mirror of
https://github.com/ntop/ntopng.git
synced 2026-04-29 15:39:33 +00:00
c7082a4647
alert store skeleton Alert database type changes Implement alert store for host alerts. All alert store skeletons. Fix class method access Enable tracing Implements simple queries for host alerts Implement flow alert store Fixes escaping of INSERT queries Flow alerts database schema fixes Adds escaping for alert JSON in flows and hosts Implements queries .select() for alerts store Adds limit and offset to perform paginated queries Adds new REST getter for flow alerts Name changes alert_severity to severity, alert_json to json Fixes alert message not shown Implement active monitoring alerts store Implements sort of queries in the new dataabase Changes alert_type to alert_id Implement mac alerts store Fixes flow alert messages Implement system alerts store Implement snmp alert store Add missing items to the flow alerts Add missing items to the host alerts Add missing items to the mac alerts Implements COUNT aplerts api Add device_name to snmp alerts add flow alerts templates updated gitignore fix for missing order field add families defined in `alert_store_schema.sql` Reworks and simplifies alert store subclasses Implements REST API to fetch alert timeseries Fixes date in flow REST api Host alert json fix Add get/host/alert/list.lua Move alert/list.lua to alert/past/list.lua Add alert/past/list.lua for all alert families Add entity_id to system table to identify the alert type based on <alert_id, entity_id> Add missing field Implements facilities to query engaged alerts via REST Handle both historical and past alerts in alert/list.lua Fix count Update params of select_historical Implement method to add family-specific filters Add alert/ts.lua for all alert families Implements facilities and REST endpoints to delete alerts Implements ordering of alert queries Fix add_order_by group_by Rest API tests update Tests output update Remove debug trace Use alert_id instead of type. Add more flow alert info. Update http lint Format obsolete tlv version alerts. Add more host info. Add row_id to list of alerts Fix selection of engaged alerts Add test for mac alerts (bcast domains) Removes attempt to format alerts as flow alerts Fixes interface selection for active monitoring Update test output with rest changes Add more fields to be ignores Set alert count to 1 for the time being add bar timeseries chart add apexcharts improvements on timeseries bar chart registered chart callbakcs working on alert page fix for date format Fixes acrive monitoring REST API Fixes alignment of grouped alert data Additional fix for alert histogram remove useless if formatting alerts page fixes on flows alert stats table rename local networks to device format host pagie in alert_stats add tag support for hosts and flow implemented single delete action add release modal Fixes format of threshold cross interface alerts Fixes wrong increase of dropped alerts Implements exclusion list for invalid dns queries Reworks exclusions lists for hosts and flows Addresses #5212 Addresses #5113 Adds host alert keys in host callbacks definitions Adds alert ids to flow callbacks fix for not working button (#5215) Fixes reported timeseries name removed any additional button inside chart's toolbar (#5200) Add tables for interfaces, networks, users to the schema. Skeleton alert_store classes fixed broken range picker layout in firefox (#5199) Alert insert fixes Add more info to network alerts Add rest endpoint for interface, network, user alerts Fix endpoint selection in alerts_stats Unifies columns between engaged and past alerts Fixes Missing mandatory 'alert_granularity' Minor fixes for missing alert_severity Fixes arithmetic on a nil value (field 'last_seen') Fixes get/system/alert/list.lua use tstamp for column names (#5221) Implements host alert formatter Add alerts_store format_record_common Use common format_record for am, system alerts Use common format_record for all alerts Fixes formatting of alerts of all types Fixes nil in function 'hostinfo2label' fixes on disable modal add pages for network, user and interface endpoint (#5224) Set alert_entity in all classes Unifies influxdb alerts into system alerts Addresses #5224 Unifies process alerts into system alerts Addresses #5224 Cleanup unused periodicActivityEntity Unifies category lists alerts into system alerts Addresses #5224 Aligns new alert enums Addresses #5224 Fixes alert page links Fixes insertion of interface alerts Implement filters for Host alerts Fixes active monitoring alerts not triggering Implement filters on flow alerts Fixes for internal alerts timestamp and subtype implements disable for the alerts formatted alert disable label Add address and device type to mac alert records fix for delete alert toggle Fix access to entity_val in alert_unexpected_new_device add mac address and device type inside table Fixes for new alert fields not handled Fixes alert_definitions to handle new fields Add ip/port to snmp alert records Implements deletion of stored flow alerts Add alert_name to all alert records via rest. Fix duration. fixes for snmp tab Implements delete of past host alerts Add name to snmp alert records fixes on system tab Fix Date column fixes link Update menu Fixes bad argument #3 to 'format' in snmp alerts updated interface link new alerts url for host (#5228) Fixes sort of engaged alert Minor cleanup Fixes data returned for local network alerts Fix duration for one shot. Note. Fix duration override Fixes interface selection for system alerts Move host alert page fixes for local network tab Minor fix Fix engaged host alerts fixes on user tab Fix alert_user_activity message
259 lines
8.4 KiB
Lua
259 lines
8.4 KiB
Lua
--
|
|
-- (C) 2017-21 - ntop.org
|
|
--
|
|
-- Module to keep things in common across alert_exclusions of various type
|
|
|
|
local dirs = ntop.getDirs()
|
|
package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
|
|
|
|
require "lua_utils"
|
|
local alert_consts = require "alert_consts"
|
|
local alert_entities = require "alert_entities"
|
|
local json = require "dkjson"
|
|
|
|
-- ##############################################
|
|
|
|
local alert_exclusions = {}
|
|
|
|
-- ##############################################
|
|
|
|
local function _get_alert_exclusions_prefix_key()
|
|
local key = string.format("ntopng.prefs.alert_exclusions")
|
|
|
|
return key
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
local function _get_alert_exclusions_lock_key()
|
|
local key = string.format("ntopng.cache.alert_exclusions.alert_exclusions_lock")
|
|
|
|
return key
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
local function _lock()
|
|
local max_lock_duration = 5 -- seconds
|
|
local max_lock_attempts = 5 -- give up after at most this number of attempts
|
|
local lock_key = _get_alert_exclusions_lock_key()
|
|
|
|
for i = 1, max_lock_attempts do
|
|
local value_set = ntop.setnxCache(lock_key, "1", max_lock_duration)
|
|
|
|
if value_set then
|
|
return true -- lock acquired
|
|
end
|
|
|
|
ntop.msleep(1000)
|
|
end
|
|
|
|
return false -- lock not acquired
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
local function _unlock()
|
|
ntop.delCache(_get_alert_exclusions_lock_key())
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
local function _check_host_ip_alert_key(host_ip, alert_key)
|
|
if not isIPv4(host_ip) and not isIPv6(host_ip) then
|
|
-- Invalid host submitted
|
|
return false
|
|
end
|
|
|
|
if not alert_consts.getAlertType(tonumber(alert_key)) then
|
|
-- Invalid alert key submitted
|
|
return false
|
|
end
|
|
|
|
return true
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
local function _get_configured_alert_exclusions()
|
|
local excl_key = _get_alert_exclusions_prefix_key()
|
|
local configured_excl_str = ntop.getPref(excl_key)
|
|
local configured_excl = json.decode(configured_excl_str) or {}
|
|
|
|
return configured_excl
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
local function _set_configured_alert_exclusions(exclusions)
|
|
local excl_key = _get_alert_exclusions_prefix_key()
|
|
|
|
ntop.setPref(excl_key, json.encode(exclusions)) -- Add the preference
|
|
ntop.reloadAlertExclusions() -- Tell ntopng to reload
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
--@brief Enables or disables an alert for an `host_ip`
|
|
local function _toggle_alert(alert_entity, host_ip, alert_key, disable)
|
|
local ret = false
|
|
|
|
if not _check_host_ip_alert_key(host_ip, alert_key) then
|
|
-- Invalid params submitted
|
|
return false
|
|
end
|
|
|
|
local locked = _lock()
|
|
|
|
if locked then
|
|
-- In JSON, keys are always strings
|
|
alert_key = tostring(alert_key) -- The key of the alert
|
|
local entity_id = tostring(alert_entity.entity_id) -- The entity of the alert that is being disabled, e.g., "host", or "flow"
|
|
|
|
local do_persist = false
|
|
local exclusions = _get_configured_alert_exclusions()
|
|
|
|
-- Add an entry for the current alert entity, if currently exising exclusions don't already have it
|
|
if not exclusions[entity_id] then
|
|
exclusions[entity_id] = {}
|
|
end
|
|
|
|
-- Add an entry for the current alert key, if currently existing exclusions don't already have it
|
|
if not exclusions[entity_id][alert_key] then
|
|
exclusions[entity_id][alert_key] = {excluded_hosts = {}}
|
|
end
|
|
|
|
-- Add an entry for excluded_hosts, if the currently existing exclusions don't already have it
|
|
if not exclusions[entity_id][alert_key]["excluded_hosts"] then
|
|
exclusions[entity_id][alert_key]["excluded_hosts"] = {}
|
|
end
|
|
|
|
-- Now check if there is actually some work to do
|
|
if not disable and exclusions[entity_id][alert_key]["excluded_hosts"][host_ip] then
|
|
-- Enable an host_ip that was disabled
|
|
exclusions[entity_id][alert_key]["excluded_hosts"][host_ip] = nil
|
|
do_persist = true
|
|
elseif disable and not exclusions[entity_id][alert_key]["excluded_hosts"][host_ip] then
|
|
-- Disable an host_ip that was not already disabled
|
|
exclusions[entity_id][alert_key]["excluded_hosts"][host_ip] = { --[[ Currently empty, will possibly contain values in the future, e.g., as_cli, as_srv--]]}
|
|
do_persist = true
|
|
end
|
|
|
|
if do_persist then
|
|
_set_configured_alert_exclusions(exclusions)
|
|
end
|
|
|
|
ret = true
|
|
_unlock()
|
|
end
|
|
|
|
return ret
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
-- @brief Returns true if `host_ip` has the alert identified with `alert_key` disabled
|
|
function _has_disabled_alert(alert_entity, host_ip, alert_key)
|
|
local exclusions = _get_configured_alert_exclusions()
|
|
alert_key = tostring(alert_key)
|
|
local entity_id = tostring(alert_entity.entity_id)
|
|
|
|
return not not (exclusions[entity_id]
|
|
and exclusions[entity_id][alert_key]
|
|
and exclusions[entity_id][alert_key]["excluded_hosts"]
|
|
and exclusions[entity_id][alert_key]["excluded_hosts"][host_ip])
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
-- @brief Returns all excluded hosts for the given `alert_key` or nil if no excluded host exists
|
|
function _get_excluded_hosts(alert_entity, alert_key)
|
|
local exclusions = _get_configured_alert_exclusions()
|
|
|
|
alert_key = tostring(alert_key)
|
|
local entity_id = tostring(alert_entity.entity_id)
|
|
|
|
return exclusions[entity_id]
|
|
and exclusions[entity_id][alert_key]
|
|
and exclusions[entity_id][alert_key]["excluded_hosts"]
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
--@brief Marks a flow alert as disabled for a given `host_ip`, considered either as client or server
|
|
--@return True, if alert is disabled with success, false otherwise
|
|
function alert_exclusions.disable_flow_alert(host_ip, alert_key)
|
|
return _toggle_alert(alert_entities.flow, host_ip, alert_key, true --[[ disable --]])
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
--@brief Marks a flow alert as enabled for a given `host_ip`, considered either as client or server
|
|
--@return True, if alert is enabled with success, false otherwise
|
|
function alert_exclusions.enable_flow_alert(host_ip, alert_key)
|
|
return _toggle_alert(alert_entities.flow, host_ip, alert_key, false --[[ enable --]])
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
-- @brief Returns true if `host_ip` has the flow alert identified with `alert_key` disabled
|
|
function alert_exclusions.has_disabled_flow_alert(host_ip, alert_key)
|
|
return _has_disabled_alert(alert_entities.flow, host_ip, alert_key)
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
--@brief Marks a host alert as disabled for a given `host_ip`
|
|
--@return True, if alert is disabled with success, false otherwise
|
|
function alert_exclusions.disable_host_alert(host_ip, alert_key)
|
|
return _toggle_alert(alert_entities.host, host_ip, alert_key, true --[[ disable --]])
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
--@brief Marks a host alert as enabled for a given `host_ip`
|
|
--@return True, if alert is enabled with success, false otherwise
|
|
function alert_exclusions.enable_host_alert(host_ip, alert_key)
|
|
return _toggle_alert(alert_entities.host, host_ip, alert_key, false --[[ enable --]])
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
-- @brief Returns true if `host_ip` has the host alert identified with `alert_key` disabled
|
|
function alert_exclusions.has_disabled_host_alert(host_ip, alert_key)
|
|
return _has_disabled_alert(alert_entities.host, host_ip, alert_key)
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
-- @brief Returns all the excluded hosts for the host alert identified with `alert_key`
|
|
function alert_exclusions.host_alerts_get_excluded_hosts(alert_key)
|
|
return _get_excluded_hosts(alert_entities.host, alert_key) or {}
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
-- @brief Returns all the excluded hosts for the flowt alert identified with `alert_key`
|
|
function alert_exclusions.flow_alerts_get_excluded_hosts(alert_key)
|
|
return _get_excluded_hosts(alert_entities.flow, alert_key) or {}
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
-- @brief Delete all alert_exclusions
|
|
function alert_exclusions.cleanup()
|
|
local locked = _lock()
|
|
|
|
if locked then
|
|
local excl_key = _get_alert_exclusions_prefix_key()
|
|
|
|
ntop.delCache(excl_key)
|
|
ntop.reloadAlertExclusions() -- Tell ntopng to reload
|
|
|
|
_unlock()
|
|
end
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
return alert_exclusions
|