Update alert score threshold with flows info (#6714) (#7197)

2026-05-10 00:42:14 +00:00 · 2023-02-03 11:36:19 +01:00 · 2023-02-03 11:36:19 +01:00 · 378232f808
commit 378232f808
parent 16b5ee645b
3 changed files with 45 additions and 2 deletions
--- a/scripts/lua/modules/alert_consts.lua
+++ b/scripts/lua/modules/alert_consts.lua
@ -161,7 +161,7 @@ end
 -- ##############################################

 function alert_consts.formatHostAlert(ifid, host, vlan)
-   return hostinfo2label({host = host, vlan = vlan})
+   return hostinfo2label({host = host, vlan = vlan}, vlan)
 end

 -- ##############################################
--- a/scripts/lua/modules/alert_definitions/host/host_alert_score_threshold.lua
+++ b/scripts/lua/modules/alert_definitions/host/host_alert_score_threshold.lua
@ -51,9 +51,51 @@ function host_alert_score_threshold.format(ifid, alert, alert_type_params)
   local host = alert_consts.formatHostAlert(ifid, alert["ip"], alert["vlan_id"])
   local threshold = alert_type_params["threshold"] or 0
   local as_cli_or_srv = i18n("client")
+   local as_cli = true

   if alert_type_params["is_client_alert"] == false then
      as_cli_or_srv = i18n("server")
+      as_cli = false
+   end
+   
+   local flows_info_href = '(check live:  <a href="' .. ntop.getHttpPrefix().."/lua/flows_stats.lua?host="..host..'" data-placement="bottom" title="Live Flow Explorer"><i class="fas fa-search-plus"></i></a>)'
+   local ifName = _GET["ifid"]
+   if ntop.isClickHouseEnabled() then
+
+      local extra_params = {
+         ifid = {
+            value = ifName,
+            operator = "eq"
+         },
+         epoch_begin = {
+            value = _GET["epoch_begin"],
+            operator = "eq"
+         },
+         epoch_end = {
+            value = _GET["epoch_end"],
+            operator = "eq"
+         }
+      }
+      if alert["vlan_id"] ~= 0 then
+         extra_params.vlan_id = {
+            value = alert["vlan_id"],
+            operator = "eq"
+         }
+      end      
+
+      if as_cli then 
+         extra_params.cli_ip = {
+            value = alert["ip"],
+            operator = "eq"
+         }
+      else 
+         extra_params.srv_ip = {
+            value = alert["ip"],
+            operator = "eq"
+         }
+      end
+
+      flows_info_href = flows_info_href..' (check historical: <a href="' .. add_historical_flow_explorer_button_ref(extra_params,true) ..'" data-placement="bottom" title="Historical Flow Explorer"><i class="fas fa-search-plus"></i></a>)' 
   end

   if (tonumber(alert_type_params["value"]) > tonumber(threshold)) and (threshold > 0) then
@ -63,6 +105,7 @@ function host_alert_score_threshold.format(ifid, alert, alert_type_params)
         cli_or_srv = as_cli_or_srv,
         value = alert_type_params["value"],
         threshold = threshold,
+         flows_info = flows_info_href
      })
   end
 end