Add sample custom query for host alerts. Fix host alerts format to handle empty fields.

2026-05-06 03:45:26 +00:00 · 2023-07-24 15:50:59 +02:00 · 2023-07-24 15:50:59 +02:00 · 7a314e9d69
commit 7a314e9d69
parent 96620bfe77
7 changed files with 100 additions and 10 deletions
--- a/scripts/lua/modules/alert_definitions/flow/alert_packets_issues.lua
+++ b/scripts/lua/modules/alert_definitions/flow/alert_packets_issues.lua
@ -46,12 +46,15 @@ end
 -- @return A human-readable string
 function alert_tcp_packets_issues.format(ifid, alert, alert_type_params)
  local msg = ''
-  
-  if alert_type_params.lost > alert_type_params.lost_threshold then
+ 
+  if alert_type_params.lost and alert_type_params.lost_threshold and 
+     alert_type_params.lost > alert_type_params.lost_threshold then
    msg = i18n("flow_checks_config.tcp_packets_issues_alert", { type = 'loss', value = alert_type_params.lost, threshold = alert_type_params.lost_threshold })
-  elseif alert_type_params.retransmission > alert_type_params.retransmission_threshold then
+  elseif alert_type_params.retransmission and alert_type_params.retransmission_threshold and 
+         alert_type_params.retransmission > alert_type_params.retransmission_threshold then
    msg = i18n("flow_checks_config.tcp_packets_issues_alert", { type = 'retransmission', value = alert_type_params.retransmission, threshold = alert_type_params.retransmission_threshold })
-  elseif alert_type_params.out_of_order > alert_type_params.out_of_order_threshold then
+  elseif alert_type_params.out_of_order and alert_type_params.out_of_order_threshold and 
+         alert_type_params.out_of_order > alert_type_params.out_of_order_threshold then
    msg = i18n("flow_checks_config.tcp_packets_issues_alert", { type = 'out of order', value = alert_type_params.out_of_order, threshold = alert_type_params.out_of_order_threshold })
  end

--- a/scripts/lua/modules/alert_store/host_alert_store.lua
+++ b/scripts/lua/modules/alert_store/host_alert_store.lua
@ -384,6 +384,25 @@ function host_alert_store:format_record(value, no_html)

    record[RNAME.LINK_TO_PAST_FLOWS.name] = alert_utils.getLinkToPastFlows(ifid, value, alert_info)

+   -- Add Tag filters (e.g. to jump from custom queries to raw alerts)
+
+   record['filter'] = {}
+
+   local filters = {}
+   local op_suffix = 'eq'
+
+   if not isEmptyString(value["alert_id"]) and tonumber(value["alert_id"]) > 0 then
+      filters[#filters+1] = { id = "alert_id", value = value["alert_id"], op = op_suffix }
+   end
+   if not isEmptyString(value["vlan_id"]) and tonumber(value["vlan_id"]) > 0 then
+      filters[#filters+1] = { id = "vlan_id", value = value["vlan_id"], op = op_suffix }
+   end
+   if not isEmptyString(value["ip"]) then
+      filters[#filters+1] = { id = "ip", value = value["ip"], op = op_suffix }
+   end
+
+   record['filter'].tag_filters = filters
+
    return record
 end

--- a/scripts/lua/modules/alert_utils.lua
+++ b/scripts/lua/modules/alert_utils.lua
@ -313,14 +313,14 @@ function alert_utils.formatAlertMessage(ifid, alert, alert_json)
        alert_json = alert_utils.getAlertInfo(alert)
    end

-    msg = alert_json
    local description = alertTypeDescription(alert.alert_id, alert.entity_id)

+    msg = alert_json
    if (type(description) == "string") then
        -- localization string
        msg = i18n(description, msg)
    elseif (type(description) == "function") then
-        msg = description(ifid, alert, msg)
+        msg = description(ifid, alert, alert_json)
    end

    if (type(msg) == "table") then
@ -424,13 +424,15 @@ function alert_utils.getLinkToPastFlows(ifid, alert, alert_json)
        return
    end

+    local epoch_begin = alert["tstamp"]
+    local epoch_end = alert["tstamp_end"]
+
    -- Fetch the alert id
    local alert_id = alert_consts.getAlertType(alert.alert_id, alert.entity_id)
-    if alert_id then
+    if alert_id and epoch_begin and epoch_end then
        local final_filter = {}
        local filters = {}
-        local epoch_begin = alert["tstamp"]
-        local epoch_end = alert["tstamp_end"]
+
        -- Look a bit around the epochs
        epoch_begin = epoch_begin - (5 * 60)
        epoch_end = epoch_end + (5 * 60)
--- a/scripts/lua/modules/datatable_utils.lua
+++ b/scripts/lua/modules/datatable_utils.lua
@ -319,6 +319,7 @@ local all_datatable_columns_def_by_tag = {
      class = { "no-wrap" },
      render_generic = "vlan_id",
   },
+   ['ip'] = build_datatable_column_def_ip('ip', "db_search.host"),
   ['cli_ip'] = build_datatable_column_def_ip('cli_ip', "db_search.client"),
   ['srv_ip'] = build_datatable_column_def_ip('srv_ip', "db_search.server"),
   ['cli_port'] = build_datatable_column_def_port('cli_port', "db_search.cli_port"),