From de340b66efce4a36fbb1ea425931f7d99da1cb55 Mon Sep 17 00:00:00 2001
From: MatteoBiscosi <m.biscosi.97@gmail.com>
Date: Fri, 11 Dec 2020 09:53:53 +0100
Subject: [PATCH] Fixed #2789 implement remote DNS resolution failure alert

---
 .../alert_dns_positive_error_ratio.lua        | 57 +++++++++++++++++++
 scripts/lua/modules/alert_keys.lua            |  1 +
 2 files changed, 58 insertions(+)
 create mode 100644 scripts/lua/modules/alert_definitions/alert_dns_positive_error_ratio.lua

diff --git a/scripts/lua/modules/alert_definitions/alert_dns_positive_error_ratio.lua b/scripts/lua/modules/alert_definitions/alert_dns_positive_error_ratio.lua
new file mode 100644
index 0000000000..cf97b3e556
--- /dev/null
+++ b/scripts/lua/modules/alert_definitions/alert_dns_positive_error_ratio.lua
@@ -0,0 +1,57 @@
+--
+-- (C) 2019-20 - ntop.org
+--
+
+local alert_keys = require "alert_keys"
+local format_utils = require "format_utils"
+local json = require("dkjson")
+
+-- #######################################################
+
+-- @brief Prepare an alert table used to generate the alert
+-- @param alert_severity A severity as defined in `alert_severities`
+-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
+-- @param alert_subtype A string with the subtype of the alert
+-- @param requests The number of requests
+-- @param replies The number of replies
+-- @return A table with the alert built
+local function createDnsPositiveErrorRatio(alert_severity, alert_granularity, type, positives, errors)
+   local built = {
+      alert_granularity = alert_granularity,
+      alert_severity = alert_severity,
+      alert_type_params = {
+   type = type,
+	 positives = positives,
+	 errors= errors,
+      }
+   }
+
+   return built
+end
+
+-- #######################################################
+
+function dnsPositiveErrorRatioFormatter(ifid, alert, info)
+  local type = ""
+
+  if info.type == "dns_rcvd" then
+    type = "Received"
+  else
+    type = "Sent"
+  end
+  return(i18n("dns_positive_error_ratio.positive_error_ratio_descr", {
+    type = type,
+    positives = info.positives,
+    errors = info.errors,
+  }))
+end
+
+-- #######################################################
+
+return {
+  alert_key = alert_keys.ntopng.alert_dns_positive_error_ratio,
+  i18n_title = "dns_positive_error_ratio.title",
+  i18n_description = dnsPositiveErrorRatioFormatter,
+  icon = "fas fa-exclamation",
+  creator = createDnsPositiveErrorRatio,
+}
diff --git a/scripts/lua/modules/alert_keys.lua b/scripts/lua/modules/alert_keys.lua
index 2064602904..9b9683968d 100644
--- a/scripts/lua/modules/alert_keys.lua
+++ b/scripts/lua/modules/alert_keys.lua
@@ -88,6 +88,7 @@ local alert_keys = {
       alert_unexpected_new_device          = {NO_PEN, 73}, -- scripts/plugins/alerts/security/unexpected_new_device
       alert_shell_script_executed          = {NO_PEN, 74}, -- scripts/plugins/endpoints/shell_alert_endpoint
       alert_periodicity_update             = {NO_PEN, 75}, -- pro/scripts/enterprise_l_plugins/alerts/network/periodicity_update
+      alert_dns_positive_error_ratio       = {NO_PEN, 76}, -- pro/scripts/enterprise_l_plugins/alerts/network/dns_positive_error_ratio
       -- Add here additional keys for alerts generated
       -- by ntopng plugins
       -- WARNING: make sure integers do NOT OVERLAP with