Changed behavior anomaly alert (#5521)

2026-05-06 03:45:26 +00:00 · 2021-06-21 09:41:04 +02:00 · 2021-06-21 09:41:04 +02:00 · f4d4543fab
commit f4d4543fab
parent eb69bc8369
3 changed files with 25 additions and 12 deletions
--- a/scripts/lua/modules/alert_definitions/flow/alert_behavior_anomaly.lua
+++ b/scripts/lua/modules/alert_definitions/flow/alert_behavior_anomaly.lua
@ -29,7 +29,7 @@ alert_behavior_anomaly.meta = {
 -- @param lower_bound The lower bound of the measurement
 -- @param upper_bound The upper bound of the measurement
 -- @return A table with the alert built
-function alert_behavior_anomaly:init(entity, type_of_behaviour, value, upper_bound, lower_bound)
+function alert_behavior_anomaly:init(entity, type_of_behaviour, value, upper_bound, lower_bound, href)
   -- Call the parent constructor
   self.super:init()

@ -39,6 +39,7 @@ function alert_behavior_anomaly:init(entity, type_of_behaviour, value, upper_bou
         value = value,
         upper_bound = upper_bound,
         lower_bound = lower_bound,
+         href = href,
   }
 end

@ -52,11 +53,12 @@ end
 function alert_behavior_anomaly.format(ifid, alert, alert_type_params)
   return(i18n("alerts_dashboard.unexpected_behavior_anomaly_description",
 		{
-		   entity = alert_type_params.entity,
-		   type_of_behaviour = alert_type_params.type_of_behaviour,
-		   value = alert_type_params.value,
+		   entity = alert_type_params.entity or "",
+		   type_of_behaviour = alert_type_params.type_of_behaviour or "",
+		   value = alert_type_params.value or 0,
 		   lower_bound = alert_type_params.lower_bound or 0,
 		   upper_bound = alert_type_params.upper_bound or 0,
+         href = alert_type_params.href or "",
 		}))
 end

--- a/scripts/lua/modules/alert_utils.lua
+++ b/scripts/lua/modules/alert_utils.lua
@ -777,15 +777,26 @@ function alert_utils.notify_ntopng_stop()
   return(notify_ntopng_status(false))
 end

-function alert_utils.formatBehaviorAlert(params, anomalies, stats, id, subtype)
+function alert_utils.formatBehaviorAlert(params, anomalies, stats, id, subtype, name)
   -- Cycle throught the behavior stats
-   for anomaly_type, anomaly in pairs(anomalies) do
+   for anomaly_type, anomaly_table in pairs(anomalies) do
+      local lower_bound = stats[anomaly_type]["lower_bound"]
+      local upper_bound = stats[anomaly_type]["upper_bound"]
+      local value = stats[anomaly_type]["value"]
+      
+      if anomaly_table["formatter"] then
+         value = anomaly_table["formatter"](value)
+         lower_bound = anomaly_table["formatter"](lower_bound)
+         upper_bound = anomaly_table["formatter"](upper_bound)
+      end
+
      local alert = alert_consts.alert_types.alert_behavior_anomaly.new(
-         i18n(subtype .. "_id", {id = id}),
+         i18n(subtype .. "_id", {id = name or id}),
         i18n("alert_behaviors." .. anomaly_type),
-         stats[anomaly_type]["value"],
-         stats[anomaly_type]["lower_bound"],
-         stats[anomaly_type]["upper_bound"]
+         value,
+         lower_bound,
+         upper_bound,
+         anomaly_table["href"]
      )

      alert:set_score_warning()
@ -793,7 +804,7 @@ function alert_utils.formatBehaviorAlert(params, anomalies, stats, id, subtype)
      alert:set_subtype(subtype .. "_" .. id)

      -- Trigger an alert if an anomaly is found
-      if anomaly == true then
+      if anomaly_table["anomaly"] == true then
         alert:trigger(params.alert_entity, nil, params.cur_alerts)
      else
         alert:release(params.alert_entity, nil, params.cur_alerts)