Implements 'Subject' column for interface alerts

Addresses #5563
2026-05-06 03:45:26 +00:00 · 2021-06-24 15:51:17 +02:00 · 2021-06-24 15:51:17 +02:00 · 63168f5ff2
commit 63168f5ff2
parent 648b0758cd
15 changed files with 28 additions and 12 deletions
--- a/scripts/lua/modules/alert_definitions/other/alert_periodic_activity_not_executed.lua
+++ b/scripts/lua/modules/alert_definitions/other/alert_periodic_activity_not_executed.lua
@ -32,14 +32,16 @@ alert_periodic_activity_not_executed.meta = {
 -- ##############################################

 -- @brief Prepare an alert table used to generate the alert
+-- @param ps_name A string with the name of the periodic activity
 -- @param last_queued_time The time when the periodic activity was executed for the last time, as a unix epoch
 -- @return A table with the alert built
-function alert_periodic_activity_not_executed:init(last_queued_time)
+function alert_periodic_activity_not_executed:init(ps_name, last_queued_time)
   -- Call the parent constructor
   self.super:init()

   self.alert_type_params = {
-	   last_queued_time = last_queued_time,
+      ps_name = ps_name,
+      last_queued_time = last_queued_time,
   }
 end

--- a/scripts/lua/modules/alert_store/interface_alert_store.lua
+++ b/scripts/lua/modules/alert_store/interface_alert_store.lua
@ -34,17 +34,19 @@ end
 function interface_alert_store:insert(alert)
   local name = getInterfaceName(alert.ifid)
   local alias = getHumanReadableInterfaceName(name)
+   local subtype = alert.subtype or ''

   local insert_stmt = string.format("INSERT INTO %s "..
-      "(alert_id, tstamp, tstamp_end, severity, score, ifid, name, alias, granularity, json) "..
-      "VALUES (%u, %u, %u, %u, %u, %d, '%s', '%s', %u, '%s'); ",
-      self._table_name, 
+      "(alert_id, tstamp, tstamp_end, severity, score, ifid, subtype, name, alias, granularity, json) "..
+      "VALUES (%u, %u, %u, %u, %u, %d, '%s', '%s', '%s', %u, '%s'); ",
+      self._table_name,
      alert.alert_id,
      alert.tstamp,
      alert.tstamp_end,
      ntop.mapScoreToSeverity(alert.score),
      alert.score,
      alert.ifid,
+      self:_escape(subtype),
      self:_escape(name),
      self:_escape(alias),
      alert.granularity,
@ -66,6 +68,7 @@ end

 local RNAME = {
   ALERT_NAME = { name = "alert_name", export = true},
+   SUBTYPE = { name = "subtype", export = true},
   MSG = { name = "msg", export = true, elements = {"name", "value", "description"}}
 }

@ -78,10 +81,12 @@ function interface_alert_store:format_record(value, no_html)
   local record = self:format_json_record_common(value, alert_entities.interface.entity_id, no_html)

   local alert_name = alert_consts.alertTypeLabel(tonumber(value["alert_id"]), no_html, alert_entities.interface.entity_id)
+   local subtype = value.subtype
   local alert_info = alert_utils.getAlertInfo(value)
   local msg = alert_utils.formatAlertMessage(interface.getId(), value, alert_info)

   record[RNAME.ALERT_NAME.name] = alert_name
+   record[RNAME.SUBTYPE.name] = subtype

   if string.lower(noHtml(msg)) == string.lower(noHtml(alert_name)) then
      msg = ""
--- a/scripts/lua/modules/alert_utils.lua
+++ b/scripts/lua/modules/alert_utils.lua
@ -804,8 +804,8 @@ function alert_utils.formatBehaviorAlert(params, anomalies, stats, id, subtype,
 
      alert:set_score_warning()
      alert:set_granularity(params.granularity)
-      alert:set_subtype(subtype .. "_" .. id)
- 
+      alert:set_subtype(name)
+
      -- Trigger an alert if an anomaly is found
      if anomaly_table["anomaly"] == true then
         alert:trigger(params.alert_entity, nil, params.cur_alerts)