refactor: Update alert rules to generate sql query and store in db (#4748)

2024-10-07 16:52:45 +00:00 · 2016-10-15 00:29:55 +01:00
parent 74f89978fc
commit e1fac851f9
9 changed files with 36 additions and 7 deletions
--- a/alerts.php
+++ b/alerts.php
@@ -172,7 +172,7 @@ function RunFollowUp()
            $alert['rule_id'],
            $alert['device_id'],
        );
-        $alert = dbFetchRow('SELECT alert_log.id,alert_log.rule_id,alert_log.device_id,alert_log.state,alert_log.details,alert_log.time_logged,alert_rules.rule,alert_rules.severity,alert_rules.extra,alert_rules.name FROM alert_log,alert_rules WHERE alert_log.rule_id = alert_rules.id && alert_log.device_id = ? && alert_log.rule_id = ? && alert_rules.disabled = 0 ORDER BY alert_log.id DESC LIMIT 1', array($alert['device_id'], $alert['rule_id']));
+        $alert = dbFetchRow('SELECT alert_log.id,alert_log.rule_id,alert_log.device_id,alert_log.state,alert_log.details,alert_log.time_logged,alert_rules.rule, alert_rules.query,alert_rules.severity,alert_rules.extra,alert_rules.name FROM alert_log,alert_rules WHERE alert_log.rule_id = alert_rules.id && alert_log.device_id = ? && alert_log.rule_id = ? && alert_rules.disabled = 0 ORDER BY alert_log.id DESC LIMIT 1', array($alert['device_id'], $alert['rule_id']));
        if (empty($alert['rule']) || !IsRuleValid($tmp[1], $tmp[0])) {
            // Alert-Rule does not exist anymore, let's remove the alert-state.
            echo 'Stale-Rule: #'.$tmp[0].'/'.$tmp[1]."\r\n";
@@ -186,7 +186,10 @@ function RunFollowUp()
            continue;
        }

-        $chk   = dbFetchRows(GenSQL($alert['rule']), array($alert['device_id']));
+        if (empty($alert['query'])) {
+            $alert['query'] = GenSQL($alert['rule']);
+        }
+        $chk   = dbFetchRows($alert['query'], array($alert['device_id']));
        $o     = sizeof($alert['details']['rule']);
        $n     = sizeof($chk);
        $ret   = 'Alert #'.$alert['id'];
--- a/daily.php
+++ b/daily.php
@@ -12,6 +12,7 @@ require 'includes/defaults.inc.php';
 require 'config.php';
 require_once 'includes/definitions.inc.php';
 require 'includes/functions.php';
+require_once 'includes/alerts.inc.php';

 $options = getopt('f:d');

@@ -152,3 +153,16 @@ if ($options['f'] === 'purgeusers') {
        }
    }
 }
+
+if ($options['f'] === 'refresh_alert_rules') {
+    echo 'Refreshing alert rules queries' . PHP_EOL;
+    $rules = dbFetchRows('SELECT `id`, `rule` FROM `alert_rules`');
+    foreach ($rules as $rule) {
+        $data['query'] = GenSQL($rule['rule']);
+        if (!empty($data['query'])) {
+            $debug=1;
+            dbUpdate($data, 'alert_rules', 'id=?', array($rule['id']));
+            unset($data);
+        }
+    }
+}
--- a/daily.sh
+++ b/daily.sh
@@ -82,6 +82,7 @@ else
        ;;
        cleanup)
            # Cleanups
+            php daily.php -f refresh_alert_rules
            php daily.php -f syslog
            php daily.php -f eventlog
            php daily.php -f authlog
--- a/html/ajax_form.php
+++ b/html/ajax_form.php
@@ -21,6 +21,7 @@ require_once 'includes/functions.inc.php';
 require_once '../includes/functions.php';
 require_once 'includes/authenticate.inc.php';
 require_once 'includes/vars.inc.php';
+require_once '../includes/alerts.inc.php';

 set_debug($_REQUEST['debug']);

--- a/html/includes/forms/create-alert-item.inc.php
+++ b/html/includes/forms/create-alert-item.inc.php
@@ -18,6 +18,7 @@ if (is_admin() === false) {

 $rule     = implode(' ', $_POST['rules']);
 $rule     = rtrim($rule, '&|');
+$query    = GenSQL($rule);
 $alert_id = $_POST['alert_id'];
 $count    = mres($_POST['count']);
 $delay    = mres($_POST['delay']);
@@ -62,7 +63,7 @@ if (empty($rule)) {
    );
    $extra_json = json_encode($extra);
    if (is_numeric($alert_id) && $alert_id > 0) {
-        if (dbUpdate(array('rule' => $rule, 'severity' => mres($_POST['severity']), 'extra' => $extra_json, 'name' => $name, 'proc' => $proc), 'alert_rules', 'id=?', array($alert_id)) >= 0) {
+        if (dbUpdate(array('rule' => $rule, 'severity' => mres($_POST['severity']), 'extra' => $extra_json, 'name' => $name, 'proc' => $proc, 'query' => $query), 'alert_rules', 'id=?', array($alert_id)) >= 0) {
            $update_message = "Edited Rule: <i>$name: $rule</i>";
        } else {
            $update_message = 'ERROR: Failed to edit Rule: <i>'.$rule.'</i>';
@@ -71,8 +72,7 @@ if (empty($rule)) {
        if (is_array($_POST['maps'])) {
            $device_id = ':'.$device_id;
        }
-
-        if (dbInsert(array('device_id' => $device_id, 'rule' => $rule, 'severity' => mres($_POST['severity']), 'extra' => $extra_json, 'disabled' => 0, 'name' => $name, 'proc' => $proc), 'alert_rules')) {
+        if (dbInsert(array('device_id' => $device_id, 'rule' => $rule, 'severity' => mres($_POST['severity']), 'extra' => $extra_json, 'disabled' => 0, 'name' => $name, 'proc' => $proc, 'query' => $query), 'alert_rules')) {
            $update_message = "Added Rule: <i>$name: $rule</i>";
            if (is_array($_POST['maps'])) {
                foreach ($_POST['maps'] as $target) {
--- a/html/includes/output/query.inc.php
+++ b/html/includes/output/query.inc.php
@@ -39,7 +39,10 @@ switch ($type) {
        $rules = GetRules($device_id);
        $output = '';
        foreach ($rules as $rule) {
-            $sql = GenSQL($rule['rule']);
+            if (empty($rule['query'])) {
+                $rule['query'] = GenSQL($rule['rule']);
+            }
+            $sql = $rule['query'];
            $qry = dbFetchRow($sql, array($device_id));
            if (is_array($qry)) {
                $response = 'matches';
@@ -48,6 +51,7 @@ switch ($type) {
            }
            $output .= 'Rule name: ' . $rule['name'] . PHP_EOL;
            $output .= 'Alert rule: ' . $rule['rule'] . PHP_EOL;
+            $output .= 'Alert query: ' . $rule['query'] . PHP_EOL;
            $output .= 'Rule match: ' . $response . PHP_EOL . PHP_EOL;
        }
        if ($config['alert']['transports']['mail'] === true) {
--- a/html/includes/print-alert-rules.php
+++ b/html/includes/print-alert-rules.php
@@ -83,7 +83,9 @@ if (isset($_POST['create-default'])) {
        'disabled'  => 0,
        'name'      => 'Service up/down',
    );
+    require_once '../includes/alerts.inc.php';
    foreach ($default_rules as $add_rule) {
+        $add_rule['query'] = GenSQL($add_rule['rule']);
        dbInsert($add_rule, 'alert_rules');
    }
 }//end if
--- a/includes/alerts.inc.php
+++ b/includes/alerts.inc.php
@@ -169,7 +169,10 @@ function RunRules($device)
        }
        d_echo(PHP_EOL);
        $chk = dbFetchRow("SELECT state FROM alerts WHERE rule_id = ? && device_id = ? ORDER BY id DESC LIMIT 1", array($rule['id'], $device));
-        $sql = GenSQL($rule['rule']);
+        if (empty($rule['query'])) {
+            $rule['query'] = GenSQL($rule['rule']);
+        }
+        $sql = $rule['query'];
        $qry = dbFetchRows($sql, array($device));
        if (isset($qry[0]['ip'])) {
            $qry[0]['ip'] = inet6_ntop($qry[0]['ip']);
--- a/sql-schema/145.sql
+++ b/sql-schema/145.sql
@@ -0,0 +1 @@
+ALTER TABLE `alert_rules` ADD `query` TEXT NOT NULL AFTER `name`;
				`@@ -0,0 +1 @@`
				ALTER TABLE `alert_rules` ADD `query` TEXT NOT NULL AFTER `name`;