CorrelationServer rc1
This commit is contained in:
fbsanchez
parent
f0791cbd4f
commit
e075c8339d
|
|
@ -304,6 +304,7 @@ sub pandora_load_config {
|
|||
$pa_config->{'openstreetmaps_description'} = 0;
|
||||
$pa_config->{"eventserver"} = 1; # 4.0
|
||||
$pa_config->{"correlationserver"} = 1; # 757
|
||||
$pa_config->{"correlation_threshold"} = 30; # 757
|
||||
$pa_config->{"event_window"} = 3600; # 4.0
|
||||
$pa_config->{"log_window"} = 3600; # 7.741
|
||||
$pa_config->{"elastic_query_size"} = 10; # 7.754 Elements per request (ELK)
|
||||
|
|
@ -791,6 +792,9 @@ sub pandora_load_config {
|
|||
elsif ($parametro =~ m/^correlationserver\s+([0-9]*)/i) {
|
||||
$pa_config->{'correlationserver'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^correlation_threshold\s+([0-9]*)/i) {
|
||||
$pa_config->{'correlation_threshold'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^icmpserver\s+([0-9]*)/i) {
|
||||
$pa_config->{'icmpserver'}= clean_blank($1);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -278,7 +278,31 @@ our @EXPORT = qw(
|
|||
|
||||
# Some global variables
|
||||
our @DayNames = qw(sunday monday tuesday wednesday thursday friday saturday);
|
||||
our @ServerTypes = qw (dataserver networkserver snmpconsole reconserver pluginserver predictionserver wmiserver exportserver inventoryserver webserver eventserver icmpserver snmpserver satelliteserver transactionalserver mfserver syncserver wuxserver syslogserver provisioningserver migrationserver);
|
||||
our @ServerTypes = qw (
|
||||
dataserver
|
||||
networkserver
|
||||
snmpconsole
|
||||
reconserver
|
||||
pluginserver
|
||||
predictionserver
|
||||
wmiserver
|
||||
exportserver
|
||||
inventoryserver
|
||||
webserver
|
||||
eventserver
|
||||
icmpserver
|
||||
snmpserver
|
||||
satelliteserver
|
||||
transactionalserver
|
||||
mfserver
|
||||
syncserver
|
||||
wuxserver
|
||||
syslogserver
|
||||
provisioningserver
|
||||
migrationserver
|
||||
alertserver
|
||||
correlationserver
|
||||
);
|
||||
our @AlertStatus = ('Execute the alert', 'Do not execute the alert', 'Do not execute the alert, but increment its internal counter', 'Cease the alert', 'Recover the alert', 'Reset internal counter');
|
||||
|
||||
# Event storm protection (no alerts or events)
|
||||
|
|
@ -624,6 +648,19 @@ sub pandora_evaluate_alert ($$$$$$$;$$$$) {
|
|||
}
|
||||
# Correlated alert
|
||||
else {
|
||||
if (defined($data)) {
|
||||
# Data contains the number of occurrences of correlated alert.
|
||||
if ($data < $alert->{'pool_occurrences'}) {
|
||||
# Less occurrences than previous execution, recovered.
|
||||
# 4 Recover the alert
|
||||
return 4;
|
||||
} elsif ($data eq $alert->{'pool_occurrences'}) {
|
||||
# Same occurrences as previous execution, nothing new, but present in pool.
|
||||
# 1 Do not execute the alert.
|
||||
return 1;
|
||||
}
|
||||
|
||||
} else {
|
||||
my $rc = enterprise_hook (
|
||||
'evaluate_correlated_alert',
|
||||
[
|
||||
|
|
@ -638,6 +675,7 @@ sub pandora_evaluate_alert ($$$$$$$;$$$$) {
|
|||
|
||||
return $status unless (defined ($rc) && $rc == 1);
|
||||
}
|
||||
}
|
||||
|
||||
# Check min and max alert limits
|
||||
return 2 if (($alert->{'internal_counter'} < $alert->{'min_alerts'}) ||
|
||||
|
|
|
|||
|
|
@ -917,7 +917,7 @@ sub get_db_value_limit ($$$;@) {
|
|||
|
||||
##########################################################################
|
||||
## Get a single row returned by an SQL query as a hash reference. Returns
|
||||
## -1 on error.
|
||||
## hash or undef on error.
|
||||
##########################################################################
|
||||
sub get_db_single_row ($$;@) {
|
||||
my ($dbh, $query, @values) = @_;
|
||||
|
|
|
|||
|
|
@ -2524,6 +2524,7 @@ sub get_server_name {
|
|||
return "PROVISIONINGSERVER" if ($server_type eq PROVISIONINGSERVER);
|
||||
return "MIGRATIONSERVER" if ($server_type eq MIGRATIONSERVER);
|
||||
return "ALERTSERVER" if ($server_type eq ALERTSERVER);
|
||||
return "CORRELATIONSERVER" if ($server_type eq CORRELATIONSERVER);
|
||||
|
||||
return "UNKNOWN";
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue