Trigger host alerts for collected syslog messages (also to companions)

2026-05-03 17:30:11 +00:00 · 2020-05-18 12:52:38 +02:00 · 2020-05-18 12:52:38 +02:00 · e8fcbd2a90
commit e8fcbd2a90
parent 4901adb927
5 changed files with 107 additions and 0 deletions
--- a/scripts/plugins/host_log_collector/user_scripts/syslog/host_log.lua
+++ b/scripts/plugins/host_log_collector/user_scripts/syslog/host_log.lua
@ -6,7 +6,9 @@ local dirs = ntop.getDirs()
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 require "lua_utils"
 local alert_consts = require("alert_consts")
+local alerts_api = require "alerts_api"
 local user_scripts = require("user_scripts")
+local companion_interface_utils = require "companion_interface_utils"

 local syslog_module = {
  -- Script category
@ -64,6 +66,17 @@ end

 -- #################################################################

+-- The function below returns a subtype for the log based on a simple hash
+local function getLogSubtype(line)
+   local hash = 0
+   for i = 1, #line do
+    hash = hash + line:byte(i)
+   end
+   return tostring(hash)
+end
+
+-- #################################################################
+
 -- The function below is called for each received alert
 function syslog_module.hooks.handleEvent(message, host, priority)
   -- Priority = Facility * 8 + Level
@ -75,6 +88,44 @@ function syslog_module.hooks.handleEvent(message, host, priority)

   -- traceError(TRACE_NORMAL, TRACE_CONSOLE, "[host="..host.."][facility="..facility_name.."][level="..level_name.."][message="..message.."]")

+   if isEmptyString(host) then
+      return
+   end
+
+   -- Discard info messages (we should probably add a conf for this)
+   if level > 4 then
+      return
+   end
+
+   local entity = alerts_api.hostAlertEntity(host, 0)
+
+   local severity = alert_consts.alert_severities.info
+   if level <= 3 then
+      severity = alert_consts.alert_severities.error
+   elseif level <= 4 then
+      severity = alert_consts.alert_severities.warning
+   end
+
+   local type_info = alert_consts.alert_types.alert_host_log.create(
+      getLogSubtype(message),
+      severity,
+      host,
+      level_name,
+      facility_name,
+      message)
+
+   -- Deliver alert
+   alerts_api.store(entity, type_info)
+
+   -- Deliver to companion if any
+   local companion_of = companion_interface_utils.getCurrentCompanionOf(interface.getId())
+   local curr_iface = tostring(interface.getId())
+   for _, m in pairs(companion_of) do
+      interface.select(m)
+      alerts_api.store(entity, type_info)
+   end
+   interface.select(curr_iface)
+
 end 

 -- #################################################################