Adds optional JSON syslog alert format

2026-05-08 14:50:54 +00:00 · 2018-09-06 17:23:56 +02:00 · 2018-09-06 17:23:56 +02:00 · a86239fac3
commit a86239fac3
parent 603bc2d31c
5 changed files with 61 additions and 8 deletions
--- a/scripts/lua/modules/alert_endpoints/syslog.lua
+++ b/scripts/lua/modules/alert_endpoints/syslog.lua
@ -17,11 +17,16 @@ function syslog.dequeueAlerts(queue)
      return {success = true}
   end

+   local syslog_format = ntop.getPref("ntopng.prefs.syslog_alert_format")
+   if isEmptyString(syslog_format) then
+      syslog_format = "plaintext"
+   end
+
   -- Separate by severity and channel
   local alerts_by_types = {}

   for _, json_message in ipairs(notifications) do
-      local notif = alertNotificationToObject(json_message)
+     local notif = alertNotificationToObject(json_message)

      alerts_by_types[notif.entity_type] = alerts_by_types[notif.entity_type] or {}
      alerts_by_types[notif.entity_type][notif.severity] = alerts_by_types[notif.entity_type][notif.severity] or {}
@ -32,12 +37,24 @@ function syslog.dequeueAlerts(queue)
      for severity, notifications in pairs(by_severity) do
 	 -- Most recent notifications first
 	 for _, notif in pairsByValues(notifications, notification_timestamp_rev) do
-	    local msg = formatAlertNotification(notif, {nohtml = true,
-							show_severity = true,
-							show_entity = true})
-
-
 	    local syslog_severity = alertLevelToSyslogLevel(notif.severity)
+
+	    local msg
+
+	    if syslog_format == "plaintext" then
+	       -- prepare a plaintext message
+	       msg = formatAlertNotification(notif, {nohtml = true,
+						     show_severity = true,
+						     show_entity = true})
+	    else -- syslog_format == "json" then
+	       -- send out the json message but prepare a nice
+	       -- message
+	       notif.message  = formatAlertNotification(notif, {nohtml = true,
+								show_severity = false,
+								show_entity = false})
+	       msg = json.encode(notif)
+	    end
+
 	    ntop.syslog(msg, syslog_severity)
 	 end
      end
--- a/scripts/lua/modules/http_lint.lua
+++ b/scripts/lua/modules/http_lint.lua
@ -103,6 +103,13 @@ local function validateNumber(p)
      return false
   end
 end
+local function validateSyslogFormat(p)
+   if p == "plaintext" or p == "json" then
+      return true
+   end
+
+   return false
+end

 local function validatePort(p)
   if not validateNumber(p) then
@ -1063,6 +1070,7 @@ local known_parameters = {
   ["max_num_flow_alerts"]                         = validateNumber,
   ["max_num_packets_per_tiny_flow"]               = validateNumber,
   ["max_num_bytes_per_tiny_flow"]                 = validateNumber,
+   ["syslog_alert_format"]                         = validateEmptyOr(validateSyslogFormat),
   ["nagios_nsca_port"]                            = validateEmptyOr(validatePort),
   ["nagios_send_nsca_executable"]                 = validateAbsolutePath,
   ["nagios_send_nsca_config"]                     = validateAbsolutePath,
--- a/scripts/lua/modules/prefs_menu.lua
+++ b/scripts/lua/modules/prefs_menu.lua
@ -234,6 +234,9 @@ local menu_subpages = {
    }, slack_webhook = {
      title       = i18n("prefs.slack_webhook_title"),
      description = i18n("prefs.slack_webhook_description"),
+    }, syslog_alert_format = {
+      title       = i18n("prefs.syslog_alert_format_title"),
+      description = i18n("prefs.syslog_alert_format_description"),
    }, toggle_alert_syslog = {
      title       = i18n("prefs.toggle_alert_syslog_title"),
      description = i18n("prefs.toggle_alert_syslog_description"),