Beispiel #1
0
/**
 * Describe Alert
 * @param array $alert Alert-Result from DB
 * @return array
 */
function DescribeAlert($alert)
{
    $obj = array();
    $i = 0;
    $device = dbFetchRow('SELECT hostname FROM devices WHERE device_id = ?', array($alert['device_id']));
    $tpl = dbFetchRow('SELECT `template`,`title`,`title_rec` FROM `alert_templates` JOIN `alert_template_map` ON `alert_template_map`.`alert_templates_id`=`alert_templates`.`id` WHERE `alert_template_map`.`alert_rule_id`=?', array($alert['rule_id']));
    $default_tpl = "%title\r\nSeverity: %severity\r\n{if %state == 0}Time elapsed: %elapsed\r\n{/if}Timestamp: %timestamp\r\nUnique-ID: %uid\r\nRule: {if %name}%name{else}%rule{/if}\r\n{if %faults}Faults:\r\n{foreach %faults}  #%key: %value.string\r\n{/foreach}{/if}Alert sent to: {foreach %contacts}%value <%key> {/foreach}";
    $obj['hostname'] = $device['hostname'];
    $obj['device_id'] = $alert['device_id'];
    $extra = $alert['details'];
    if (!isset($tpl['template'])) {
        $obj['template'] = $default_tpl;
    } else {
        $obj['template'] = $tpl['template'];
    }
    if ($alert['state'] >= 1) {
        if (!empty($tpl['title'])) {
            $obj['title'] = $tpl['title'];
        } else {
            $obj['title'] = 'Alert for device ' . $device['hostname'] . ' - ' . ($alert['name'] ? $alert['name'] : $alert['rule']);
        }
        if ($alert['state'] == 2) {
            $obj['title'] .= ' got acknowledged';
        } elseif ($alert['state'] == 3) {
            $obj['title'] .= ' got worse';
        } elseif ($alert['state'] == 4) {
            $obj['title'] .= ' got better';
        }
        foreach ($extra['rule'] as $incident) {
            $i++;
            $obj['faults'][$i] = $incident;
            foreach ($incident as $k => $v) {
                if (!empty($v) && $k != 'device_id' && (stristr($k, 'id') || stristr($k, 'desc') || stristr($k, 'msg')) && substr_count($k, '_') <= 1) {
                    $obj['faults'][$i]['string'] .= $k . ' => ' . $v . '; ';
                }
            }
        }
        $obj['elapsed'] = TimeFormat(time() - strtotime($alert['time_logged']));
        if (!empty($extra['diff'])) {
            $obj['diff'] = $extra['diff'];
        }
    } elseif ($alert['state'] == 0) {
        $id = dbFetchRow('SELECT alert_log.id,alert_log.time_logged,alert_log.details FROM alert_log WHERE alert_log.state != 2 && alert_log.state != 0 && alert_log.rule_id = ? && alert_log.device_id = ? && alert_log.id < ? ORDER BY id DESC LIMIT 1', array($alert['rule_id'], $alert['device_id'], $alert['id']));
        if (empty($id['id'])) {
            return false;
        }
        $extra = json_decode(gzuncompress($id['details']), true);
        if (!empty($tpl['title_rec'])) {
            $obj['title'] = $tpl['title_rec'];
        } else {
            $obj['title'] = 'Device ' . $device['hostname'] . ' recovered from ' . ($alert['name'] ? $alert['name'] : $alert['rule']);
        }
        $obj['elapsed'] = TimeFormat(strtotime($alert['time_logged']) - strtotime($id['time_logged']));
        $obj['id'] = $id['id'];
        $obj['faults'] = false;
    } else {
        return 'Unknown State';
    }
    //end if
    $obj['uid'] = $alert['id'];
    $obj['severity'] = $alert['severity'];
    $obj['rule'] = $alert['rule'];
    $obj['name'] = $alert['name'];
    $obj['timestamp'] = $alert['time_logged'];
    $obj['contacts'] = $extra['contacts'];
    $obj['state'] = $alert['state'];
    if (strstr($obj['title'], '%')) {
        $obj['title'] = RunJail('$ret = "' . populate(addslashes($obj['title'])) . '";', $obj);
    }
    return $obj;
}
Beispiel #2
0
/**
 * Format Alert
 * @param string $tpl Template
 * @param array  $obj Alert-Array
 * @return string
 */
function FormatAlertTpl($tpl, $obj)
{
    $msg = '$ret .= "' . str_replace(array('{else}', '{/if}', '{/foreach}'), array('"; } else { $ret .= "', '"; } $ret .= "', '"; } $ret .= "'), addslashes($tpl)) . '";';
    $parsed = $msg;
    $s = strlen($msg);
    $x = $pos = -1;
    $buff = '';
    $if = $for = false;
    while (++$x < $s) {
        if ($msg[$x] == '{' && $buff == '') {
            $buff .= $msg[$x];
        } else {
            if ($buff == '{ ') {
                $buff = '';
            } else {
                if ($buff != '') {
                    $buff .= $msg[$x];
                }
            }
        }
        if ($buff == '{if') {
            $pos = $x;
            $if = true;
        } else {
            if ($buff == '{foreach') {
                $pos = $x;
                $for = true;
            }
        }
        if ($pos != -1 && $msg[$x] == '}') {
            $orig = $buff;
            $buff = '';
            $pos = -1;
            if ($if) {
                $if = false;
                $o = 3;
                $native = array('"; if( ', ' ) { $ret .= "');
            } else {
                if ($for) {
                    $for = false;
                    $o = 8;
                    $native = array('"; foreach( ', ' as $key=>$value) { $ret .= "');
                } else {
                    continue;
                }
            }
            $cond = trim(populate(substr($orig, $o, -1), false));
            $native = $native[0] . $cond . $native[1];
            $parsed = str_replace($orig, $native, $parsed);
            unset($cond, $o, $orig, $native);
        }
        //end if
    }
    //end while
    $parsed = populate($parsed);
    return RunJail($parsed, $obj);
}