/**
* Run all alerts
* @return void
*/
function RunAlerts()
{
global $config;
foreach (dbFetchRows('SELECT alerts.device_id, alerts.rule_id, alerts.state FROM alerts WHERE alerts.state != 2 && alerts.open = 1') as $alert) {
$tmp = array($alert['rule_id'], $alert['device_id']);
$alert = dbFetchRow('SELECT alert_log.id,alert_log.rule_id,alert_log.device_id,alert_log.state,alert_log.details,alert_log.time_logged,alert_rules.rule,alert_rules.severity,alert_rules.extra,alert_rules.name FROM alert_log,alert_rules WHERE alert_log.rule_id = alert_rules.id && alert_log.device_id = ? && alert_log.rule_id = ? && alert_rules.disabled = 0 ORDER BY alert_log.id DESC LIMIT 1', array($alert['device_id'], $alert['rule_id']));
if (empty($alert['rule_id']) || !IsRuleValid($tmp[1], $tmp[0])) {
echo 'Stale-Rule: #' . $tmp[0] . '/' . $tmp[1] . "\r\n";
// Alert-Rule does not exist anymore, let's remove the alert-state.
dbDelete('alerts', 'rule_id = ? && device_id = ?', array($tmp[0], $tmp[1]));
continue;
}
$alert['details'] = json_decode(gzuncompress($alert['details']), true);
$noiss = false;
$noacc = false;
$updet = false;
$rextra = json_decode($alert['extra'], true);
$chk = dbFetchRow('SELECT alerts.alerted,devices.ignore,devices.disabled FROM alerts,devices WHERE alerts.device_id = ? && devices.device_id = alerts.device_id && alerts.rule_id = ?', array($alert['device_id'], $alert['rule_id']));
if ($chk['alerted'] == $alert['state']) {
$noiss = true;
}
if (!empty($rextra['count']) && empty($rextra['interval'])) {
// This check below is for compat-reasons
if (!empty($rextra['delay'])) {
if (time() - strtotime($alert['time_logged']) + $config['alert']['tolerance_window'] < $rextra['delay'] || !empty($alert['details']['delay']) && time() - $alert['details']['delay'] + $config['alert']['tolerance_window'] < $rextra['delay']) {
continue;
} else {
$alert['details']['delay'] = time();
$updet = true;
}
}
if ($alert['state'] == 1 && !empty($rextra['count']) && ($rextra['count'] == -1 || $alert['details']['count']++ < $rextra['count'])) {
if ($alert['details']['count'] < $rextra['count']) {
$noacc = true;
}
$updet = true;
$noiss = false;
}
} else {
// This is the new way
if (!empty($rextra['delay']) && time() - strtotime($alert['time_logged']) + $config['alert']['tolerance_window'] < $rextra['delay']) {
continue;
}
if (!empty($rextra['interval'])) {
if (!empty($alert['details']['interval']) && time() - $alert['details']['interval'] + $config['alert']['tolerance_window'] < $rextra['interval']) {
continue;
} else {
$alert['details']['interval'] = time();
$updet = true;
}
}
if ($alert['state'] == 1 && !empty($rextra['count']) && ($rextra['count'] == -1 || $alert['details']['count']++ < $rextra['count'])) {
if ($alert['details']['count'] < $rextra['count']) {
$noacc = true;
}
$updet = true;
$noiss = false;
}
}
//end if
if ($chk['ignore'] == 1 || $chk['disabled'] == 1) {
$noiss = true;
$updet = false;
$noacc = false;
}
if (IsMaintenance($alert['device_id']) > 0) {
$noiss = true;
$noacc = true;
}
if ($updet) {
dbUpdate(array('details' => gzcompress(json_encode($alert['details']), 9)), 'alert_log', 'id = ?', array($alert['id']));
}
if (!empty($rextra['mute'])) {
echo 'Muted Alert-UID #' . $alert['id'] . "\r\n";
$noiss = true;
}
if (!$noiss) {
IssueAlert($alert);
dbUpdate(array('alerted' => $alert['state']), 'alerts', 'rule_id = ? && device_id = ?', array($alert['rule_id'], $alert['device_id']));
}
if (!$noacc) {
dbUpdate(array('open' => 0), 'alerts', 'rule_id = ? && device_id = ?', array($alert['rule_id'], $alert['device_id']));
}
}
//end foreach
}
/**
* Run all rules for a device
* @param int $device Device-ID
* @return void
*/
function RunRules($device)
{
if (IsMaintenance($device) > 0) {
echo "Under Maintenance, Skipping alerts.\r\n";
return false;
}
foreach (GetRules($device) as $rule) {
c_echo('Rule %p#' . $rule['id'] . ' (' . $rule['name'] . '):%n ');
$inv = json_decode($rule['extra'], true);
if (isset($inv['invert'])) {
$inv = (bool) $inv['invert'];
} else {
$inv = false;
}
d_echo(PHP_EOL);
$chk = dbFetchRow("SELECT state FROM alerts WHERE rule_id = ? && device_id = ? ORDER BY id DESC LIMIT 1", array($rule['id'], $device));
$sql = GenSQL($rule['rule']);
$qry = dbFetchRows($sql, array($device));
if (isset($qry[0]['ip'])) {
$qry[0]['ip'] = inet6_ntop($qry[0]['ip']);
}
$s = sizeof($qry);
if ($s == 0 && $inv === false) {
$doalert = false;
} elseif ($s > 0 && $inv === false) {
$doalert = true;
} elseif ($s == 0 && $inv === true) {
$doalert = true;
} else {
//( $s > 0 && $inv == false ) {
$doalert = false;
}
if ($doalert) {
if ($chk['state'] === "2") {
c_echo('Status: %ySKIP');
} elseif ($chk['state'] >= "1") {
c_echo('Status: %bNOCHG');
} else {
$extra = gzcompress(json_encode(array('contacts' => GetContacts($qry), 'rule' => $qry)), 9);
if (dbInsert(array('state' => 1, 'device_id' => $device, 'rule_id' => $rule['id'], 'details' => $extra), 'alert_log')) {
if (!dbUpdate(array('state' => 1, 'open' => 1), 'alerts', 'device_id = ? && rule_id = ?', array($device, $rule['id']))) {
dbInsert(array('state' => 1, 'device_id' => $device, 'rule_id' => $rule['id'], 'open' => 1, 'alerted' => 0), 'alerts');
}
c_echo(PHP_EOL . 'Status: %rALERT');
}
}
} else {
if ($chk['state'] === "0") {
c_echo('Status: %bNOCHG');
} else {
if (dbInsert(array('state' => 0, 'device_id' => $device, 'rule_id' => $rule['id']), 'alert_log')) {
if (!dbUpdate(array('state' => 0, 'open' => 1), 'alerts', 'device_id = ? && rule_id = ?', array($device, $rule['id']))) {
dbInsert(array('state' => 0, 'device_id' => $device, 'rule_id' => $rule['id'], 'open' => 1, 'alerted' => 0), 'alerts');
}
c_echo(PHP_EOL . 'Status: %gOK');
}
}
}
c_echo('%n' . PHP_EOL);
}
}
/**
* Run all rules for a device
* @param int $device Device-ID
* @return void
*/
function RunRules($device)
{
if (IsMaintenance($device) > 0) {
echo "Under Maintenance, Skipping alerts.\r\n";
return false;
}
foreach (GetRules($device) as $rule) {
echo " #" . $rule['id'] . ":";
$inv = json_decode($rule['extra'], true);
if (isset($inv['invert'])) {
$inv = (bool) $inv['invert'];
} else {
$inv = false;
}
$chk = dbFetchRow("SELECT state FROM alerts WHERE rule_id = ? && device_id = ? ORDER BY id DESC LIMIT 1", array($rule['id'], $device));
$sql = GenSQL($rule['rule']);
$qry = dbFetchRows($sql, array($device));
$s = sizeof($qry);
if ($s == 0 && $inv === false) {
$doalert = false;
} elseif ($s > 0 && $inv === false) {
$doalert = true;
} elseif ($s == 0 && $inv === true) {
$doalert = true;
} else {
//( $s > 0 && $inv == false ) {
$doalert = false;
}
if ($doalert) {
if ($chk['state'] === "2") {
echo " SKIP ";
} elseif ($chk['state'] >= "1") {
echo " NOCHG ";
} else {
$extra = gzcompress(json_encode(array('contacts' => GetContacts($qry), 'rule' => $qry)), 9);
if (dbInsert(array('state' => 1, 'device_id' => $device, 'rule_id' => $rule['id'], 'details' => $extra), 'alert_log')) {
if (!dbUpdate(array('state' => 1, 'open' => 1), 'alerts', 'device_id = ? && rule_id = ?', array($device, $rule['id']))) {
dbInsert(array('state' => 1, 'device_id' => $device, 'rule_id' => $rule['id'], 'open' => 1, 'alerted' => 0), 'alerts');
}
echo " ALERT ";
}
}
} else {
if ($chk['state'] === "0") {
echo " NOCHG ";
} else {
if (dbInsert(array('state' => 0, 'device_id' => $device, 'rule_id' => $rule['id']), 'alert_log')) {
if (!dbUpdate(array('state' => 0, 'open' => 1), 'alerts', 'device_id = ? && rule_id = ?', array($device, $rule['id']))) {
dbInsert(array('state' => 0, 'device_id' => $device, 'rule_id' => $rule['id'], 'open' => 1, 'alerted' => 0), 'alerts');
}
echo " OK ";
}
}
}
}
}
