
ncmserver
|
||||
netflowserver
|
||||
logserver
|
||||
);
|
||||
our @AlertStatus = ('Execute the alert', 'Do not execute the alert', 'Do not execute the alert, but increment its internal counter', 'Cease the alert', 'Recover the alert', 'Reset internal counter');
|
||||
|
||||
|
|
@ -568,7 +570,7 @@ sub pandora_evaluate_alert ($$$$$$$;$$$$) {
|
|||
my $schedule;
|
||||
if (defined($alert->{'schedule'}) && $alert->{'schedule'} ne '') {
|
||||
$schedule = PandoraFMS::Tools::p_decode_json($pa_config, $alert->{'schedule'});
|
||||
if ($special_day != 0) {
|
||||
if (defined($special_day) && $special_day != 0) {
|
||||
return $status if (!defined($schedule->{$weeks[$special_day]}));
|
||||
}
|
||||
}
|
||||
|
|
@ -790,9 +792,9 @@ Process an alert given the status returned by pandora_evaluate_alert.
|
|||
|
||||
=cut
|
||||
##########################################################################
|
||||
sub pandora_process_alert ($$$$$$$$;$$) {
|
||||
sub pandora_process_alert ($$$$$$$$;$) {
|
||||
my ($pa_config, $data, $agent, $module, $alert, $rc, $dbh, $timestamp,
|
||||
$extra_macros, $is_correlated_alert) = @_;
|
||||
$extra_macros) = @_;
|
||||
|
||||
if (defined ($agent)) {
|
||||
logger ($pa_config, "Processing alert '" . safe_output($alert->{'name'}) . "' for agent '" . safe_output($agent->{'nombre'}) . "': " . (defined ($AlertStatus[$rc]) ? $AlertStatus[$rc] : 'Unknown status') . ".", 10);
|
||||
|
|
@ -800,15 +802,21 @@ sub pandora_process_alert ($$$$$$$$;$$) {
|
|||
else {
|
||||
logger ($pa_config, "Processing alert '" . safe_output($alert->{'name'}) . "': " . (defined ($AlertStatus[$rc]) ? $AlertStatus[$rc] : 'Unknown status') . ".", 10);
|
||||
}
|
||||
|
||||
|
||||
# Simple or event alert?
|
||||
my ($id, $table) = (undef, undef);
|
||||
if (defined ($alert->{'id_template_module'})) {
|
||||
$id = $alert->{'id_template_module'};
|
||||
$table = 'talert_template_modules';
|
||||
} else {
|
||||
} elsif (defined ($alert->{'_log_alert'})) {
|
||||
$id = $alert->{'id'};
|
||||
$table = 'tlog_alert';
|
||||
} elsif (defined ($alert->{'_event_alert'})) {
|
||||
$id = $alert->{'id'};
|
||||
$table = 'tevent_alert';
|
||||
} else {
|
||||
logger($pa_config, "pandora_process_alert received invalid data", 10);
|
||||
return;
|
||||
}
|
||||
|
||||
# Do not execute
|
||||
|
|
@ -860,10 +868,10 @@ sub pandora_process_alert ($$$$$$$$;$$) {
|
|||
|
||||
if ($pa_config->{'alertserver'} == 1 || $pa_config->{'alertserver_queue'} == 1) {
|
||||
pandora_queue_alert($pa_config, $dbh, [$data, $agent, $module,
|
||||
$alert, 0, $timestamp, 0, $extra_macros, $is_correlated_alert]);
|
||||
$alert, 0, $timestamp, 0, $extra_macros]);
|
||||
} else {
|
||||
pandora_execute_alert ($pa_config, $data, $agent, $module, $alert, 0, $dbh,
|
||||
$timestamp, 0, $extra_macros, $is_correlated_alert);
|
||||
$timestamp, 0, $extra_macros);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
|
@ -906,10 +914,10 @@ sub pandora_process_alert ($$$$$$$$;$$) {
|
|||
|
||||
if ($pa_config->{'alertserver'} == 1 || $pa_config->{'alertserver_queue'} == 1) {
|
||||
pandora_queue_alert($pa_config, $dbh, [$data, $agent, $module,
|
||||
$alert, 1, $timestamp, 0, $extra_macros, $is_correlated_alert]);
|
||||
$alert, 1, $timestamp, 0, $extra_macros]);
|
||||
} else {
|
||||
pandora_execute_alert ($pa_config, $data, $agent, $module, $alert, 1,
|
||||
$dbh, $timestamp, 0, $extra_macros, $is_correlated_alert);
|
||||
$dbh, $timestamp, 0, $extra_macros);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
|
@ -925,7 +933,7 @@ Execute the given alert.
|
|||
sub pandora_execute_alert {
|
||||
my ($pa_config, $data, $agent, $module,
|
||||
$alert, $alert_mode, $dbh, $timestamp, $forced_alert,
|
||||
$extra_macros, $is_correlated_alert) = @_;
|
||||
$extra_macros) = @_;
|
||||
|
||||
# 'in-process' events can inhibit alers too.
|
||||
if ($pa_config->{'event_inhibit_alerts'} == 1 && $alert_mode != RECOVERED_ALERT) {
|
||||
|
|
@ -1015,7 +1023,7 @@ sub pandora_execute_alert {
|
|||
}
|
||||
}
|
||||
# Event alert
|
||||
else {
|
||||
elsif (defined($alert->{'_event_alert'})) {
|
||||
if ($alert_mode == RECOVERED_ALERT) {
|
||||
@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tevent_alert_action.*, talert_actions.*, talert_commands.*
|
||||
FROM tevent_alert_action, talert_actions, talert_commands
|
||||
|
|
@ -1046,6 +1054,38 @@ sub pandora_execute_alert {
|
|||
$alert->{'id_alert_action'});
|
||||
}
|
||||
}
|
||||
# Log alert.
|
||||
elsif (defined($alert->{'_log_alert'})) {
|
||||
if ($alert_mode == RECOVERED_ALERT) {
|
||||
@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tlog_alert_action.*, talert_actions.*, talert_commands.*
|
||||
FROM tlog_alert_action, talert_actions, talert_commands
|
||||
WHERE tlog_alert_action.id_alert_action = talert_actions.id
|
||||
AND talert_actions.id_alert_command = talert_commands.id
|
||||
AND tlog_alert_action.id_log_alert = ?
|
||||
AND ((fires_min = 0 AND fires_max = 0)
|
||||
OR ? >= fires_min)',
|
||||
$alert->{'id'}, $alert->{'times_fired'});
|
||||
} else {
|
||||
@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, tlog_alert_action.*, talert_actions.*, talert_commands.*
|
||||
FROM tlog_alert_action, talert_actions, talert_commands
|
||||
WHERE tlog_alert_action.id_alert_action = talert_actions.id
|
||||
AND talert_actions.id_alert_command = talert_commands.id
|
||||
AND tlog_alert_action.id_log_alert = ?
|
||||
AND ((fires_min = 0 AND fires_max = 0)
|
||||
OR (fires_min <= fires_max AND ? >= fires_min AND ? <= fires_max)
|
||||
OR (fires_min > fires_max AND ? >= fires_min))',
|
||||
$alert->{'id'}, $alert->{'times_fired'}, $alert->{'times_fired'}, $alert->{'times_fired'});
|
||||
}
|
||||
|
||||
# Get default action
|
||||
if ($#actions < 0) {
|
||||
@actions = get_db_rows ($dbh, 'SELECT talert_actions.name as action_name, talert_actions.*, talert_commands.*
|
||||
FROM talert_actions, talert_commands
|
||||
WHERE talert_actions.id = ?
|
||||
AND talert_actions.id_alert_command = talert_commands.id',
|
||||
$alert->{'id_alert_action'});
|
||||
}
|
||||
}
|
||||
|
||||
# No actions defined
|
||||
if ($#actions < 0) {
|
||||
|
|
@ -1134,8 +1174,33 @@ sub pandora_execute_alert {
|
|||
#If we've spotted an alert recovered, we set the new event's severity to 2 (NORMAL), otherwise the original value is maintained.
|
||||
my ($text, $event, $severity) = ($alert_mode == RECOVERED_ALERT) ? ('recovered', 'alert_recovered', 2) : ('fired', 'alert_fired', $alert->{'priority'});
|
||||
|
||||
if (defined($is_correlated_alert) && $is_correlated_alert == 1) {
|
||||
$text = "Correlated alert $text";
|
||||
if (defined($alert->{'_event_alert'})) {
|
||||
$text = "Event alert $text";
|
||||
pandora_event (
|
||||
$pa_config,
|
||||
"$text (" . safe_output($alert->{'name'}) . ") ",
|
||||
(defined ($agent) ? $agent->{'id_grupo'} : 0),
|
||||
# id agent.
|
||||
0,
|
||||
$severity,
|
||||
(defined ($alert->{'id_template_module'}) ? $alert->{'id_template_module'} : 0),
|
||||
# id agent module.
|
||||
0,
|
||||
$event,
|
||||
0,
|
||||
$dbh,
|
||||
'monitoring_server',
|
||||
'',
|
||||
'',
|
||||
'',
|
||||
'',
|
||||
$critical_instructions,
|
||||
$warning_instructions,
|
||||
$unknown_instructions,
|
||||
p_encode_json($pa_config, $custom_data)
|
||||
);
|
||||
} elsif (defined($alert->{'_log_alert'})) {
|
||||
$text = "Log alert $text";
|
||||
pandora_event (
|
||||
$pa_config,
|
||||
"$text (" . safe_output($alert->{'name'}) . ") ",
|
||||
|
|
|
|||
|
|
@ -67,7 +67,6 @@ our @EXPORT = qw(
|
|||
INVENTORYSERVER
|
||||
WEBSERVER
|
||||
EVENTSERVER
|
||||
CORRELATIONSERVER
|
||||
ICMPSERVER
|
||||
SNMPSERVER
|
||||
SATELLITESERVER
|
||||
|
|
@ -79,6 +78,7 @@ our @EXPORT = qw(
|
|||
MIGRATIONSERVER
|
||||
NCMSERVER
|
||||
NETFLOWSERVER
|
||||
LOGSERVER
|
||||
METACONSOLE_LICENSE
|
||||
OFFLINE_LICENSE
|
||||
DISCOVERY_HOSTDEVICES
|
||||
|
|
@ -201,9 +201,10 @@ use constant SYSLOGSERVER => 18;
|
|||
use constant PROVISIONINGSERVER => 19;
|
||||
use constant MIGRATIONSERVER => 20;
|
||||
use constant ALERTSERVER => 21;
|
||||
use constant CORRELATIONSERVER => 22;
|
||||
use constant CORRELATIONSERVER => 22; # Deprecated.
|
||||
use constant NCMSERVER => 23;
|
||||
use constant NETFLOWSERVER => 24;
|
||||
use constant LOGSERVER => 25;
|
||||
|
||||
# Module status
|
||||
use constant MODULE_NORMAL => 0;
|
||||
|
|
@ -2855,6 +2856,7 @@ sub get_server_name {
|
|||
return "CORRELATIONSERVER" if ($server_type eq CORRELATIONSERVER);
|
||||
return "NCMSERVER" if ($server_type eq NCMSERVER);
|
||||
return "NETFLOWSERVER" if ($server_type eq NETFLOWSERVER);
|
||||
return "LOGSERVER" if ($server_type eq LOGSERVER);
|
||||
|
||||
return "UNKNOWN";
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue