WIP CorrelationServer

pandora_console/extras/mr/49.sql

@@ -3,4 +3,7 @@ START TRANSACTION;
 UPDATE `tconfig` set value = 'Lato-Regular.ttf' WHERE token LIKE 'custom_report_front_font';
 UPDATE `tconfig` set value = 'Lato-Regular.ttf' WHERE token LIKE 'fontpath';
 
+ALTER TABLE `tevent_alert` ADD COLUMN `last_evaluation` bigint(20) NOT NULL default 0;
+ALTER TABLE `tevent_alert` ADD COLUMN `pool_occurrences` int unsigned not null default 0;
+
 COMMIT;

pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql

@@ -710,6 +710,8 @@ CREATE TABLE IF NOT EXISTS `tevent_alert` (
 ALTER TABLE `tevent_alert` ADD COLUMN `special_days` tinyint(1) default 0;
 ALTER TABLE `tevent_alert` MODIFY COLUMN `time_threshold` int(10) NOT NULL default 86400;
 ALTER TABLE `tevent_alert` ADD COLUMN `disable_event` tinyint(1) DEFAULT 0;
+ALTER TABLE `tevent_alert` ADD COLUMN `last_evaluation` bigint(20) NOT NULL default 0;
+ALTER TABLE `tevent_alert` ADD COLUMN `pool_occurrences` int unsigned not null default 0;
 
 -- -----------------------------------------------------
 -- Table `tevent_alert_action`

pandora_console/pandoradb.sql

@@ -3012,6 +3012,8 @@ CREATE TABLE IF NOT EXISTS `tevent_alert` (
 	`group_by` enum ('','id_agente','id_agentmodule','id_alert_am','id_grupo') default '',
 	`special_days` tinyint(1) default 0,
 	`disable_event` tinyint(1) default 0,
+	`last_evaluation` bigint(20) NOT NULL default 0,
+	`pool_occurrences` int unsigned not null default 0,
 	PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 

pandora_console/pandoradb_data.sql

@@ -109,10 +109,10 @@ INSERT INTO `tconfig` (`token`, `value`) VALUES
 ('custom_report_front_logo', 'images/pandora_logo_white.jpg'),
 ('custom_report_front_header', ''),
 ('custom_report_front_footer', ''),
-('MR', 48),
+('MR', 49),
 ('identification_reminder', 1),
 ('identification_reminder_timestamp', 0),
-('current_package', 756),
+('current_package', 757),
 ('post_process_custom_values', '{"0.00000038580247":"Seconds to months","0.00000165343915":"Seconds to weeks","0.00001157407407":"Seconds to days","0.01666666666667":"Seconds to minutes","0.00000000093132":"Bytes to Gigabytes","0.00000095367432":"Bytes to Megabytes","0.00097656250000":"Bytes to Kilobytes","0.00000001653439":"Timeticks to weeks","0.00000011574074":"Timeticks to days"}'),
 ('custom_docs_logo', 'default_docs.png'),
 ('custom_support_logo', 'default_support.png'),

pandora_server/conf/pandora_server.conf.new

@@ -478,6 +478,18 @@ export_threads 1
 
 eventserver 0
 
+# Enable (1) or disable (0) Pandora FMS Correlation Server (PANDORA FMS ENTERPRISE ONLY).
+
+correlationserver 0
+
+# Number of threads for Correlation Server (PANDORA FMS ENTERPRISE ONLY).
+
+correlation_threads 1
+
+# Time in seconds to re-evaluate correlation alerts pool (PANDORA FMS ENTERPRISE ONLY).
+
+correlation_threshold 30
+
 # Correlated alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY).
 
 event_window 3600

pandora_server/lib/PandoraFMS/Config.pm

@@ -303,6 +303,7 @@ sub pandora_load_config {
 	$pa_config->{"google_maps_description"} = 0;
 	$pa_config->{'openstreetmaps_description'} = 0;
 	$pa_config->{"eventserver"} = 1; # 4.0
+	$pa_config->{"correlationserver"} = 1; # 757
 	$pa_config->{"event_window"} = 3600; # 4.0
 	$pa_config->{"log_window"} = 3600; # 7.741
 	$pa_config->{"elastic_query_size"} = 10; # 7.754 Elements per request (ELK)
@@ -787,6 +788,9 @@ sub pandora_load_config {
 		elsif ($parametro =~ m/^eventserver\s+([0-9]*)/i) {
 			$pa_config->{'eventserver'}= clean_blank($1);
 		}
+		elsif ($parametro =~ m/^correlationserver\s+([0-9]*)/i) {
+			$pa_config->{'correlationserver'}= clean_blank($1);
+		}
 		elsif ($parametro =~ m/^icmpserver\s+([0-9]*)/i) {
 			$pa_config->{'icmpserver'}= clean_blank($1);
 		}

pandora_server/lib/PandoraFMS/Tools.pm

@@ -67,6 +67,7 @@ our @EXPORT = qw(
 	INVENTORYSERVER
 	WEBSERVER
 	EVENTSERVER
+	CORRELATIONSERVER
 	ICMPSERVER
 	SNMPSERVER
 	SATELLITESERVER
@@ -191,6 +192,7 @@ use constant SYSLOGSERVER => 18;
 use constant PROVISIONINGSERVER => 19;
 use constant MIGRATIONSERVER => 20;
 use constant ALERTSERVER => 21;
+use constant CORRELATIONSERVER => 22;
 
 # Module status
 use constant MODULE_NORMAL => 0;