mirror of
https://github.com/ntop/ntopng.git
synced 2026-04-30 16:09:32 +00:00
106 lines
3.3 KiB
Lua
106 lines
3.3 KiB
Lua
--
|
|
-- (C) 2014-17 - ntop.org
|
|
--
|
|
|
|
--[[
|
|
|
|
This file contains a set of functions used to handle alerts that have a state. This kind of alerts
|
|
have, by definition, a duration associated and, thus, they can either be 'ongoing' or 'withdrawn'.
|
|
|
|
Alerts become 'ongoing' the first time they are fired, and must be explicitly 'withdrawn'
|
|
when they become unactive.
|
|
|
|
--]]
|
|
|
|
|
|
j = require("dkjson") -- NOTE: this is already required in scripts/lua/modules/alert_utils.lua
|
|
require "persistence"
|
|
|
|
function get_host_ongoing_hash_name(ifid, host_ip, host_vlan)
|
|
--[[
|
|
generated hash name examples are:
|
|
1) "ntopng.alerts.ifid_6.ongoing.hosts.192.168.2.126@0"
|
|
2) "ntopng.alerts.ifid_6.ongoing.hosts.192.168.2.130@0"
|
|
--]]
|
|
|
|
if tonumber(ifid) == nil then return nil end
|
|
if not isIPv4(host_ip) and not isIPv6(host_ip) then return nil end
|
|
if tonumber(host_vlan) == nil or tonumber(host_vlan) < 0 then return nil end
|
|
|
|
local host_ongoing_hash_name = "ntopng.alerts.%ifid%.ongoing.hosts.%host%"
|
|
host_ongoing_hash_name = string.gsub(host_ongoing_hash_name,
|
|
"%%ifid%%",
|
|
"ifid_"..tostring(ifid))
|
|
host_ongoing_hash_name = string.gsub(host_ongoing_hash_name,
|
|
"%%host%%",
|
|
tostring(host_ip).."@"..tostring(host_vlan))
|
|
return host_ongoing_hash_name
|
|
end
|
|
|
|
function get_alert_ongoing_hash_key(alert_id, alert_type)
|
|
if alert_type == nil or alert_type == "" or tostring(alert) == nil then return nil end
|
|
|
|
-- the alert is identified by a mandatory type
|
|
local key = "type_"..tostring(alert_type)
|
|
-- and an optional id that uniquely represent an alert within its type
|
|
if tostring(alert_id) ~= nil and tostring(alert_id) ~= "" then
|
|
-- possibly app
|
|
key = key.."_id_"..tostring(alert_id)
|
|
end
|
|
|
|
return key
|
|
end
|
|
|
|
function get_threshold_alert_id(timespan, metric)
|
|
if is_allowed_timespan(timespan) == false or is_allowed_alarmable_metric(metric) == false then
|
|
return nil
|
|
end
|
|
|
|
-- the alert is identified by a mandatory type
|
|
local alert_type = 2 -- for the type see alert_type_keys in lua_utils.lua
|
|
local key = "type_"..tostring(alert_type)
|
|
-- and an optional id that uniquely represent an alert within its type
|
|
if tostring(alert_id) ~= nil and tostring(alert_id) ~= "" then
|
|
-- possibly app
|
|
key = key.."_id_"..tostring(timespan).."_"..tostring(metric)
|
|
end
|
|
|
|
return key
|
|
end
|
|
|
|
function forge_alert(alert, alert_severity, alert_type, alert_msg, close)
|
|
if alert == nil or alert == "" then return nil end
|
|
if alert_msg == nil then alert_msg = "" end
|
|
|
|
local alert_j = alert
|
|
if type(alert) == "string" then
|
|
alert_j = j.decode(alert, 1, nil)
|
|
elseif type(alert) ~= "table" then
|
|
return nil
|
|
end
|
|
|
|
-- do not override the first seen
|
|
if alert_j["first_seen"] == nil then
|
|
alert_j["first_seen"] = os.time()
|
|
end
|
|
|
|
-- set last_seen only if this call is to close an outgoing alert
|
|
if close ~= nil and tonumber(close) ~= nil then
|
|
alert_j["last_seen"] = close
|
|
end
|
|
|
|
-- always override those guys
|
|
if alert_severity ~= nil and alert_severity ~= "" then
|
|
alert_j["alert_severity"] = alert_severity
|
|
end
|
|
if alert_type ~= nil and alert_type ~= "" then
|
|
alert_j["alert_type"] = alert_type
|
|
end
|
|
|
|
if alert_msg ~= nil and alert_msg ~= "" then
|
|
alert_j["alert_msg"] = alert_msg
|
|
end
|
|
|
|
return alert_j
|
|
end
|
|
|