diff --git a/pandora_server/lib/PandoraFMS/Config.pm b/pandora_server/lib/PandoraFMS/Config.pm index 718b3e6b60..f9b86637b0 100644 --- a/pandora_server/lib/PandoraFMS/Config.pm +++ b/pandora_server/lib/PandoraFMS/Config.pm @@ -304,6 +304,7 @@ sub pandora_load_config { $pa_config->{'openstreetmaps_description'} = 0; $pa_config->{"eventserver"} = 1; # 4.0 $pa_config->{"correlationserver"} = 1; # 757 + $pa_config->{"correlation_threshold"} = 30; # 757 $pa_config->{"event_window"} = 3600; # 4.0 $pa_config->{"log_window"} = 3600; # 7.741 $pa_config->{"elastic_query_size"} = 10; # 7.754 Elements per request (ELK) @@ -791,6 +792,9 @@ sub pandora_load_config { elsif ($parametro =~ m/^correlationserver\s+([0-9]*)/i) { $pa_config->{'correlationserver'}= clean_blank($1); } + elsif ($parametro =~ m/^correlation_threshold\s+([0-9]*)/i) { + $pa_config->{'correlation_threshold'}= clean_blank($1); + } elsif ($parametro =~ m/^icmpserver\s+([0-9]*)/i) { $pa_config->{'icmpserver'}= clean_blank($1); } diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm index 6f4e16e9fe..7bfcd5ce35 100644 --- a/pandora_server/lib/PandoraFMS/Core.pm +++ b/pandora_server/lib/PandoraFMS/Core.pm @@ -278,7 +278,31 @@ our @EXPORT = qw( # Some global variables our @DayNames = qw(sunday monday tuesday wednesday thursday friday saturday); -our @ServerTypes = qw (dataserver networkserver snmpconsole reconserver pluginserver predictionserver wmiserver exportserver inventoryserver webserver eventserver icmpserver snmpserver satelliteserver transactionalserver mfserver syncserver wuxserver syslogserver provisioningserver migrationserver); +our @ServerTypes = qw ( + dataserver + networkserver + snmpconsole + reconserver + pluginserver + predictionserver + wmiserver + exportserver + inventoryserver + webserver + eventserver + icmpserver + snmpserver + satelliteserver + transactionalserver + mfserver + syncserver + wuxserver + syslogserver + provisioningserver + migrationserver + alertserver + correlationserver +); our @AlertStatus = ('Execute the alert', 'Do not execute the alert', 'Do not execute the alert, but increment its internal counter', 'Cease the alert', 'Recover the alert', 'Reset internal counter'); # Event storm protection (no alerts or events) @@ -624,19 +648,33 @@ sub pandora_evaluate_alert ($$$$$$$;$$$$) { } # Correlated alert else { - my $rc = enterprise_hook ( - 'evaluate_correlated_alert', - [ - $pa_config, - $dbh, - $alert, - $correlatedItems, - $event, - $log - ] - ); + if (defined($data)) { + # Data contains the number of occurrences of correlated alert. + if ($data < $alert->{'pool_occurrences'}) { + # Less occurrences than previous execution, recovered. + # 4 Recover the alert + return 4; + } elsif ($data eq $alert->{'pool_occurrences'}) { + # Same occurrences as previous execution, nothing new, but present in pool. + # 1 Do not execute the alert. + return 1; + } - return $status unless (defined ($rc) && $rc == 1); + } else { + my $rc = enterprise_hook ( + 'evaluate_correlated_alert', + [ + $pa_config, + $dbh, + $alert, + $correlatedItems, + $event, + $log + ] + ); + + return $status unless (defined ($rc) && $rc == 1); + } } # Check min and max alert limits diff --git a/pandora_server/lib/PandoraFMS/DB.pm b/pandora_server/lib/PandoraFMS/DB.pm index 1f53cb228b..26d8338f17 100644 --- a/pandora_server/lib/PandoraFMS/DB.pm +++ b/pandora_server/lib/PandoraFMS/DB.pm @@ -917,7 +917,7 @@ sub get_db_value_limit ($$$;@) { ########################################################################## ## Get a single row returned by an SQL query as a hash reference. Returns -## -1 on error. +## hash or undef on error. ########################################################################## sub get_db_single_row ($$;@) { my ($dbh, $query, @values) = @_; diff --git a/pandora_server/lib/PandoraFMS/Tools.pm b/pandora_server/lib/PandoraFMS/Tools.pm index 7fcca66b85..1e489fb084 100755 --- a/pandora_server/lib/PandoraFMS/Tools.pm +++ b/pandora_server/lib/PandoraFMS/Tools.pm @@ -2524,6 +2524,7 @@ sub get_server_name { return "PROVISIONINGSERVER" if ($server_type eq PROVISIONINGSERVER); return "MIGRATIONSERVER" if ($server_type eq MIGRATIONSERVER); return "ALERTSERVER" if ($server_type eq ALERTSERVER); + return "CORRELATIONSERVER" if ($server_type eq CORRELATIONSERVER); return "UNKNOWN"; }