vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 07:29:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Minor fix for alerts rotation

Browse source 
Fixes errors such as:
05/Jun/2017 10:20:20 [AlertsManager.cpp:1540] ERROR: SQL Error: near "ORDER": syntax error
DELETE FROM flows_alerts ORDER BY alert_tstamp ASC LIMIT 1288928
This commit is contained in:
Simone Mainardi 2017-06-05 14:44:24 +02:00
parent 8c93475761
commit 08e2b19388
1 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

16
scripts/lua/modules/alert_utils.lua
View file

@ -1035,13 +1035,13 @@ function housekeepingAlertsMakeRoom(ifId)
"GROUP BY alert_entity, alert_entity_val HAVING COUNT >= "..max_num_alerts_per_entity)
for _, e in pairs(res) do
local to_delete = e.count - (max_num_alerts_per_entity * 0.8) -- deletes 20% more alerts than the maximum number
to_delete = round(to_delete, 0)
--tprint({e=e, total=e.count, to_delete=to_delete, to_delete_not_discounted=(e.count - max_num_alerts_per_entity)})
local to_keep = (max_num_alerts_per_entity * 0.8) -- deletes 20% more alerts than the maximum number
to_keep = round(to_keep, 0)
-- tprint({e=e, total=e.count, to_keep=to_keep, to_delete=to_delete, to_delete_not_discounted=(e.count - max_num_alerts_per_entity)})
local cleanup = interface.queryAlertsRaw(false,
"DELETE",
"WHERE alert_entity="..e.alert_entity.." AND alert_entity_val=\""..e.alert_entity_val.."\""..
"ORDER BY alert_tstamp ASC LIMIT "..to_delete)
"WHERE rowid NOT IN (SELECT rowid FROM closed_alerts WHERE alert_entity="..e.alert_entity.." AND alert_entity_val=\""..e.alert_entity_val.."\""..
"ORDER BY alert_tstamp DESC LIMIT "..to_keep..")")
-- TODO: possibly raise a too many alerts for entity e
end
end
@ -1051,10 +1051,10 @@ function housekeepingAlertsMakeRoom(ifId)
local res = interface.queryFlowAlertsRaw("SELECT count(*) count", "WHERE 1=1")
local count = tonumber(res[1].count)
if count ~= nil and count >= max_num_flow_alerts then
local to_delete = count - (max_num_flow_alerts * 0.8)
to_delete = round(to_delete, 0)
local to_keep = (max_num_flow_alerts * 0.8)
to_keep = round(to_keep, 0)
local cleanup = interface.queryFlowAlertsRaw("DELETE",
"ORDER BY alert_tstamp ASC LIMIT "..to_delete)
"WHERE rowid NOT IN (SELECT rowid FROM flows_alerts ORDER BY alert_tstamp DESC LIMIT "..to_keep..")")
--tprint({total=count, to_delete=to_delete, cleanup=cleanup})
--tprint(cleanup)
-- TODO: possibly raise a too many flow alerts