Merge branch 'ent-9690-14344-alertas-con-threshold-propio-envian-correos-de-recuperacion-no-esperados' into 'develop'
Recovered alerts skipping when threshold applies See merge request artica/pandorafms!5653
This commit is contained in:
Daniel Rodriguez
commit
ebd5f6c01f
|
|
@ -14,4 +14,6 @@ CREATE TABLE IF NOT EXISTS `tsesion_filter` (
|
|||
PRIMARY KEY (`id_filter`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;
|
||||
|
||||
ALTER TABLE `talert_template_module_actions` ADD COLUMN `recovered` TINYINT NOT NULL DEFAULT 0;
|
||||
|
||||
COMMIT;
|
||||
|
|
|
|||
|
|
@ -572,6 +572,7 @@ CREATE TABLE IF NOT EXISTS `talert_template_module_actions` (
|
|||
`fires_max` INT UNSIGNED DEFAULT 0,
|
||||
`module_action_threshold` INT NOT NULL DEFAULT 0,
|
||||
`last_execution` BIGINT NOT NULL DEFAULT 0,
|
||||
`recovered` TINYINT NOT NULL DEFAULT 0,
|
||||
PRIMARY KEY (`id`),
|
||||
FOREIGN KEY (`id_alert_template_module`) REFERENCES talert_template_modules(`id`)
|
||||
ON DELETE CASCADE ON UPDATE CASCADE,
|
||||
|
|
|
|||
|
|
@ -804,11 +804,6 @@ sub pandora_process_alert ($$$$$$$$;$$) {
|
|||
db_do($dbh, 'UPDATE ' . $table . ' SET times_fired = 0,
|
||||
internal_counter = 0 WHERE id = ?', $id);
|
||||
|
||||
# Reset action thresholds
|
||||
if (defined ($alert->{'id_template_module'})) {
|
||||
db_do($dbh, 'UPDATE talert_template_module_actions SET last_execution = 0 WHERE id_alert_template_module = ?', $id);
|
||||
}
|
||||
|
||||
if ($pa_config->{'alertserver'} == 1 || $pa_config->{'alertserver_queue'} == 1) {
|
||||
pandora_queue_alert($pa_config, $dbh, [$data, $agent, $module,
|
||||
$alert, 0, $timestamp, 0, $extra_macros, $is_correlated_alert]);
|
||||
|
|
@ -919,7 +914,7 @@ sub pandora_execute_alert {
|
|||
@actions = get_db_rows ($dbh,
|
||||
'SELECT taa.name as action_name, taa.*, tac.*, tatma.id AS id_alert_templ_module_actions,
|
||||
tatma.id_alert_template_module, tatma.id_alert_action, tatma.fires_min,
|
||||
tatma.fires_max, tatma.module_action_threshold, tatma.last_execution
|
||||
tatma.fires_max, tatma.module_action_threshold, tatma.last_execution, tatma.recovered
|
||||
FROM talert_template_module_actions tatma, talert_actions taa, talert_commands tac
|
||||
WHERE tatma.id_alert_action = taa.id
|
||||
AND taa.id_alert_command = tac.id
|
||||
|
|
@ -1030,10 +1025,13 @@ sub pandora_execute_alert {
|
|||
|
||||
# Check the action threshold (template_action_threshold takes precedence over action_threshold)
|
||||
my $threshold = 0;
|
||||
$action->{'last_execution'} = 0 unless defined ($action->{'last_execution'});
|
||||
my $recovered = 0;
|
||||
$action->{'last_execution'} = 0 unless defined ($action->{'last_execution'});
|
||||
$action->{'recovered'} = 0 unless defined ($action->{'recovered'});
|
||||
|
||||
$threshold = $action->{'action_threshold'} if (defined ($action->{'action_threshold'}) && $action->{'action_threshold'} > 0);
|
||||
$threshold = $action->{'module_action_threshold'} if (defined ($action->{'module_action_threshold'}) && $action->{'module_action_threshold'} > 0);
|
||||
if (time () >= ($action->{'last_execution'} + $threshold)) {
|
||||
if ((time () >= ($action->{'last_execution'} + $threshold)) || ($alert_mode == RECOVERED_ALERT && $action->{'recovered'} == 0)) {
|
||||
my $monitoring_event_custom_data = '';
|
||||
|
||||
push(@{$custom_data->{'actions'}}, safe_output($action->{'action_name'}));
|
||||
|
|
@ -1043,13 +1041,33 @@ sub pandora_execute_alert {
|
|||
$event_generated = 1;
|
||||
$monitoring_event_custom_data = $custom_data;
|
||||
}
|
||||
|
||||
pandora_execute_action ($pa_config, $data, $agent, $alert, $alert_mode, $action, $module, $dbh, $timestamp, $extra_macros, $monitoring_event_custom_data);
|
||||
|
||||
pandora_execute_action ($pa_config, $data, $agent, $alert, $alert_mode, $action, $module, $dbh, $timestamp, $extra_macros, $monitoring_event_custom_data);
|
||||
} else {
|
||||
if (defined ($module)) {
|
||||
logger ($pa_config, "Skipping action " . safe_output($action->{'name'}) . " for alert '" . safe_output($alert->{'name'}) . "' module '" . safe_output($module->{'nombre'}) . "'.", 10);
|
||||
if($alert_mode == RECOVERED_ALERT) {
|
||||
# Reset action thresholds and set recovered
|
||||
if (defined ($alert->{'id_template_module'})) {
|
||||
db_do($dbh, 'UPDATE talert_template_module_actions SET recovered = 1 WHERE id_alert_template_module = ?', $alert->{'id_template_module'});
|
||||
}
|
||||
} else {
|
||||
logger ($pa_config, "Skipping action " . safe_output($action->{'name'}) . " for alert '" . safe_output($alert->{'name'}) . "'.", 10);
|
||||
# Action executed again, set recovered to 0.
|
||||
db_do($dbh, 'UPDATE talert_template_module_actions SET recovered = 0 WHERE id_alert_template_module = ?', $alert->{'id_template_module'});
|
||||
}
|
||||
} else {
|
||||
if($alert_mode == RECOVERED_ALERT) {
|
||||
if (defined ($alert->{'id_template_module'})) {
|
||||
if (defined ($module)) {
|
||||
logger ($pa_config, "Skipping recover action " . safe_output($action->{'name'}) . " for alert '" . safe_output($alert->{'name'}) . "' module '" . safe_output($module->{'nombre'}) . "'.", 10);
|
||||
} else {
|
||||
logger ($pa_config, "Skipping recover action " . safe_output($action->{'name'}) . " for alert '" . safe_output($alert->{'name'}) . "'.", 10);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (defined ($module)) {
|
||||
logger ($pa_config, "Skipping action " . safe_output($action->{'name'}) . " for alert '" . safe_output($alert->{'name'}) . "' module '" . safe_output($module->{'nombre'}) . "'.", 10);
|
||||
} else {
|
||||
logger ($pa_config, "Skipping action " . safe_output($action->{'name'}) . " for alert '" . safe_output($alert->{'name'}) . "'.", 10);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -6708,6 +6726,7 @@ sub pandora_get_os ($$) {
|
|||
return 4;
|
||||
}
|
||||
|
||||
|
||||
# Search for a custom OS
|
||||
my $os_id = get_db_value ($dbh, 'SELECT id_os FROM tconfig_os WHERE name LIKE ?', '%' . $os . '%');
|
||||
if (defined ($os_id)) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue