* Both are similars:
* db_get_all_rows_filter ('table', array ('disabled', 0));
* db_get_all_rows_filter ('table', 'disabled = 0');
*
* Both are similars:
* db_get_all_rows_filter ('table', array ('disabled' => 0, 'history_data' => 0), 'name', 'OR');
* db_get_all_rows_filter ('table', 'disabled = 0 OR history_data = 0', 'name');
*
* @param mixed Fields of the table to retrieve. Can be an array or a coma
* separated string. All fields are retrieved by default
*
*
* @return mixed False in case of error or invalid values passed. Affected rows otherwise
*/
function events_get_events ($filter = false, $fields = false) {
if ($filter['criticity'] == EVENT_CRIT_WARNING_OR_CRITICAL) {
$filter['criticity'] = array(EVENT_CRIT_WARNING, EVENT_CRIT_CRITICAL);
}
return db_get_all_rows_filter ('tevento', $filter, $fields);
}
/**
* Get the event with the id pass as parameter.
*
* @param int $id Event id
* @param mixed $fields The fields to show or by default all with false.
*
* @return mixed False in case of error or invalid values passed. Event row otherwise
*/
function events_get_event ($id, $fields = false) {
if (empty ($id))
return false;
global $config;
if (is_array ($fields)) {
if (! in_array ('id_grupo', $fields))
$fields[] = 'id_grupo';
}
$event = db_get_row ('tevento', 'id_evento', $id, $fields);
if (! check_acl ($config['id_user'], $event['id_grupo'], 'ER'))
return false;
return $event;
}
function events_get_events_no_grouped($sql_post, $offset = 0,
$pagination = 1, $meta = false, $history = false, $total = false,
$history_db = false, $order = "ASC") {
global $config;
$table = events_get_events_table($meta, $history);
$sql = "SELECT * FROM $table te WHERE 1=1 " . $sql_post;
$events = db_get_all_rows_sql ($sql, $history_db);
return $events;
}
function events_get_events_grouped($sql_post, $offset = 0,
$pagination = 1, $meta = false, $history = false, $total = false,
$history_db = false, $order = "ASC") {
global $config;
$table = events_get_events_table($meta, $history);
if ($meta) {
$groupby_extra = ', server_id';
}
else {
$groupby_extra = '';
}
switch ($config["dbtype"]) {
case "mysql":
db_process_sql ('SET group_concat_max_len = 9999999');
if ($total) {
$sql = "SELECT COUNT(*) FROM (SELECT *
FROM $table te
WHERE 1=1 " . $sql_post . "
GROUP BY estado, evento, id_agentmodule" . $groupby_extra . ") AS t";
}
else {
$sql = "SELECT *, MAX(id_evento) AS id_evento,
GROUP_CONCAT(DISTINCT user_comment SEPARATOR ' ') AS user_comment,
GROUP_CONCAT(DISTINCT id_evento SEPARATOR ',') AS similar_ids,
COUNT(*) AS event_rep, MAX(utimestamp) AS timestamp_rep,
MIN(utimestamp) AS timestamp_rep_min,
(SELECT owner_user FROM $table WHERE id_evento = MAX(te.id_evento)) owner_user,
(SELECT id_usuario FROM $table WHERE id_evento = MAX(te.id_evento)) id_usuario,
(SELECT id_agente FROM $table WHERE id_evento = MAX(te.id_evento)) id_agente,
(SELECT criticity FROM $table WHERE id_evento = MAX(te.id_evento)) AS criticity,
(SELECT ack_utimestamp FROM $table WHERE id_evento = MAX(te.id_evento)) AS ack_utimestamp
FROM $table te
WHERE 1=1 " . $sql_post . "
GROUP BY estado, evento, id_agentmodule" . $groupby_extra . "
ORDER BY timestamp_rep " . $order . " LIMIT " . $offset . "," . $pagination;
}
break;
case "postgresql":
if ($total) {
$sql = "SELECT COUNT(*)
FROM $table te
WHERE 1=1 " . $sql_post . "
GROUP BY estado, evento, id_agentmodule, id_evento, id_agente, id_usuario, id_grupo, estado, timestamp, utimestamp, event_type, id_alert_am, criticity, user_comment, tags, source, id_extra" . $groupby_extra;
}
else {
$sql = "SELECT *, MAX(id_evento) AS id_evento, array_to_string(array_agg(DISTINCT user_comment), ' ') AS user_comment,
array_to_string(array_agg(DISTINCT id_evento), ',') AS similar_ids,
COUNT(*) AS event_rep, MAX(utimestamp) AS timestamp_rep,
MIN(utimestamp) AS timestamp_rep_min,
(SELECT owner_user FROM $table WHERE id_evento = MAX(te.id_evento)) owner_user,
(SELECT id_usuario FROM $table WHERE id_evento = MAX(te.id_evento)) id_usuario,
(SELECT id_agente FROM $table WHERE id_evento = MAX(te.id_evento)) id_agente,
(SELECT criticity FROM $table WHERE id_evento = MAX(te.id_evento)) AS criticity,
(SELECT ack_utimestamp FROM $table WHERE id_evento = MAX(te.id_evento)) AS ack_utimestamp
FROM $table te
WHERE 1=1 " . $sql_post . "
GROUP BY estado, evento, id_agentmodule, id_evento,
id_agente, id_usuario, id_grupo, estado,
timestamp, utimestamp, event_type, id_alert_am,
criticity, user_comment, tags, source, id_extra,
te.critical_instructions,
te.warning_instructions,
te.unknown_instructions,
te.owner_user,
te.ack_utimestamp,
te.custom_data " . $groupby_extra . "
ORDER BY timestamp_rep ASC LIMIT " . $pagination . " OFFSET " . $offset;
}
break;
case "oracle":
if ($total) {
$sql = "SELECT COUNT(*)
FROM $table te
WHERE 1=1 $sql_post
GROUP BY estado, to_char(evento), id_agentmodule" . $groupby_extra . ") b ";
}
else {
$set = array();
$set['limit'] = $pagination;
$set['offset'] = $offset;
$sql = "SELECT ta.*, tb.event_rep, tb.timestamp_rep, tb.timestamp_rep_min, tb.user_comments, tb.similar_ids
FROM $table ta
INNER JOIN (SELECT MAX(id_evento) AS id_evento, COUNT(id_evento) AS event_rep,
MAX(utimestamp) AS timestamp_rep, MIN(utimestamp) AS timestamp_rep_min,
TAB_TO_STRING(CAST(COLLECT(TO_CHAR(user_comment) ORDER BY id_evento ASC) AS t_varchar2_tab), ' ') AS user_comments,
TAB_TO_STRING(CAST(COLLECT(CAST(id_evento AS VARCHAR2(4000)) ORDER BY id_evento ASC) AS t_varchar2_tab)) AS similar_ids
FROM $table te
WHERE 1=1 $sql_post
GROUP BY estado, to_char(evento), id_agentmodule$groupby_extra) tb
ON ta.id_evento = tb.id_evento
ORDER BY tb.timestamp_rep ASC";
$sql = oracle_recode_query ($sql, $set);
}
break;
}
//Extract the events by filter (or not) from db
$events = db_get_all_rows_sql ($sql, $history_db);
if ($total) {
return reset($events[0]);
}
else {
// Override the column 'user_comment' with the column 'user_comments' when oracle
if (!empty($events) && $config["dbtype"] == "oracle") {
array_walk($events, function(&$value, $key) {
set_if_defined($value['user_comment'], $value['user_comments']);
});
}
return $events;
}
}
function events_get_total_events_grouped($sql_post, $meta = false, $history = false) {
return events_get_events_grouped($sql_post, 0, 0, $meta, $history, true);
}
/**
* Get all the events ids similar to a given event id.
*
* An event is similar then the event text (evento) and the id_agentmodule are
* the same.
*
* @param int Event id to get similar events.
* @param bool Metaconsole mode flag
* @param bool History mode flag
*
* @return array A list of events ids.
*/
function events_get_similar_ids ($id, $meta = false, $history = false) {
$events_table = events_get_events_table($meta, $history);
$ids = array ();
if($meta) {
$event = events_meta_get_event($id, array ('evento', 'id_agentmodule'), $history);
}
else {
$event = events_get_event ($id, array ('evento', 'id_agentmodule'));
}
if ($event === false)
return $ids;
$events = db_get_all_rows_filter ($events_table,
array ('evento' => $event['evento'],
'id_agentmodule' => $event['id_agentmodule']),
array ('id_evento'));
if ($events === false)
return $ids;
foreach ($events as $event)
$ids[] = $event['id_evento'];
return $ids;
}
/**
* Delete events in a transresponse
*
* @param mixed Event ID or array of events
* @param bool Whether to delete similar events too.
* @param bool Metaconsole mode flag
* @param bool History mode flag
*
* @return bool Whether or not it was successful
*/
function events_delete_event ($id_event, $similar = true, $meta = false, $history = false) {
global $config;
$table_event = events_get_events_table($meta, $history);
//Cleans up the selection for all unwanted values also casts any single values as an array
$id_event = (array) safe_int ($id_event, 1);
/* We must delete all events like the selected */
if ($similar) {
foreach ($id_event as $id) {
$id_event = array_merge ($id_event, events_get_similar_ids ($id, $meta, $history));
}
$id_event = array_unique($id_event);
}
$errors = 0;
foreach ($id_event as $event) {
if ($meta) {
$event_group = events_meta_get_group ($event, $history);
}
else {
$event_group = events_get_group ($event);
}
if (check_acl ($config["id_user"], $event_group, "EM") == 0) {
//Check ACL
db_pandora_audit("ACL Violation", "Attempted deleting event #".$event);
$errors++;
}
else {
$ret = db_process_sql_delete($table_event, array('id_evento' => $event));
if(!$ret) {
$errors++;
}
else {
db_pandora_audit("Event deleted", "Deleted event #".$event);
//ACL didn't fail nor did return
continue;
}
}
break;
}
if ($errors > 0) {
return false;
}
else {
return true;
}
}
/**
* Change the status of one or various events
*
* @param mixed Event ID or array of events
* @param int new status of the event
* @param bool metaconsole mode flag
* @param bool history mode flag
*
* @return bool Whether or not it was successful
*/
function events_change_status ($id_event, $new_status, $meta = false, $history = false) {
global $config;
$event_table = events_get_events_table($meta, $history);
//Cleans up the selection for all unwanted values also casts any single values as an array
$id_event = (array) safe_int ($id_event, 1);
// Update ack info if the new status is validated
if ($new_status == EVENT_STATUS_VALIDATED) {
$ack_utimestamp = time();
$ack_user = $config['id_user'];
}
else {
$acl_utimestamp = 0;
$ack_user = '';
}
switch ($new_status) {
case EVENT_STATUS_NEW:
$status_string = 'New';
break;
case EVENT_STATUS_VALIDATED:
$status_string = 'Validated';
break;
case EVENT_STATUS_INPROCESS:
$status_string = 'In process';
break;
default:
$status_string = '';
break;
}
$alerts = array();
foreach ($id_event as $k => $id) {
if ($meta) {
$event_group = events_meta_get_group ($id, $history);
$event = events_meta_get_event ($id, false, $history);
$server_id = $event['server_id'];
}
else {
$event_group = events_get_group ($id);
$event = events_get_event ($id);
}
if ($event['id_alert_am'] > 0 && !in_array($event['id_alert_am'], $alerts)) {
$alerts[] = $event['id_alert_am'];
}
if (check_acl ($config["id_user"], $event_group, "EW") == 0) {
db_pandora_audit("ACL Violation", "Attempted updating event #".$id);
unset($id_event[$k]);
}
}
if (empty($id_event)) {
return false;
}
$values = array(
'estado' => $new_status,
'id_usuario' => $ack_user,
'ack_utimestamp' => $ack_utimestamp);
$ret = db_process_sql_update($event_table, $values,
array('id_evento' => $id_event));
if (($ret === false) || ($ret === 0)) {
return false;
}
events_comment($id_event, '', "Change status to $status_string", $meta, $history);
if ($meta && !empty($alerts)) {
$server = metaconsole_get_connection_by_id ($server_id);
metaconsole_connect($server);
}
// Put the alerts in standby or not depends the new status
foreach ($alerts as $alert) {
switch ($new_status) {
case EVENT_NEW:
case EVENT_VALIDATE:
alerts_agent_module_standby ($alert, 0);
break;
case EVENT_PROCESS:
alerts_agent_module_standby ($alert, 1);
break;
}
}
if ($meta && !empty($alerts)) {
metaconsole_restore_db();
}
return true;
}
/**
* Change the owner of an event if the event hasn't owner
*
* @param mixed Event ID or array of events
* @param string id_user of the new owner. If is false, the current owner will be setted
* @param bool flag to force the change or not (not force is change only when it hasn't owner)
* @param bool metaconsole mode flag
* @param bool history mode flag
*
* @return bool Whether or not it was successful
*/
function events_change_owner ($id_event, $new_owner = false, $force = false, $meta = false, $history = false) {
global $config;
$event_table = events_get_events_table($meta, $history);
//Cleans up the selection for all unwanted values also casts any single values as an array
$id_event = (array) safe_int ($id_event, 1);
foreach ($id_event as $k => $id) {
if ($meta) {
$event_group = events_meta_get_group ($id, $history);
}
else {
$event_group = events_get_group ($id);
}
if (check_acl ($config["id_user"], $event_group, "EW") == 0) {
db_pandora_audit("ACL Violation", "Attempted updating event #".$id);
unset($id_event[$k]);
}
}
if (empty($id_event)) {
return false;
}
// If no new_owner is provided, the current user will be the owner
// ** Comment this lines because if possible selected None owner in owner event. TIQUET: #2250***
//if (empty($new_owner)) {
// $new_owner = $config['id_user'];
//}
// Only generate comment when is forced (sometimes is changed the owner when comment)
if ($force) {
events_comment($id_event, '', "Change owner to $new_owner", $meta, $history);
}
$values = array('owner_user' => $new_owner);
$where = array('id_evento' => $id_event);
// If not force, add to where if owner_user = ''
if (!$force) {
$where['owner_user'] = '';
}
$ret = db_process_sql_update($event_table, $values,
$where, 'AND', false);
if (($ret === false) || ($ret === 0)) {
return false;
}
return true;
}
function events_get_events_table($meta, $history) {
if ($meta) {
if ($history) {
$event_table = 'tmetaconsole_event_history';
}
else {
$event_table = 'tmetaconsole_event';
}
}
else {
$event_table = 'tevento';
}
return $event_table;
}
/**
* Comment events in a transresponse
*
* @param mixed Event ID or array of events
* @param string comment to be registered
* @param string action performed with the comment. Bu default just Added comment
* @param bool Flag of metaconsole mode
* @param bool Flag of history mode
*
* @return bool Whether or not it was successful
*/
function events_comment ($id_event, $comment = '', $action = 'Added comment', $meta = false, $history = false, $similars = true) {
global $config;
$event_table = events_get_events_table($meta, $history);
//Cleans up the selection for all unwanted values also casts any single values as an array
$id_event = (array) safe_int ($id_event, 1);
foreach ($id_event as $k => $id) {
if ($meta) {
$event_group = events_meta_get_group ($id, $history);
}
else {
$event_group = events_get_group ($id);
}
if (check_acl ($config["id_user"], $event_group, "EW") == 0) {
db_pandora_audit("ACL Violation", "Attempted updating event #".$id);
unset($id_event[$k]);
}
}
if (empty($id_event)) {
return false;
}
// If the event hasn't owner, assign the user as owner
events_change_owner ($id_event);
// Get the current event comments
$first_event = $id_event;
if (is_array($id_event)) {
$first_event = reset($id_event);
}
$event_comments = db_get_value('user_comment', $event_table, 'id_evento', $first_event);
$event_comments_array = array();
if ($event_comments == '') {
$comments_format = 'new';
}
else {
// If comments are not stored in json, the format is old
$event_comments_array = json_decode($event_comments);
if (is_null($event_comments_array)) {
$comments_format = 'old';
}
else {
$comments_format = 'new';
}
}
switch($comments_format) {
case 'new':
$comment_for_json['comment'] = $comment;
$comment_for_json['action'] = $action;
$comment_for_json['id_user'] = $config['id_user'];
$comment_for_json['utimestamp'] = time();
$event_comments_array[] = $comment_for_json;
$event_comments = io_json_mb_encode($event_comments_array);
// Update comment
$ret = db_process_sql_update($event_table, array('user_comment' => $event_comments), array('id_evento' => implode(',', $id_event)));
break;
case 'old':
// Give old ugly format to comment. TODO: Change this method for aux table or json
$comment = str_replace(array("\r\n", "\r", "\n"), ' ', $comment);
if ($comment != '') {
$commentbox = '
'.$comment.'
';
}
else {
$commentbox = '';
}
// Don't translate 'by' word because if various users with different languages
// make comments in the same console will be a mess
$comment = '-- ' . $action . ' by '.$config['id_user'].' '.'['.date ($config["date_format"]).'] -- '.$commentbox.' ';
// Update comment
switch ($config['dbtype']) {
// Oldstyle SQL to avoid innecesary PHP foreach
case 'mysql':
$sql_validation = "UPDATE $event_table
SET user_comment = concat('" . $comment . "', user_comment)
WHERE id_evento in (" . implode(',', $id_event) . ")";
$ret = db_process_sql($sql_validation);
break;
case 'postgresql':
case 'oracle':
$sql_validation = "UPDATE $event_table
SET user_comment='" . $comment . "' || user_comment)
WHERE id_evento in (" . implode(',', $id_event) . ")";
$ret = db_process_sql($sql_validation);
break;
}
break;
}
if (($ret === false) || ($ret === 0)) {
return false;
}
return true;
}
/**
* Get group id of an event.
*
* @param int $id_event Event id
*
* @return int Group id of the given event.
*/
function events_get_group ($id_event) {
return (int) db_get_value ('id_grupo', 'tevento', 'id_evento', (int) $id_event);
}
/**
* Get description of an event.
*
* @param int $id_event Event id.
*
* @return string Description of the given event.
*/
function events_get_description ($id_event) {
return (string) db_get_value ('evento', 'tevento', 'id_evento', (int) $id_event);
}
/**
* Insert a event in the event log system.
*
* @param int $event
* @param int $id_group
* @param int $id_agent
* @param int $status
* @param string $id_user
* @param string $event_type
* @param int $priority
* @param int $id_agent_module
* @param int $id_aam
*
* @return int event id
*/
function events_create_event ($event, $id_group, $id_agent, $status = 0,
$id_user = "", $event_type = "unknown", $priority = 0,
$id_agent_module = 0, $id_aam = 0, $critical_instructions = '',
$warning_instructions = '', $unknown_instructions = '',
$source="Pandora", $tags="", $custom_data="", $server_id = 0, $id_extra ="") {
global $config;
$table_events = 'tevento';
if (defined ('METACONSOLE')) {
$table_events = 'tmetaconsole_event';
switch ($config["dbtype"]) {
case "mysql":
$sql = sprintf ('
INSERT INTO ' . $table_events . ' (id_agente, id_grupo, evento,
timestamp, estado, utimestamp, id_usuario,
event_type, criticity, id_agentmodule, id_alert_am,
critical_instructions, warning_instructions,
unknown_instructions, source, tags, custom_data,
server_id, id_extra)
VALUES (%d, %d, "%s", NOW(), %d, UNIX_TIMESTAMP(NOW()),
"%s", "%s", %d, %d, %d, "%s", "%s", "%s", "%s",
"%s", "%s", %d, "%s")',
$id_agent, $id_group, $event, $status, $id_user,
$event_type, $priority, $id_agent_module, $id_aam,
$critical_instructions, $warning_instructions,
$unknown_instructions, $source, $tags, $custom_data,
$server_id, $id_extra);
break;
case "postgresql":
$sql = sprintf ('
INSERT INTO ' . $table_events . ' (id_agente, id_grupo, evento,
timestamp, estado, utimestamp, id_usuario,
event_type, criticity, id_agentmodule, id_alert_am,
critical_instructions, warning_instructions,
unknown_instructions, source, tags, custom_data,
server_id, id_extra)
VALUES (%d, %d, "%s", NOW(), %d,
ceil(date_part(\'epoch\', CURRENT_TIMESTAMP)), "%s",
"%s", %d, %d, %d, "%s", "%s", "%s", "%s", "%s",
"%s", %d, "%s")',
$id_agent, $id_group, $event, $status, $id_user,
$event_type, $priority, $id_agent_module, $id_aam,
$critical_instructions, $warning_instructions,
$unknown_instructions, $source, $tags, $custom_data,
$server_id, $id_extra);
break;
case "oracle":
$sql = sprintf ('
INSERT INTO ' . $table_events . ' (id_agente, id_grupo, evento,
timestamp, estado, utimestamp, id_usuario,
event_type, criticity, id_agentmodule, id_alert_am,
critical_instructions, warning_instructions,
unknown_instructions, source, tags, custom_data,
server_id, id_extra)
VALUES (%d, %d, "%s", CURRENT_TIMESTAMP, %d, UNIX_TIMESTAMP,
"%s", "%s", %d, %d, %d, "%s", "%s", "%s", "%s",
"%s", "%s", %d, "%s")',
$id_agent, $id_group, $event, $status, $id_user,
$event_type, $priority, $id_agent_module, $id_aam,
$critical_instructions, $warning_instructions,
$unknown_instructions, $source, $tags, $custom_data,
$server_id, $id_extra);
break;
}
}
else {
switch ($config["dbtype"]) {
case "mysql":
$sql = sprintf ('
INSERT INTO ' . $table_events . ' (id_agente, id_grupo, evento,
timestamp, estado, utimestamp, id_usuario,
event_type, criticity, id_agentmodule, id_alert_am,
critical_instructions, warning_instructions,
unknown_instructions, source, tags, custom_data, id_extra)
VALUES (%d, %d, "%s", NOW(), %d, UNIX_TIMESTAMP(NOW()),
"%s", "%s", %d, %d, %d, "%s", "%s", "%s", "%s", "%s", "%s", "%s")',
$id_agent, $id_group, $event, $status, $id_user,
$event_type, $priority, $id_agent_module, $id_aam,
$critical_instructions, $warning_instructions,
$unknown_instructions, $source, $tags, $custom_data, $id_extra);
break;
case "postgresql":
$sql = sprintf ('
INSERT INTO ' . $table_events . ' (id_agente, id_grupo, evento,
timestamp, estado, utimestamp, id_usuario,
event_type, criticity, id_agentmodule, id_alert_am,
critical_instructions, warning_instructions,
unknown_instructions, source, tags, custom_data, id_extra)
VALUES (%d, %d, "%s", NOW(), %d,
ceil(date_part(\'epoch\', CURRENT_TIMESTAMP)), "%s",
"%s", %d, %d, %d, "%s", "%s", "%s", "%s", "%s", "%s", "%s")',
$id_agent, $id_group, $event, $status, $id_user,
$event_type, $priority, $id_agent_module, $id_aam,
$critical_instructions, $warning_instructions,
$unknown_instructions, $source, $tags, $custom_data, $id_extra);
break;
case "oracle":
$sql = sprintf ("
INSERT INTO " . $table_events . " (id_agente, id_grupo, evento,
timestamp, estado, utimestamp, id_usuario,
event_type, criticity, id_agentmodule, id_alert_am,
critical_instructions, warning_instructions,
unknown_instructions, source, tags, custom_data, id_extra)
VALUES (%d, %d, '%s', CURRENT_TIMESTAMP, %d, UNIX_TIMESTAMP,
'%s', '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
$id_agent, $id_group, $event, $status, $id_user,
$event_type, $priority, $id_agent_module, $id_aam,
$critical_instructions, $warning_instructions,
$unknown_instructions, $source, $tags, $custom_data, $id_extra);
break;
}
}
return (int) db_process_sql ($sql, "insert_id");
}
/**
* Prints a small event table
*
* @param string $filter SQL WHERE clause
* @param int $limit How many events to show
* @param int $width How wide the table should be
* @param bool $return Prints out HTML if false
* @param int agent id if is the table of one agent. 0 otherwise
*
* @return string HTML with table element
*/
function events_print_event_table ($filter = "", $limit = 10, $width = 440, $return = false, $agent_id = 0, $tactical_view = false) {
global $config;
if ($agent_id == 0) {
$agent_condition = '';
}
else {
$agent_condition = " id_agente = $agent_id AND ";
}
if ($filter == '') {
$filter = '1 = 1';
}
switch ($config["dbtype"]) {
case "mysql":
case "postgresql":
$sql = sprintf ("SELECT *
FROM tevento
WHERE %s %s
ORDER BY utimestamp DESC LIMIT %d", $agent_condition, $filter, $limit);
break;
case "oracle":
$sql = sprintf ("SELECT *
FROM tevento
WHERE %s %s AND rownum <= %d
ORDER BY utimestamp DESC", $agent_condition, $filter, $limit);
break;
}
$result = db_get_all_rows_sql ($sql);
if ($result === false) {
if ($return) {
$returned = ui_print_info_message (__('No events'), '', true);
return $returned;
}
else {
echo ui_print_info_message (__('No events'));
}
}
else {
$table = new stdClass();
$table->id = 'latest_events_table';
$table->cellpadding = 0;
$table->cellspacing = 0;
$table->width = $width;
$table->class = "databox data";
if (!$tactical_view)
$table->title = __('Latest events');
$table->titleclass = 'tabletitle';
$table->titlestyle = 'text-transform:uppercase;';
$table->headclass = array ();
$table->head = array ();
$table->rowclass = array ();
$table->cellclass = array ();
$table->data = array ();
$table->align = array ();
$table->style[0] = $table->style[1] = $table->style[2] = 'width:25px;';
if ($agent_id == 0) {
$table->style[3] = 'word-break: break-all;';
}
$table->style[4] = 'width:120px; word-break: break-all;';
$table->head[0] = "" . __('V.') . "";
$table->align[0] = 'center';
$table->head[1] = "" . __('S.') . "";
$table->align[1] = 'center';
$table->head[2] = __('Type');
$table->headclass[2] = "datos3 f9";
$table->align[2] = "center";
$table->head[3] = __('Event name');
if ($agent_id == 0) {
$table->head[4] = __('Agent name');
$table->size[4] = "15%";
}
$table->head[5] = __('Timestamp');
$table->headclass[5] = "datos3 f9";
$table->align[5] = "left";
$table->size[5] = "15%";
foreach ($result as $event) {
if (! check_acl ($config["id_user"], $event["id_grupo"], "ER")) {
continue;
}
$data = array ();
// Colored box
switch($event["estado"]) {
case 0:
$img = "images/star.png";
$title = __('New event');
break;
case 1:
$img = "images/tick.png";
$title = __('Event validated');
break;
case 2:
$img = "images/hourglass.png";
$title = __('Event in process');
break;
}
$data[0] = html_print_image ($img, true,
array ("class" => "image_status",
"title" => $title));
switch ($event["criticity"]) {
default:
case EVENT_CRIT_MAINTENANCE:
$img = "images/status_sets/default/severity_maintenance.png";
break;
case EVENT_CRIT_INFORMATIONAL:
$img = "images/status_sets/default/severity_informational.png";
break;
case EVENT_CRIT_NORMAL:
$img = "images/status_sets/default/severity_normal.png";
break;
case EVENT_CRIT_WARNING:
$img = "images/status_sets/default/severity_warning.png";
break;
case EVENT_CRIT_CRITICAL:
$img = "images/status_sets/default/severity_critical.png";
break;
}
$data[1] = html_print_image ($img, true,
array ("class" => "image_status",
"width" => 12,
"height" => 12,
"title" => get_priority_name ($event["criticity"])));
/* Event type */
$data[2] = events_print_type_img ($event["event_type"], true);
/* Event text */
$data[3] = ui_print_string_substr (strip_tags(io_safe_output($event["evento"])), 75, true, '7.5');
if($agent_id == 0) {
if ($event["id_agente"] > 0) {
// Agent name
// Get class name, for the link color...
$myclass = get_priority_class ($event["criticity"]);
$data[4] = "".
agents_get_alias($event["id_agente"]). "";
// ui_print_agent_name ($event["id_agente"], true, 25, '', true);
// for System or SNMP generated alerts
}
elseif ($event["event_type"] == "system") {
$data[4] = __('System');
}
else {
$data[4] = __('Alert')."SNMP";
}
}
// Timestamp
$data[5] = ui_print_timestamp ($event["timestamp"], true, array('style' => 'font-size: 7.5pt; letter-spacing: 0.3pt;'));
$class = get_priority_class ($event["criticity"]);
$cell_classes[3] = $cell_classes[4] = $cell_classes[5] = $class;
array_push ($table->cellclass, $cell_classes);
//array_push ($table->rowclass, get_priority_class ($event["criticity"]));
array_push ($table->data, $data);
}
$events_table = html_print_table ($table, true);
$out = '
';
$out .= $events_table;
if (!$tactical_view) {
if ($agent_id != 0) {
$out .= '
';
$out .= '
';
$out .= '';
$out .= '
';
}
else {
$out .= '
';
$out .= '
';
$out .= '';
$out .= '';
$out .= '
';
}
}
$out .= '
';
unset ($table);
if ($return) {
return $out;
}
else {
echo $out;
}
}
}
/**
* Prints the event type image
*
* @param string $type Event type from SQL
* @param bool $return Whether to return or print
* @param bool $only_url Flag to return only url of image, by default false.
*
* @return string HTML with img
*/
function events_print_type_img ($type, $return = false, $only_url = false) {
global $config;
$output = '';
$urlImage = ui_get_full_url(false);
switch ($type) {
case "alert_recovered":
$icon = "bell.png";
break;
case "alert_manual_validation":
$icon = "ok.png";
break;
case "going_down_critical":
case "going_up_critical": //This is to be backwards compatible
$icon = "module_critical.png";
break;
case "going_up_normal":
case "going_down_normal": //This is to be backwards compatible
$icon = "module_ok.png";
break;
case "going_up_warning":
case "going_down_warning":
$icon = "module_warning.png";
break;
case "going_unknown":
$icon = "module_unknown.png";
break;
case "alert_fired":
$icon = "bell_error.png";
break;
case "system":
$icon = "cog.png";
break;
case "recon_host_detected":
$icon = "recon.png";
break;
case "new_agent":
$icon = "agent.png";
break;
case "configuration_change":
$icon = "config.png";
break;
case "unknown":
default:
$icon = "lightning_go.png";
break;
}
if ($only_url) {
$output = $urlImage . "/" . "images/" . $icon;
}
else {
$output .= html_print_image ("images/" . $icon, true,
array ("title" => events_print_type_description($type, true)));
}
if ($return)
return $output;
echo $output;
}
/**
* Prints the event type description
*
* @param string $type Event type from SQL
* @param bool $return Whether to return or print
*
* @return string HTML with img
*/
function events_print_type_description ($type, $return = false) {
$output = '';
switch ($type) {
case "going_unknown":
$output .= __('Going to unknown');
break;
case "alert_recovered":
$output .= __('Alert recovered');
break;
case "alert_manual_validation":
$output .= __('Alert manually validated');
break;
case "going_up_warning":
$output .= __('Going from critical to warning');
break;
case "going_down_critical":
case "going_up_critical": //This is to be backwards compatible
$output .= __('Going down to critical state');
break;
case "going_up_normal":
case "going_down_normal": //This is to be backwards compatible
$output .= __('Going up to normal state');
break;
case "going_down_warning":
$output .= __('Going down from normal to warning');
break;
case "alert_fired":
$output .= __('Alert fired');
break;
case "system";
$output .= __('SYSTEM');
break;
case "recon_host_detected";
$output .= __('Recon server detected a new host');
break;
case "new_agent";
$output .= __('New agent created');
break;
case "configuration_change";
$output .= __('Configuration change');
break;
case "alert_ceased";
$output .= __('Alert ceased');
break;
case "error";
$output .= __('Error');
break;
case "unknown":
default:
$output .= __('Unknown type:').': '.$type;
break;
}
if ($return)
return $output;
echo $output;
}
/**
* Get all the events happened in a group during a period of time.
*
* The returned events will be in the time interval ($date - $period, $date]
*
* @param mixed $id_group Group id to get events for.
* @param int $period Period of time in seconds to get events.
* @param int $date Beginning date to get events.
*
* @return array An array with all the events happened.
*/
function events_get_group_events_steps ($begin, &$result, $id_group, $period, $date,
$filter_event_validated = false, $filter_event_critical = false,
$filter_event_warning = false, $filter_event_no_validated = false) {
global $config;
$id_group = groups_safe_acl ($config["id_user"], $id_group, "ER");
if (empty ($id_group)) {
//An empty array means the user doesn't have access
return false;
}
$datelimit = $date - $period;
$sql_where = ' AND 1 = 1 ';
$criticities = array();
if ($filter_event_critical) {
$criticities[] = 4;
}
if ($filter_event_warning) {
$criticities[] = 3;
}
if (!empty($criticities)) {
$sql_where .= ' AND criticity IN (' . implode(', ', $criticities) . ')';
}
if ($filter_event_validated) {
$sql_where .= ' AND estado = 1 ';
}
if ($filter_event_no_validated) {
$sql_where .= ' AND estado = 0 ';
}
$sql = sprintf ('SELECT *,
(SELECT t2.nombre
FROM tagente t2
WHERE t2.id_agente = t3.id_agente) AS agent_name,
(SELECT t2.fullname
FROM tusuario t2
WHERE t2.id_user = t3.id_usuario) AS user_name
FROM tevento t3
WHERE utimestamp > %d AND utimestamp <= %d
AND id_grupo IN (%s) ' . $sql_where . '
ORDER BY utimestamp ASC',
$datelimit, $date, implode (",", $id_group));
return db_get_all_row_by_steps_sql($begin, $result, $sql);
}
/**
* Get all the events happened in an Agent during a period of time.
*
* The returned events will be in the time interval ($date - $period, $date]
*
* @param int $id_agent Agent id to get events.
* @param int $period Period of time in seconds to get events.
* @param int $date Beginning date to get events.
*
* @return array An array with all the events happened.
*/
function events_get_agent ($id_agent, $period, $date = 0,
$history = false, $show_summary_group = false, $filter_event_severity = false,
$filter_event_type = false, $filter_event_status = false, $filter_event_filter_search=false,
$id_group = false, $events_group = false, $id_agent_module = false, $events_module = false) {
global $config;
if (!is_numeric ($date)) {
$date = strtotime ($date);
}
if (empty ($date)) {
$date = get_system_time ();
}
if($events_group){
$id_group = groups_safe_acl ($config["id_user"], $id_group, "ER");
if (empty ($id_group)) {
//An empty array means the user doesn't have access
return false;
}
}
$datelimit = $date - $period;
$sql_where = '';
$severity_all = 0;
if (!empty($filter_event_severity)) {
foreach ($filter_event_severity as $key => $value) {
switch ($value) {
case -1:
$severity_all = 1;
break;
case 34:
$filter_event_severity[$key] = '3, 4';
break;
case 20:
$filter_event_severity[$key] = '0, 1, 3, 4, 5, 6';
break;
case 21:
$filter_event_severity[$key] = '4, 2';
break;
default:
break;
}
}
if(!$severity_all){
$sql_where .= ' AND criticity IN (' . implode(', ', $filter_event_severity) . ')';
}
}
$status_all = 0;
if(!empty($filter_event_status)){
foreach ($filter_event_status as $key => $value) {
switch ($value) {
case -1:
$status_all = 1;
break;
case 3:
$filter_event_status[$key] = ('0, 2');
default:
break;
}
}
if(!$status_all){
$sql_where .= ' AND estado IN (' . implode(', ', $filter_event_status) . ')';
}
}
if (!empty($filter_event_type) && $filter_event_type[0] != 'all') {
$sql_where .= ' AND (';
$type = array();
foreach ($filter_event_type as $event_type) {
if ($event_type != "") {
// If normal, warning, could be several (going_up_warning, going_down_warning... too complex
// for the user so for him is presented only "warning, critical and normal"
if ($event_type == "warning" || $event_type == "critical" || $event_type == "normal") {
$type[] = " event_type LIKE '%$event_type%' ";
}
else if ($event_type == "not_normal") {
$type[] = " (event_type LIKE '%warning%' OR event_type LIKE '%critical%' OR event_type LIKE '%unknown%') ";
}
else if ($event_type != "all") {
$type[] = " event_type = '" . $event_type."'";
}
}
}
$sql_where .= implode(' OR ', $type) . ')';
}
if (!empty($filter_event_filter_search)) {
$sql_where .= ' AND (evento LIKE "%'. io_safe_input($filter_event_filter_search) . '%"'.
' OR id_evento LIKE "%' . io_safe_input($filter_event_filter_search) . '%")';
}
if($events_group){
$sql_where .= sprintf(' AND id_grupo IN (%s) AND utimestamp > %d
AND utimestamp <= %d ', implode (",", $id_group), $datelimit, $date);
}
elseif($events_module){
$sql_where .= sprintf(' AND id_agentmodule = %d AND utimestamp > %d
AND utimestamp <= %d ', $id_agent_module, $datelimit, $date);
}
else{
$sql_where .= sprintf(' AND id_agente = %d AND utimestamp > %d
AND utimestamp <= %d ', $id_agent, $datelimit, $date);
}
if($show_summary_group){
return events_get_events_grouped($sql_where, 0, 1000,
is_metaconsole(), false, false, $history);
}
else{
return events_get_events_no_grouped($sql_where, 0, 1000,
is_metaconsole(), false, false, $history);
}
}
/**
* Decode a numeric type into type description.
*
* @param int $type_id Numeric type.
*
* @return string Type description.
*/
function events_get_event_types ($type_id) {
$diferent_types = get_event_types ();
$type_desc = '';
switch ($type_id) {
case 'unknown':
$type_desc = __('Unknown');
break;
case 'critical':
$type_desc = __('Monitor Critical');
break;
case 'warning':
$type_desc = __('Monitor Warning');
break;
case 'normal':
$type_desc = __('Monitor Normal');
break;
case 'alert_fired':
$type_desc = __('Alert fired');
break;
case 'alert_recovered':
$type_desc = __('Alert recovered');
break;
case 'alert_ceased':
$type_desc = __('Alert ceased');
break;
case 'alert_manual_validation':
$type_desc = __('Alert manual validation');
break;
case 'recon_host_detected':
$type_desc = __('Recon host detected');
break;
case 'system':
$type_desc = __('System');
break;
case 'error':
$type_desc = __('Error');
break;
case 'configuration_change':
$type_desc = __('Configuration change');
break;
case 'not_normal':
$type_desc = __('Not normal');
break;
default:
if (isset($config['text_char_long'])) {
foreach ($diferent_types as $key => $type) {
if ($key == $type_id) {
$type_desc = ui_print_truncate_text($type, $config['text_char_long'], false, true, false);
}
}
}
break;
}
return $type_desc;
}
/**
* Decode a numeric severity into severity description.
*
* @param int $severity_id Numeric severity.
*
* @return string Severity description.
*/
function events_get_severity_types ($severity_id) {
$diferent_types = get_priorities ();
$severity_desc = '';
switch ($severity_id) {
case EVENT_CRIT_MAINTENANCE:
$severity_desc = __('Maintenance');
break;
case EVENT_CRIT_INFORMATIONAL:
$severity_desc = __('Informational');
break;
case EVENT_CRIT_NORMAL:
$severity_desc = __('Normal');
break;
case EVENT_CRIT_WARNING:
$severity_desc = __('Warning');
break;
case EVENT_CRIT_CRITICAL:
$severity_desc = __('Critical');
break;
default:
if (isset($config['text_char_long'])) {
foreach ($diferent_types as $key => $type) {
if ($key == $severity_id) {
$severity_desc = ui_print_truncate_text($type,
$config['text_char_long'], false, true, false);
}
}
}
break;
}
return $severity_desc;
}
/**
* Return all descriptions of event status.
*
* @return array Status description array.
*/
function events_get_all_status ($report = false) {
$fields = array ();
if(!$report){
$fields[-1] = __('All event');
$fields[0] = __('Only new');
$fields[1] = __('Only validated');
$fields[2] = __('Only in process');
$fields[3] = __('Only not validated');
}
else{
$fields[-1] = __('All event');
$fields[0] = __('New');
$fields[1] = __('Validated');
$fields[2] = __('In process');
$fields[3] = __('Not Validated');
}
return $fields;
}
/**
* Decode a numeric status into status description.
*
* @param int $status_id Numeric status.
*
* @return string Status description.
*/
function events_get_status ($status_id) {
switch ($status_id) {
case -1:
$status_desc = __('All event');
break;
case 0:
$status_desc = __('Only new');
break;
case 1:
$status_desc = __('Only validated');
break;
case 2:
$status_desc = __('Only in process');
break;
case 3:
$status_desc = __('Only not validated');
break;
}
return $status_desc;
}
/**
* Checks if a user has permissions to see an event filter.
*
* @param int $id_filter Id of the event filter.
*
* @return bool True if the user has permissions or false otherwise.
*/
function events_check_event_filter_group ($id_filter) {
global $config;
$id_group = db_get_value('id_group_filter', 'tevent_filter', 'id_filter', $id_filter);
$own_info = get_user_info ($config['id_user']);
// Get group list that user has access
$groups_user = users_get_groups ($config['id_user'], "EW", $own_info['is_admin'], true);
// Permissions in any group allow to edit "All group" filters
if($id_group == 0 && !empty($groups_user)) {
return true;
}
$groups_id = array();
$has_permission = false;
foreach ($groups_user as $key => $groups) {
if ($groups['id_grupo'] == $id_group)
return true;
}
return false;
}
/**
* Return an array with all the possible macros in event responses
*
* @return array
*/
function events_get_macros() {
return array('_agent_address_' => __('Agent address'),
'_agent_id_' => __('Agent id'),
'_event_id_' => __('Event id'),
'_module_address_' => __('Module Agent address'),);
}
/**
* Get a event filter.
*
* @param int Filter id to be fetched.
* @param array Extra filter.
* @param array Fields to be fetched.
*
* @return array A event filter matching id and filter or false.
*/
function events_get_event_filter ($id_filter, $filter = false, $fields = false) {
if (empty($id_filter)) {
return false;
}
if (! is_array ($filter)) {
$filter = array ();
$filter['id_filter'] = (int) $id_filter;
}
return db_get_row_filter ('tevent_filter', $filter, $fields);
}
/**
* Get a event filters in select format.
*
* @param boolean If event filters are used for manage/view operations (non admin users can see group ALL for manage) # Fix
* @return array A event filter matching id and filter or false.
*/
function events_get_event_filter_select($manage = true) {
global $config;
$strict_acl = db_get_value('strict_acl', 'tusuario', 'id_user', $config['id_user']);
if ($strict_acl) {
$user_groups = users_get_strict_mode_groups($config['id_user'],
users_can_manage_group_all());
}
else {
$user_groups = users_get_groups ($config['id_user'], "EW",
users_can_manage_group_all(), true);
}
if(empty($user_groups)) {
return array();
}
$sql = "
SELECT id_filter, id_name
FROM tevent_filter
WHERE id_group_filter IN (" . implode(',', array_keys ($user_groups)) . ")";
$event_filters = db_get_all_rows_sql($sql);
if ($event_filters === false) {
return array();
}
else {
$result = array();
foreach ($event_filters as $event_filter) {
$result[$event_filter['id_filter']] = $event_filter['id_name'];
}
}
return $result;
}
// Events pages functions to load modal window with advanced view of an event.
// Called from include/ajax/events.php
function events_page_responses ($event, $childrens_ids = array()) {
global $config;
/////////
// Responses
/////////
$table_responses->cellspacing = 2;
$table_responses->cellpadding = 2;
$table_responses->id = 'responses_table';
$table_responses->width = '100%';
$table_responses->data = array ();
$table_responses->head = array ();
$table_responses->style[0] = 'width:35%; font-weight: bold; text-align: left; height: 23px;';
$table_responses->style[1] = 'text-align: left; height: 23px; text-align: right;';
$table_responses->class = "alternate rounded_cells";
if (tags_checks_event_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) {
// Owner
$data = array();
$data[0] = __('Change owner');
// Owner change can be done to users that belong to the event group with ER permission
$profiles_view_events = db_get_all_rows_filter('tperfil', array('event_view' => '1'), 'id_perfil');
foreach($profiles_view_events as $k => $v) {
$profiles_view_events[$k] = reset($v);
}
// Juanma (05/05/2014) Fix : Propagate ACL hell!
$_user_groups = array_keys(users_get_groups($config['id_user'], 'ER', users_can_manage_group_all()));
$strict_user = db_get_value('strict_acl', 'tusuario', 'id_user', $config['id_user']);
if ($strict_user) {
$user_name = db_get_value('fullname', 'tusuario', 'id_user', $config['id_user']);
$users = array();
$users[0]['id_user'] = $config['id_user'];
$users[0]['fullname'] = $user_name;
} else {
$users = groups_get_users($_user_groups, array('id_perfil' => $profiles_view_events), true, true);
}
foreach($users as $u) {
$owners[$u['id_user']] = $u['fullname'];
}
if($event['owner_user'] == '') {
$owner_name = __('None');
}
else {
$owner_name = db_get_value('fullname', 'tusuario', 'id_user', $event['owner_user']);
$owners[$event['owner_user']] = $owner_name;
}
$data[1] = html_print_select($owners, 'id_owner', $event['owner_user'], '', __('None'), -1, true);
$data[1] .= html_print_button(__('Update'),'owner_button',false,'event_change_owner();','class="sub next"',true);
$table_responses->data[] = $data;
}
// Status
$data = array();
$data[0] = __('Change status');
$status_blocked = false;
if (tags_checks_event_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) {
// If the user has manager acls, the status can be changed to all possibilities always
$status = array(0 => __('New'), 2 => __('In process'), 1 => __('Validated'));
}
else {
switch($event['estado']) {
case 0:
// If the user hasnt manager acls and the event is new. The status can be changed
$status = array(2 => __('In process'), 1 => __('Validated'));
break;
case 1:
// If the user hasnt manager acls and the event is validated. The status cannot be changed
$status = array(1 => __('Validated'));
$status_blocked = true;
break;
case 2:
// If the user hasnt manager acls and the event is in process. The status only can be changed to validated
$status = array(1 => __('Validated'));
break;
}
}
// The change status option will be enabled only when is possible change the status
$data[1] = html_print_select($status, 'estado', $event['estado'], '', '', 0, true, false, false, '', $status_blocked);
if(!$status_blocked) {
$data[1] .= html_print_button(__('Update'),'status_button',false,'event_change_status(\''.$event['similar_ids'] .'\');','class="sub next"',true);
}
$table_responses->data[] = $data;
// Comments
$data = array();
$data[0] = __('Comment');
$data[1] = html_print_button(__('Add comment'),'comment_button',false,'$(\'#link_comments\').trigger(\'click\');','class="sub next"',true);
$table_responses->data[] = $data;
if (tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) {
// Delete
$data = array();
$data[0] = __('Delete event');
$data[1] = '';
$table_responses->data[] = $data;
}
// Custom responses
$data = array();
$data[0] = __('Custom responses');
$id_groups = array_keys(users_get_groups(false, "EW"));
$event_responses = db_get_all_rows_filter('tevent_response',
array('id_group' => $id_groups));
if (empty($event_responses)) {
$data[1] = ''.__('N/A').'';
}
else {
$responses = array();
foreach ($event_responses as $v) {
$responses[$v['id']] = $v['name'];
}
$data[1] = html_print_select(
$responses,
'select_custom_response','','','','',true, false, false);
if (isset($event['server_id'])) {
$server_id = $event['server_id'];
}
else {
$server_id = 0;
}
$data[1] .= html_print_button(__('Execute'),'custom_response_button',false,'execute_response('.$event['id_evento'].','.$server_id.')',"class='sub next'",true);
}
$table_responses->data[] = $data;
$responses_js = "";
$responses = '