Implements flow alerts

2026-04-30 16:09:32 +00:00 · 2016-11-23 13:08:51 +01:00 · 2016-11-23 13:08:51 +01:00 · 0e4e4e5906
commit 0e4e4e5906
parent d3eca30401
10 changed files with 479 additions and 86 deletions
--- a/scripts/lua/get_alerts_data.lua
+++ b/scripts/lua/get_alerts_data.lua
@ -41,7 +41,10 @@ local num_alerts
 if _GET["entity"] == "host" then
   alerts = interface.getAlerts(initial_idx, perPage, engaged, "host", _GET["entity_val"])
   num_alerts = interface.getNumAlerts(engaged, "host", _GET["entity_val"])
-else
+elseif status == "historical-flows" then
+   alerts = interface.getFlowAlerts(initial_idx, perPage)
+   num_alerts = interface.getNumFlowAlerts()
+else --if status == "historical" then
   alerts = interface.getAlerts(initial_idx, perPage, engaged)
   num_alerts = interface.getNumAlerts(engaged)
 end
@ -58,8 +61,18 @@ for _key,_value in ipairs(alerts) do
   if(total > 0) then print(",\n") end

   alert_id        = _value["rowid"]
-   alert_entity    = alertEntityLabel(_value["alert_entity"])
-   alert_entity_val= _value["alert_entity_val"]
+   if _value["alert_entity"] ~= nil then
+      alert_entity    = alertEntityLabel(_value["alert_entity"])
+   else
+      alert_entity = "flow" -- flow alerts page doesn't have an entity
+   end
+   if _value["alert_entity_val"] ~= nil then
+      alert_entity_val = _value["alert_entity_val"]
+   else
+      alert_entity_val = ""
+   end
+--   tprint(alert_entity)
+--   tprint(alert_entity_val)
   column_date     = os.date("%c", _value["alert_tstamp"])
   if tonumber(_value["alert_tstamp_end"]) ~= nil then
      local duration = secondsToTime(tonumber(_value["alert_tstamp_end"]) - tonumber(_value["alert_tstamp"]))
@ -69,7 +82,7 @@ for _key,_value in ipairs(alerts) do
   column_type     = alertTypeLabel(tonumber(_value["alert_type"]))
   column_msg      = _value["alert_json"]

-   column_id = "<form class=form-inline style='margin-bottom: 0px;' method=get>"
+   column_id = "<form class=form-inline style='margin-bottom: 0px;' method=GET>"
   if _GET["ifname"] ~= nil and _GET["ifname"] ~= "" then
      column_id = column_id.."<input type=hidden name=ifname value=".._GET["ifname"]..">"
   end
@ -82,7 +95,7 @@ for _key,_value in ipairs(alerts) do
   if _GET["page"] ~= nil and _GET["page"] ~= "" then
      column_id = column_id.."<input type=hidden name=page value=".._GET["page"]..">"
   end
-   column_id = column_id.."<input type=hidden name=id_to_delete value="..alert_id.."><input type=hidden name=currentPage value=".. currentPage .."><input type=hidden name=perPage value=".. perPage .."><input type=hidden name=engaged value="..tostring(engaged).."><input type=hidden name=alerts_impl value="..tostring(alertsImpl).."><button class='btn btn-default btn-xs' type='submit'><input id=csrf name=csrf type=hidden value='"..ntop.getRandomCSRFValue().."' /><i type='submit' class='fa fa-trash-o'></i></button></form>"
+   column_id = column_id.."<input type=hidden name=id_to_delete value="..alert_id.."><input type=hidden name=currentPage value=".. currentPage .."><input type=hidden name=perPage value=".. perPage .."><input type=hidden name=status value="..tostring(status).."><input type=hidden name=alerts_impl value="..tostring(alertsImpl).."><button class='btn btn-default btn-xs' type='submit'><input id=csrf name=csrf type=hidden value='"..ntop.getRandomCSRFValue().."' /><i type='submit' class='fa fa-trash-o'></i></button></form>"

   print('{ "column_key" : "'..column_id..'", "column_date" : "'..column_date..'", "column_severity" : "'..column_severity..'", "column_type" : "'..column_type..'", "column_msg" : "'..column_msg..'", "column_entity":"'..alert_entity..'", "column_entity_val":"'..alert_entity_val..'" }')

--- a/scripts/lua/host_details.lua
+++ b/scripts/lua/host_details.lua
@ -1981,7 +1981,7 @@ if num_alerts > 0 or num_engaged_alerts > 0 then
   print("<a href=\""..ntop.getHttpPrefix().."/lua/host_details.lua?ifname="..ifId.."&"..hostinfo2url(host_info).."&page=alerts&tab=alert_list\">Detected Alerts</a></li>\n")
 else
   -- if there are no alerts, we show the first alert granularity configuration page
-   if(tab == nil) then tab = alerts_granularity[1][1] end
+   if(tab == nil or tab=="alert_list") then tab = alerts_granularity[1][1] end
 end

 for _,e in pairs(alerts_granularity) do
@ -2065,7 +2065,7 @@ if tab == "alert_list" then
   _GET["host"] = host_ip
   _GET["vlan"] = host_vlan
   _GET["ifname"] = ifId
-   drawAlertTables(num_alerts, num_engaged_alerts, _GET)
+   drawAlertTables(num_alerts, num_engaged_alerts, 0, _GET)
 else
   print [[
    <table id="user" class="table table-bordered table-striped" style="clear: both"> <tbody>
--- a/scripts/lua/modules/alert_utils.lua
+++ b/scripts/lua/modules/alert_utils.lua
@ -658,14 +658,17 @@ function checkDeleteStoredAlerts()
 	       -- delete all existing alerts
 	       interface.deleteAlerts(true --[[ engaged --]])
 	       interface.deleteAlerts(false --[[ and not engaged --]])
+	       interface.deleteFlowAlerts()
 	    end
 	 else
 	    local id_to_delete = tonumber(_GET["id_to_delete"])
 	    if id_to_delete ~= nil then
-	       if _GET["engaged"] == "true" then
+	       if _GET["status"] == "engaged" then
 		  interface.deleteAlerts(true, id_to_delete)
-	       else
+	       elseif _GET["status"] == "historical" then
 		  interface.deleteAlerts(false, id_to_delete)
+	       elseif _GET["status"] == "historical-flows" then
+		  interface.deleteFlowAlerts(id_to_delete)
 	       end
 	    end
 	 end
@ -675,17 +678,31 @@ end

 -- #################################

-function drawAlertTables(num_alerts, num_engaged_alerts, url_params)
+function drawAlertTables(num_alerts, num_engaged_alerts, num_flow_alerts, url_params)
   local alert_items = {}

+   print[[
+<br>
+<ul class="nav nav-tabs" role="tablist" id="alert-tabs">
+<!-- will be populated later with javascript -->
+</ul>
+
+<div class="tab-content">
+]]
+
+   local status = _GET["status"]
   if num_engaged_alerts > 0 then
-      alert_items[#alert_items + 1] = {["label"] = "Currently Engaged Alerts", ["div-id"] = "table-engaged-alerts",  ["status"] = "engaged", ["date"] = "First Seen"}
+      alert_items[#alert_items + 1] = {["label"] = "Engaged Alerts", ["div-id"] = "table-engaged-alerts",  ["status"] = "engaged", ["date"] = "First Seen"}
   end

   if num_alerts > 0 then
      alert_items[#alert_items +1] = {["label"] = "Alerts History", ["div-id"] = "table-alerts-history",  ["status"] = "historical", ["date"] = "Time"}
   end

+   if num_flow_alerts > 0 then
+      alert_items[#alert_items +1] = {["label"] = "Flow Alerts History", ["div-id"] = "table-flow-alerts-history",  ["status"] = "historical-flows", ["date"] = "Time"}
+   end
+
   local url_extra_params = ""
   if type(url_params) == "table" then
      for k, v in pairs(url_params) do
@ -696,9 +713,22 @@ function drawAlertTables(num_alerts, num_engaged_alerts, url_params)
   end

   for k, t in ipairs(alert_items) do
+      local clicked = "0"
+      if (k == 1 and status == nil) or (status ~= nil and status == t["status"]) then
+	 clicked = "1"
+      end
      print [[
-      <div id="]] print(t["div-id"]) print[["></div>
-	 <script>
+      <div class="tab-pane fade in" id="tab-]] print(t["div-id"]) print[[">
+        <div id="]] print(t["div-id"]) print[["></div>
+      </div>
+
+      <script type="text/javascript">
+
+         $("#alert-tabs").append('<li><a href="#tab-]] print(t["div-id"]) print[[" clicked="]] print(clicked) print[[" role="tab" data-toggle="tab">]] print(t["label"]) print[[</a></li>')
+
+         $('a[href="#tab-]] print(t["div-id"]) print[["]').on('shown.bs.tab', function (e) {
+         // append the li to the tabs
+
 	 $("#]] print(t["div-id"]) print[[").datatable({
 			url: "]]
      print (ntop.getHttpPrefix())
@ -706,8 +736,12 @@ function drawAlertTables(num_alerts, num_engaged_alerts, url_params)
 	       showPagination: true,
 ]]

-      if(_GET["currentPage"] ~= nil) then print("currentPage: ".._GET["currentPage"]..",\n") end
-      if(_GET["perPage"] ~= nil)     then print("perPage: ".._GET["perPage"]..",\n") end
+      if(_GET["currentPage"] ~= nil and status == t["status"]) then
+	 print("currentPage: ".._GET["currentPage"]..",\n")
+      end
+      if(_GET["perPage"] ~= nil and status == t["status"]) then
+	 print("perPage: ".._GET["perPage"]..",\n")
+      end

      print [[
 	        title: "]] print(t["label"]) print[[",
@ -743,22 +777,6 @@ function drawAlertTables(num_alerts, num_engaged_alerts, url_params)
 	    }
 	 },

-	 {
-	    title: "Entity Type",
-	    field: "column_entity",
-	    css: { 
-	       textAlign: 'center'
-	    }
-	 },
-
-	 {
-	    title: "Entity Value",
-	    field: "column_entity_val",
-	    css: { 
-	       textAlign: 'center'
-	    }
-	 },
-
 	 {
 	    title: "Description",
 	    field: "column_msg",
@ -768,15 +786,31 @@ function drawAlertTables(num_alerts, num_engaged_alerts, url_params)
 	 }
      ]
   });
+   });
   </script>
 	      ]]

   end

-   if (num_alerts > 0 or num_engaged_alerts > 0) then
-      print [[

-<a href="#myModal" role="button" class="btn btn-default" data-toggle="modal"><i type="submit" class="fa fa-trash-o"></i> Purge All Alerts</button></a>
+
+   if (num_alerts > 0 or num_flow_alerts > 0 or num_engaged_alerts > 0) then
+      -- trigger the click on the right tab to force table load
+      print[[
+<script type="text/javascript">
+$("[clicked=1]").trigger("click");
+</script>
+]]
+      
+      local entity = nil
+      if _GET["entity"] ~= nil and _GET["entity"] ~= "" then entity = _GET["entity"] end
+      local purge_msg = " Purge All "
+      if entity ~= nil and entity ~= "" then purge_msg = purge_msg..firstToUpper(entity).." " end
+      purge_msg = purge_msg.."Alerts"
+      print [[
+</div> <!-- closes tab-content -->
+
+<a href="#myModal" role="button" class="btn btn-default" data-toggle="modal"><i type="submit" class="fa fa-trash-o"></i>]] print(purge_msg) print[[</button></a>
 
 <!-- Modal -->
 <div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
@ -803,8 +837,8 @@ function drawAlertTables(num_alerts, num_engaged_alerts, url_params)
 	    end
 	 end
      end
-      if _GET["entity"] ~= nil and _GET["entity"] ~= "" then
-	 print('<input name="entity" type="hidden" value="'.._GET["entity"]..'"/>\n')
+      if entity ~= nil and entity ~= "" then
+	 print('<input name="entity" type="hidden" value="'..entity..'"/>\n')
      end
      
      print [[
--- a/scripts/lua/show_alerts.lua
+++ b/scripts/lua/show_alerts.lua
@ -20,17 +20,19 @@ dofile(dirs.installdir .. "/scripts/lua/inc/menu.lua")

 local num_alerts         = interface.getNumAlerts(false --[[ NOT engaged --]])
 local num_engaged_alerts = interface.getNumAlerts(true --[[ engaged --]])
+local num_flow_alerts    = interface.getNumFlowAlerts()
+
 if ntop.getPrefs().are_alerts_enabled == false then
   print("<div class=\"alert alert alert-warning\"><img src=".. ntop.getHttpPrefix() .. "/img/warning.png> Alerts are disabled. Please check the preferences page to enable them.</div>")
 --return
-elseif num_alerts == 0 and num_engaged_alerts == 0 then
+elseif num_alerts == 0 and num_flow_alerts == 0 and num_engaged_alerts == 0 then
   print("<div class=\"alert alert alert-info\"><img src=".. ntop.getHttpPrefix() .. "/img/info_icon.png> No recorded alerts so far for interface "..ifname.."</div>")
 else

   if ntop.isEnterprise() then
-      drawAlertStatsCharts()
+      -- drawAlertStatsCharts()
   end
-   drawAlertTables(num_alerts, num_engaged_alerts)
+   drawAlertTables(num_alerts, num_engaged_alerts, num_flow_alerts)

 end -- closes if ntop.getPrefs().are_alerts_enabled == false then