mirror of
https://github.com/ntop/ntopng.git
synced 2026-05-09 07:39:03 +00:00
134 lines
4.8 KiB
Lua
134 lines
4.8 KiB
Lua
--
|
|
-- (C) 2014-16 - ntop.org
|
|
--
|
|
|
|
--[[
|
|
|
|
This file contains the set of API functions used to deal with stateful alerts.
|
|
|
|
--]]
|
|
|
|
-- dirs = ntop.getDirs()
|
|
-- package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
|
|
require "alert_state_utils"
|
|
require "lua_utils"
|
|
|
|
function refresh_threshold_alert_configuration(alert_source, ifname, timespan, alerts_string)
|
|
if tostring(alerts_string) == nil then return nil end
|
|
if is_allowed_timespan(timespan) == false then return nil end
|
|
local ifid = getInterfaceId(ifname)
|
|
-- check if we are processing a pair ip-vlan such as 192.168.1.0@0
|
|
if string.match(alert_source, "@") then
|
|
local host_info = hostkey2hostinfo(alert_source)
|
|
local host_ip = host_info["host"]
|
|
local host_vlan = host_info["vlan"]
|
|
local ongoing_hname = get_host_ongoing_hash_name(ifid, host_ip, host_vlan)
|
|
local ongoing_alerts = ntop.getHashKeysCache(ongoing_hname)
|
|
if ongoing_alerts == nil then return true --[[ nothing to do --]] end
|
|
local new_alerts = {}
|
|
|
|
-- alerts_string is a string such as dns;gt;23,bytes;gt;1,p2p;gt;3
|
|
-- that string comes directly from the web interface and is a comma-separated
|
|
-- list of threshold alerts configured.
|
|
-- since formerly configured alerts may have been deleted, we need to check
|
|
-- the ongoing_alerts against alerts_string and move to the closed list
|
|
-- any ongoing alert that is no longer part of the alerts_string
|
|
local tokens = split(alerts_string, ",")
|
|
if tokens == nil then tokens = {} end
|
|
for _, s in pairs(tokens) do
|
|
if tostring(s) == nil then goto continue end
|
|
local metric = string.split(s, ";")--[1]
|
|
if metric == nil or metric[1] == nil then goto continue end
|
|
metric = metric[1]
|
|
|
|
if is_allowed_alarmable_metric(metric) == true then
|
|
new_alerts[get_threshold_alert_id(timespan, metric)] = "dummy" -- just a placeholder
|
|
end
|
|
::continue::
|
|
end
|
|
|
|
-- check if there are some ongoing alerts that no longer exist in new_alerts
|
|
-- we want to close those alerts
|
|
for oa, _ in pairs(ongoing_alerts) do
|
|
if new_alerts[oa] == nil then
|
|
alert_move_ongoing_to_closed(ifid, ongoing_hname, oa)
|
|
end
|
|
end
|
|
|
|
else
|
|
local check = "TODO"
|
|
-- check if is an interface or a network
|
|
end
|
|
end
|
|
|
|
function fire_threshold_host_alert(ifid, host, timespan, metric, alert_severity, msg)
|
|
local host_info = hostkey2hostinfo(host)
|
|
local host_ip = host_info["host"]
|
|
local host_vlan = host_info["vlan"]
|
|
local ongoing_hname = get_host_ongoing_hash_name(ifid, host_ip, host_vlan)
|
|
local ongoing_hkey = get_threshold_alert_id(timespan, metric)
|
|
local ongoing_value = ntop.getHashCache(ongoing_hname, ongoing_hkey)
|
|
local alert = {}
|
|
if ongoing_value == "" or ongoing_value == nil then
|
|
-- there was no ongoing alert on the given alert_id
|
|
alert = {} -- empty
|
|
else
|
|
alert = ongoing_value
|
|
end
|
|
|
|
alert = forge_alert(alert, alert_severity,
|
|
2 --[[ see alert_type_keys in lua_utils.lua for the alert type --]],
|
|
msg)
|
|
alert = j.encode(alert, nil) -- convert the table to a json string
|
|
|
|
ntop.setHashCache(ongoing_hname, ongoing_hkey, alert)
|
|
return true
|
|
end
|
|
|
|
function withdraw_threshold_host_alert(ifid, host, timespan, metric, alert_severity, msg)
|
|
local host_info = hostkey2hostinfo(host)
|
|
local host_ip = host_info["host"]
|
|
local host_vlan = host_info["vlan"]
|
|
|
|
local ongoing_hname = get_host_ongoing_hash_name(ifid, host_ip, host_vlan)
|
|
local ongoing_hkey = get_threshold_alert_id(timespan, metric)
|
|
|
|
return alert_move_ongoing_to_closed(ifid, ongoing_hname, ongoing_hkey)
|
|
end
|
|
|
|
|
|
function retrieve_host_alerts_histogram(ifid, hosts, epoch_begin, epoch_end)
|
|
if tonumber(epoch_begin) == nil then return nil else epoch_begin = tonumber(epoch_begin) end
|
|
if tonumber(epoch_end) == nil then return nil else epoch_end = tonumber(epoch_end) end
|
|
|
|
if epoch_end < epoch_begin then epoch_end = epoch_begin end
|
|
|
|
-- align epochs to the minute
|
|
epoch_begin = epoch_begin - (epoch_begin % 60)
|
|
epoch_end = epoch_end - (epoch_end % 60)
|
|
|
|
local tokens
|
|
if hosts == '*' or hosts == '*@*' then
|
|
tokens = {"*@*"}
|
|
else
|
|
tokens = split(hosts, ",")
|
|
if tokens == nil then tokens = {} end
|
|
end
|
|
|
|
local histogram = {}
|
|
for when = epoch_begin, epoch_end, 60 do
|
|
|
|
for _, host in pairs(tokens) do
|
|
local host_info = hostkey2hostinfo(host)
|
|
local host_ip = host_info["host"]
|
|
local host_vlan = host_info["vlan"]
|
|
if host_vlan == nil then host_vlan = '*' end
|
|
-- TODO: retrieve ongoing alerts and attach information to the histogram
|
|
end
|
|
end
|
|
-- tprint(histogram)
|
|
return histogram
|
|
end
|
|
|
|
--retrieve_host_alerts_histogram(1, "192.168.2.2@0,127.0.0.1@5", 333333, 333334)
|
|
--retrieve_host_alerts_histogram(0, "*@*", 1470242400, 1470242520)
|