/** * Run all alerts * @return void */ function RunAlerts() { global $config; foreach (dbFetchRows('SELECT alerts.device_id, alerts.rule_id, alerts.state FROM alerts WHERE alerts.state != 2 && alerts.open = 1') as $alert) { $tmp = array($alert['rule_id'], $alert['device_id']); $alert = dbFetchRow('SELECT alert_log.id,alert_log.rule_id,alert_log.device_id,alert_log.state,alert_log.details,alert_log.time_logged,alert_rules.rule,alert_rules.severity,alert_rules.extra,alert_rules.name FROM alert_log,alert_rules WHERE alert_log.rule_id = alert_rules.id && alert_log.device_id = ? && alert_log.rule_id = ? && alert_rules.disabled = 0 ORDER BY alert_log.id DESC LIMIT 1', array($alert['device_id'], $alert['rule_id'])); if (empty($alert['rule_id']) || !IsRuleValid($tmp[1], $tmp[0])) { echo 'Stale-Rule: #' . $tmp[0] . '/' . $tmp[1] . "\r\n"; // Alert-Rule does not exist anymore, let's remove the alert-state. dbDelete('alerts', 'rule_id = ? && device_id = ?', array($tmp[0], $tmp[1])); continue; } $alert['details'] = json_decode(gzuncompress($alert['details']), true); $noiss = false; $noacc = false; $updet = false; $rextra = json_decode($alert['extra'], true); $chk = dbFetchRow('SELECT alerts.alerted,devices.ignore,devices.disabled FROM alerts,devices WHERE alerts.device_id = ? && devices.device_id = alerts.device_id && alerts.rule_id = ?', array($alert['device_id'], $alert['rule_id'])); if ($chk['alerted'] == $alert['state']) { $noiss = true; } if (!empty($rextra['count']) && empty($rextra['interval'])) { // This check below is for compat-reasons if (!empty($rextra['delay'])) { if (time() - strtotime($alert['time_logged']) + $config['alert']['tolerance_window'] < $rextra['delay'] || !empty($alert['details']['delay']) && time() - $alert['details']['delay'] + $config['alert']['tolerance_window'] < $rextra['delay']) { continue; } else { $alert['details']['delay'] = time(); $updet = true; } } if ($alert['state'] == 1 && !empty($rextra['count']) && ($rextra['count'] == -1 || $alert['details']['count']++ < $rextra['count'])) { if ($alert['details']['count'] < $rextra['count']) { $noacc = true; } $updet = true; $noiss = false; } } else { // This is the new way if (!empty($rextra['delay']) && time() - strtotime($alert['time_logged']) + $config['alert']['tolerance_window'] < $rextra['delay']) { continue; } if (!empty($rextra['interval'])) { if (!empty($alert['details']['interval']) && time() - $alert['details']['interval'] + $config['alert']['tolerance_window'] < $rextra['interval']) { continue; } else { $alert['details']['interval'] = time(); $updet = true; } } if ($alert['state'] == 1 && !empty($rextra['count']) && ($rextra['count'] == -1 || $alert['details']['count']++ < $rextra['count'])) { if ($alert['details']['count'] < $rextra['count']) { $noacc = true; } $updet = true; $noiss = false; } } //end if if ($chk['ignore'] == 1 || $chk['disabled'] == 1) { $noiss = true; $updet = false; $noacc = false; } if (IsMaintenance($alert['device_id']) > 0) { $noiss = true; $noacc = true; } if ($updet) { dbUpdate(array('details' => gzcompress(json_encode($alert['details']), 9)), 'alert_log', 'id = ?', array($alert['id'])); } if (!empty($rextra['mute'])) { echo 'Muted Alert-UID #' . $alert['id'] . "\r\n"; $noiss = true; } if (!$noiss) { IssueAlert($alert); dbUpdate(array('alerted' => $alert['state']), 'alerts', 'rule_id = ? && device_id = ?', array($alert['rule_id'], $alert['device_id'])); } if (!$noacc) { dbUpdate(array('open' => 0), 'alerts', 'rule_id = ? && device_id = ?', array($alert['rule_id'], $alert['device_id'])); } } //end foreach }
/** * Run all rules for a device * @param int $device Device-ID * @return void */ function RunRules($device) { if (IsMaintenance($device) > 0) { echo "Under Maintenance, Skipping alerts.\r\n"; return false; } foreach (GetRules($device) as $rule) { c_echo('Rule %p#' . $rule['id'] . ' (' . $rule['name'] . '):%n '); $inv = json_decode($rule['extra'], true); if (isset($inv['invert'])) { $inv = (bool) $inv['invert']; } else { $inv = false; } d_echo(PHP_EOL); $chk = dbFetchRow("SELECT state FROM alerts WHERE rule_id = ? && device_id = ? ORDER BY id DESC LIMIT 1", array($rule['id'], $device)); $sql = GenSQL($rule['rule']); $qry = dbFetchRows($sql, array($device)); if (isset($qry[0]['ip'])) { $qry[0]['ip'] = inet6_ntop($qry[0]['ip']); } $s = sizeof($qry); if ($s == 0 && $inv === false) { $doalert = false; } elseif ($s > 0 && $inv === false) { $doalert = true; } elseif ($s == 0 && $inv === true) { $doalert = true; } else { //( $s > 0 && $inv == false ) { $doalert = false; } if ($doalert) { if ($chk['state'] === "2") { c_echo('Status: %ySKIP'); } elseif ($chk['state'] >= "1") { c_echo('Status: %bNOCHG'); } else { $extra = gzcompress(json_encode(array('contacts' => GetContacts($qry), 'rule' => $qry)), 9); if (dbInsert(array('state' => 1, 'device_id' => $device, 'rule_id' => $rule['id'], 'details' => $extra), 'alert_log')) { if (!dbUpdate(array('state' => 1, 'open' => 1), 'alerts', 'device_id = ? && rule_id = ?', array($device, $rule['id']))) { dbInsert(array('state' => 1, 'device_id' => $device, 'rule_id' => $rule['id'], 'open' => 1, 'alerted' => 0), 'alerts'); } c_echo(PHP_EOL . 'Status: %rALERT'); } } } else { if ($chk['state'] === "0") { c_echo('Status: %bNOCHG'); } else { if (dbInsert(array('state' => 0, 'device_id' => $device, 'rule_id' => $rule['id']), 'alert_log')) { if (!dbUpdate(array('state' => 0, 'open' => 1), 'alerts', 'device_id = ? && rule_id = ?', array($device, $rule['id']))) { dbInsert(array('state' => 0, 'device_id' => $device, 'rule_id' => $rule['id'], 'open' => 1, 'alerted' => 0), 'alerts'); } c_echo(PHP_EOL . 'Status: %gOK'); } } } c_echo('%n' . PHP_EOL); } }
/** * Run all rules for a device * @param int $device Device-ID * @return void */ function RunRules($device) { if (IsMaintenance($device) > 0) { echo "Under Maintenance, Skipping alerts.\r\n"; return false; } foreach (GetRules($device) as $rule) { echo " #" . $rule['id'] . ":"; $inv = json_decode($rule['extra'], true); if (isset($inv['invert'])) { $inv = (bool) $inv['invert']; } else { $inv = false; } $chk = dbFetchRow("SELECT state FROM alerts WHERE rule_id = ? && device_id = ? ORDER BY id DESC LIMIT 1", array($rule['id'], $device)); $sql = GenSQL($rule['rule']); $qry = dbFetchRows($sql, array($device)); $s = sizeof($qry); if ($s == 0 && $inv === false) { $doalert = false; } elseif ($s > 0 && $inv === false) { $doalert = true; } elseif ($s == 0 && $inv === true) { $doalert = true; } else { //( $s > 0 && $inv == false ) { $doalert = false; } if ($doalert) { if ($chk['state'] === "2") { echo " SKIP "; } elseif ($chk['state'] >= "1") { echo " NOCHG "; } else { $extra = gzcompress(json_encode(array('contacts' => GetContacts($qry), 'rule' => $qry)), 9); if (dbInsert(array('state' => 1, 'device_id' => $device, 'rule_id' => $rule['id'], 'details' => $extra), 'alert_log')) { if (!dbUpdate(array('state' => 1, 'open' => 1), 'alerts', 'device_id = ? && rule_id = ?', array($device, $rule['id']))) { dbInsert(array('state' => 1, 'device_id' => $device, 'rule_id' => $rule['id'], 'open' => 1, 'alerted' => 0), 'alerts'); } echo " ALERT "; } } } else { if ($chk['state'] === "0") { echo " NOCHG "; } else { if (dbInsert(array('state' => 0, 'device_id' => $device, 'rule_id' => $rule['id']), 'alert_log')) { if (!dbUpdate(array('state' => 0, 'open' => 1), 'alerts', 'device_id = ? && rule_id = ?', array($device, $rule['id']))) { dbInsert(array('state' => 0, 'device_id' => $device, 'rule_id' => $rule['id'], 'open' => 1, 'alerted' => 0), 'alerts'); } echo " OK "; } } } } }