vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 07:29:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Remove engaged alerts from sqlite

Browse source
This commit is contained in:
emanuele-f 2019-07-17 16:29:42 +02:00
parent 22211af8c2
commit 5444f027ed
8 changed files with 168 additions and 466 deletions
Download patch file Download diff file Expand all files Collapse all files

151
scripts/lua/modules/alerts_api.lua
View file

@ -90,6 +90,7 @@ end
-- ##############################################
-- TODO remove
--! @brief Triggers a new alert or refreshes an existing one (if already engaged)
--! @param entity_value the string representing the entity of the alert (e.g. "192.168.1.1")
--! @param alert_message the message (string) or json (table) to store
@ -104,68 +105,27 @@ function alerts:trigger(entity_value, alert_message, when)
msg = json.encode(alert_message)
end
local rv = interface.triggerAlert(when, self.periodicity,
local rv = interface.storeAlert(when, when, self.periodicity,
self.type_id, self.subtype or "", self.severity_id,
self.entity_type_id, entity_value, msg)
if(rv ~= nil) then
if(rv.success and rv.new_alert) then
local action = ternary(self.periodicity, "engage", "store")
local message = {
ifid = interface.getId(),
entity_type = self.entity_type_id,
entity_value = entity_value,
type = self.entity_type_id,
severity = self.severity_id,
message = msg,
tstamp = when,
action = action,
}
if(rv) then
local action = "store"
local message = {
ifid = interface.getId(),
entity_type = self.entity_type_id,
entity_value = entity_value,
type = self.entity_type_id,
severity = self.severity_id,
message = msg,
tstamp = when,
action = action,
}
alert_endpoints.dispatchNotification(message, json.encode(message))
end
alert_endpoints.dispatchNotification(message, json.encode(message))
end
return(rv.success)
end
-- ##############################################
--! @brief Manually releases an engaged alert
--! @param entity_value the string representing the entity of the alert (e.g. "192.168.1.1")
--! @param when (optional) the time when the release event occurs
--! @note Alerts are also automatically released based on their periodicity,
--! @return true on success, false otherwise
function alerts:release(entity_value, when)
when = when or os.time()
local rv = interface.releaseAlert(when, self.periodicity,
self.type_id, self.subtype or "", self.severity_id, self.entity_type_id, entity_value)
if(rv ~= nil) then
if(rv.success and rv.rowid) then
local res = interface.queryAlertsRaw("SELECT alert_json", string.format("WHERE rowid=%u", rv.rowid))
if((res ~= nil) and (#res == 1)) then
local msg = res[1].alert_json
local message = {
ifid = interface.getId(),
entity_type = self.entity_type_id,
entity_value = entity_value,
type = self.entity_type_id,
severity = self.severity_id,
message = msg,
tstamp = when,
action = "release",
}
alert_endpoints.dispatchNotification(message, json.encode(message))
end
end
end
return(rv.success)
return(rv)
end
-- ##############################################
@ -189,7 +149,7 @@ end
-- ##############################################
-- TODO unify alerts and metadataications format
-- TODO unify alerts and metadata/notications format
function alerts.parseNotification(metadata)
local alert_id = makeAlertId(alertType(metadata.type), metadata.alert_subtype, metadata.alert_periodicity, alertEntity(metadata.entity_type))
@ -209,6 +169,24 @@ end
-- ##############################################
-- TODO unify alerts and metadata/notications format
function alerts.alertNotificationToRecord(notif)
return {
alert_entity = alertEntity(notif.entity_type),
alert_type = alertType(notif.type),
alert_severity = alertSeverity(notif.severity),
periodicity = notif.periodicity,
alert_subtype = notif.subtype,
alert_entity_val = notif.entity_value,
alert_tstamp = notif.tstamp,
alert_tstamp_end = notif.tstamp_end or notif.tstamp,
alert_granularity = notif.granularity,
alert_json = notif.message,
}
end
-- ##############################################
local function get_alert_triggered_key(type_info)
return(string.format("%d@%s", type_info.alert_type.alert_id, type_info.alert_subtype or ""))
end
@ -259,20 +237,14 @@ function alerts.processPendingAlertEvents(deadline)
interface.select(tostring(event.ifid))
if(event.action == "release") then
to_call = interface.releaseAlert
else
to_call = interface.triggerAlert
interface.storeAlert(
event.tstamp, event.tstamp_end, event.granularity,
event.type, event.subtype or "", event.severity,
event.entity_type, event.entity_value,
event.message) -- event.message: nil for "release"
end
rv = to_call(
event.tstamp, event.granularity,
event.type, event.subtype or "", event.severity,
event.entity_type, event.entity_value,
event.message) -- event.message: nil for "release"
if(rv.success) then
alert_endpoints.dispatchNotification(event, event_json)
end
alert_endpoints.dispatchNotification(event, event_json)
if(os.time() > deadline) then
break
@ -347,27 +319,28 @@ end
--! @note The actual release is performed asynchronously
--! @return true on success, false otherwise
function alerts.new_release(entity_info, type_info)
when = when or os.time()
local now = os.time()
local granularity_sec = type_info.alert_granularity and type_info.alert_granularity.granularity_seconds or 0
local granularity_id = type_info.alert_granularity and type_info.alert_granularity.granularity_id or nil
local subtype = type_info.alert_subtype or ""
local alert_key_name = get_alert_triggered_key(type_info)
local released = nil
if(granularity_id ~= nil) then
local released = true
local alert_key_name = get_alert_triggered_key(type_info)
if((host.releaseTriggeredAlert) and (entity_info.alert_entity.entity_id == alertEntity("host"))) then
released = host.releaseTriggeredAlert(alert_key_name, granularity_id)
elseif((interface.releaseTriggeredAlert) and (entity_info.alert_entity.entity_id == alertEntity("interface"))) then
released = interface.releaseTriggeredAlert(alert_key_name, granularity_id)
elseif((network.releaseTriggeredAlert) and (entity_info.alert_entity.entity_id == alertEntity("network"))) then
released = network.releaseTriggeredAlert(alert_key_name, granularity_id)
else
alertErrorTraceback("Unsupported entity" .. entity_info.alert_entity.entity_id)
return(false)
end
if((host.releaseTriggeredAlert) and (entity_info.alert_entity.entity_id == alertEntity("host"))) then
triggered = host.releaseTriggeredAlert(alert_key_name, granularity_id)
elseif((interface.releaseTriggeredAlert) and (entity_info.alert_entity.entity_id == alertEntity("interface"))) then
triggered = interface.releaseTriggeredAlert(alert_key_name, granularity_id)
elseif((network.releaseTriggeredAlert) and (entity_info.alert_entity.entity_id == alertEntity("network"))) then
triggered = network.releaseTriggeredAlert(alert_key_name, granularity_id)
end
if(not released) then
if(do_trace) then print("[DON'T Release alert (already not triggered?) @ "..granularity_sec.."] "..
entity_info.alert_entity_val .."@"..type_info.alert_type.i18n_title.."\n") end
return(false)
end
if(released == nil) then
if(do_trace) then print("[DON'T Release alert (already not triggered?) @ "..granularity_sec.."] "..
entity_info.alert_entity_val .."@"..type_info.alert_type.i18n_title..":".. subtype .. "\n") end
return(false)
end
local alert_event = {
@ -377,8 +350,10 @@ function alerts.new_release(entity_info, type_info)
entity_value = entity_info.alert_entity_val,
type = type_info.alert_type.alert_id,
severity = type_info.alert_type.severity.severity_id,
subtype = type_info.alert_subtype or "",
tstamp = when,
subtype = subtype,
tstamp = released.alert_tstamp,
tstamp_end = released.alert_tstamp_end,
message = released.alert_json,
action = "release",
}