LibreNMS/Alert/RunAlerts.php
<?php
/*
* RunAlerts.php
*
* Copyright (C) 2014 Daniel Preussker <f0o@devilcode.org>
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* Original Code:
* @author Daniel Preussker <f0o@devilcode.org>
* @copyright 2014 f0o, LibreNMS
* @license GPL
* @package LibreNMS
* @subpackage Alerts
*
* Modified by:
* @author Heath Barnhart <barnhart@kanren.net>
*
*/
namespace LibreNMS\Alert;
use App\Facades\DeviceCache;
use App\Models\AlertTransport;
use App\Models\Eventlog;
use LibreNMS\Config;
use LibreNMS\Enum\AlertState;
use LibreNMS\Enum\Severity;
use LibreNMS\Exceptions\AlertTransportDeliveryException;
use LibreNMS\Polling\ConnectivityHelper;
use LibreNMS\Util\Time;
class RunAlerts
{
/**
* Populate variables
*
* @param string $txt Text with variables
* @param bool $wrap Wrap variable for text-usage (default: true)
* @return string
*/
public function populate($txt, $wrap = true)
{
preg_match_all('/%([\w\.]+)/', $txt, $m);
foreach ($m[1] as $tmp) {
$orig = $tmp;
$rep = false;
if ($tmp == 'key' || $tmp == 'value') {
$rep = '$' . $tmp;
} else {
if (strstr($tmp, '.')) {
$tmp = explode('.', $tmp, 2);
$pre = '$' . $tmp[0];
$tmp = $tmp[1];
} else {
$pre = '$obj';
}
$rep = $pre . "['" . str_replace('.', "']['", $tmp) . "']";
if ($wrap) {
$rep = '{' . $rep . '}';
}
}
$txt = str_replace('%' . $orig, $rep, $txt);
}
return $txt;
}
/**
* Describe Alert
*
* @param array $alert Alert-Result from DB
* @return array|bool|string
*/
public function describeAlert($alert)
{
$obj = [];
$i = 0;
$device = DeviceCache::get($alert['device_id']);
$obj['hostname'] = $device->hostname;
$obj['sysName'] = $device->sysName;
$obj['display'] = $device->displayName();
$obj['sysDescr'] = $device->sysDescr;
$obj['sysContact'] = $device->sysContact;
$obj['os'] = $device->os;
$obj['type'] = $device->type;
$obj['ip'] = $device->ip;
$obj['hardware'] = $device->hardware;
$obj['version'] = $device->version;
$obj['serial'] = $device->serial;
$obj['features'] = $device->features;
$obj['location'] = (string) $device->location;
$obj['uptime'] = $device->uptime;
$obj['uptime_short'] = Time::formatInterval($device->uptime, true);
$obj['uptime_long'] = Time::formatInterval($device->uptime);
$obj['description'] = $device->purpose;
$obj['notes'] = $device->notes;
$obj['alert_notes'] = $alert['note'];
$obj['device_id'] = $device->device_id;
$obj['rule_id'] = $alert['rule_id'];
$obj['id'] = $alert['id'];
$obj['proc'] = $alert['proc'];
$obj['status'] = $device->status;
$obj['status_reason'] = $device->status_reason;
if ((new ConnectivityHelper($device))->canPing()) {
$ping_stats = $device->perf()->latest('timestamp')->first();
$obj['ping_timestamp'] = $ping_stats->timestamp;
$obj['ping_loss'] = $ping_stats->loss;
$obj['ping_min'] = $ping_stats->min;
$obj['ping_max'] = $ping_stats->max;
$obj['ping_avg'] = $ping_stats->avg;
$obj['debug'] = $ping_stats->debug;
}
$extra = $alert['details'];
$tpl = new Template;
$template = $tpl->getTemplate($obj);
if ($alert['state'] >= AlertState::ACTIVE) {
$obj['title'] = $template->title ?: 'Alert for device ' . $obj['display'] . ' - ' . ($alert['name'] ?: $alert['rule']);
if ($alert['state'] == AlertState::ACKNOWLEDGED) {
$obj['title'] .= ' got acknowledged';
} elseif ($alert['state'] == AlertState::WORSE) {
$obj['title'] .= ' got worse';
} elseif ($alert['state'] == AlertState::BETTER) {
$obj['title'] .= ' got better';
}
foreach ($extra['rule'] as $incident) {
$i++;
$obj['faults'][$i] = $incident;
$obj['faults'][$i]['string'] = null;
foreach ($incident as $k => $v) {
if (! empty($v) && $k != 'device_id' && (stristr($k, 'id') || stristr($k, 'desc') || stristr($k, 'msg')) && substr_count($k, '_') <= 1) {
$obj['faults'][$i]['string'] .= $k . ' = ' . $v . '; ';
}
}
}
$obj['elapsed'] = Time::formatInterval(time() - strtotime($alert['time_logged']), true) ?: 'none';
if (! empty($extra['diff'])) {
$obj['diff'] = $extra['diff'];
}
} elseif ($alert['state'] == AlertState::RECOVERED) {
// Alert is now cleared
$id = dbFetchRow('SELECT alert_log.id,alert_log.time_logged,alert_log.details FROM alert_log WHERE alert_log.state != ? && alert_log.state != ? && alert_log.rule_id = ? && alert_log.device_id = ? && alert_log.id < ? ORDER BY id DESC LIMIT 1', [AlertState::ACKNOWLEDGED, AlertState::RECOVERED, $alert['rule_id'], $alert['device_id'], $alert['id']]);
if (empty($id['id'])) {
return false;
}
$extra = [];
if (! empty($id['details'])) {
$extra = json_decode(gzuncompress($id['details']), true);
}
// Reset count to 0 so alerts will continue
$extra['count'] = 0;
dbUpdate(['details' => gzcompress(json_encode($id['details']), 9)], 'alert_log', 'id = ?', [$alert['id']]);
$obj['title'] = $template->title_rec ?: 'Device ' . $obj['display'] . ' recovered from ' . ($alert['name'] ?: $alert['rule']);
$obj['elapsed'] = Time::formatInterval(strtotime($alert['time_logged']) - strtotime($id['time_logged']), true) ?: 'none';
$obj['id'] = $id['id'];
foreach ($extra['rule'] as $incident) {
$i++;
$obj['faults'][$i] = $incident;
$obj['faults'][$i]['string'] = '';
foreach ($incident as $k => $v) {
if (! empty($v) && $k != 'device_id' && (stristr($k, 'id') || stristr($k, 'desc') || stristr($k, 'msg')) && substr_count($k, '_') <= 1) {
$obj['faults'][$i]['string'] .= $k . ' => ' . $v . '; ';
}
}
}
} else {
return 'Unknown State';
}//end if
$obj['builder'] = $alert['builder'];
$obj['uid'] = $alert['id'];
$obj['alert_id'] = $alert['alert_id'];
$obj['severity'] = $alert['severity'];
$obj['rule'] = $alert['rule'] ?: json_encode($alert['builder']);
$obj['name'] = $alert['name'];
$obj['timestamp'] = $alert['time_logged'];
$obj['contacts'] = $extra['contacts'];
$obj['state'] = $alert['state'];
$obj['alerted'] = $alert['alerted'];
$obj['template'] = $template;
return $obj;
}
public function clearStaleAlerts()
{
$sql = 'SELECT `alerts`.`id` AS `alert_id`, `devices`.`hostname` AS `hostname` FROM `alerts` LEFT JOIN `devices` ON `alerts`.`device_id`=`devices`.`device_id` RIGHT JOIN `alert_rules` ON `alerts`.`rule_id`=`alert_rules`.`id` WHERE `alerts`.`state`!=' . AlertState::CLEAR . ' AND `devices`.`hostname` IS NULL';
foreach (dbFetchRows($sql) as $alert) {
if (empty($alert['hostname']) && isset($alert['alert_id'])) {
dbDelete('alerts', '`id` = ?', [$alert['alert_id']]);
echo "Stale-alert: #{$alert['alert_id']}" . PHP_EOL;
}
}
}
/**
* Re-Validate Rule-Mappings
*
* @param int $device_id Device-ID
* @param int $rule Rule-ID
* @return bool
*/
public function isRuleValid($device_id, $rule)
{
global $rulescache;
if (empty($rulescache[$device_id]) || ! isset($rulescache[$device_id])) {
foreach (AlertUtil::getRules($device_id) as $chk) {
$rulescache[$device_id][$chk['id']] = true;
}
}
if ($rulescache[$device_id][$rule] === true) {
return true;
}
return false;
}
/**
* Issue Alert-Object
*
* @param array $alert
* @return bool
*/
public function issueAlert($alert)
{
if (Config::get('alert.fixed-contacts') == false) {
if (empty($alert['query'])) {
$alert['query'] = AlertDB::genSQL($alert['rule'], $alert['builder']);
}
$sql = $alert['query'];
$qry = dbFetchRows($sql, [$alert['device_id']]);
$alert['details']['contacts'] = AlertUtil::getContacts($qry);
}
$obj = $this->describeAlert($alert);
if (is_array($obj)) {
echo 'Issuing Alert-UID #' . $alert['id'] . '/' . $alert['state'] . ':' . PHP_EOL;
if ($alert['state'] != AlertState::ACKNOWLEDGED || Config::get('alert.acknowledged') === true) {
$this->extTransports($obj);
}
echo "\r\n";
}
return true;
}
/**
* Issue ACK notification
*
* @return void
*/
public function runAcks()
{
foreach ($this->loadAlerts('alerts.state = ' . AlertState::ACKNOWLEDGED . ' && alerts.open = ' . AlertState::ACTIVE) as $alert) {
$rextra = json_decode($alert['extra'], true);
if (! isset($rextra['acknowledgement'])) {
// backwards compatibility check
$rextra['acknowledgement'] = true;
}
if ($rextra['acknowledgement']) {
// Rule is set to send an acknowledgement alert
$this->issueAlert($alert);
dbUpdate(['open' => AlertState::CLEAR], 'alerts', 'rule_id = ? && device_id = ?', [$alert['rule_id'], $alert['device_id']]);
}
}
}
/**
* Run Follow-Up alerts
*
* @return void
*/
public function runFollowUp()
{
foreach ($this->loadAlerts('alerts.state > ' . AlertState::CLEAR . ' && alerts.open = 0') as $alert) {
if ($alert['state'] != AlertState::ACKNOWLEDGED || ($alert['info']['until_clear'] === false)) {
$rextra = json_decode($alert['extra'], true);
if ($rextra['invert']) {
continue;
}
if (empty($alert['query'])) {
$alert['query'] = AlertDB::genSQL($alert['rule'], $alert['builder']);
}
$chk = dbFetchRows($alert['query'], [$alert['device_id']]);
//make sure we can json_encode all the datas later
$cnt = count($chk);
for ($i = 0; $i < $cnt; $i++) {
if (isset($chk[$i]['ip'])) {
$chk[$i]['ip'] = inet6_ntop($chk[$i]['ip']);
}
}
$o = count($alert['details']['rule']);
$n = count($chk);
$ret = 'Alert #' . $alert['id'];
$state = AlertState::CLEAR;
if ($n > $o) {
$ret .= ' Worsens';
$state = AlertState::WORSE;
$alert['details']['diff'] = array_diff($chk, $alert['details']['rule']);
} elseif ($n < $o) {
$ret .= ' Betters';
$state = AlertState::BETTER;
$alert['details']['diff'] = array_diff($alert['details']['rule'], $chk);
}
if ($state > AlertState::CLEAR && $n > 0) {
$alert['details']['rule'] = $chk;
if (dbInsert([
'state' => $state,
'device_id' => $alert['device_id'],
'rule_id' => $alert['rule_id'],
'details' => gzcompress(json_encode($alert['details']), 9),
], 'alert_log')) {
dbUpdate(['state' => $state, 'open' => 1, 'alerted' => 1], 'alerts', 'rule_id = ? && device_id = ?', [$alert['rule_id'], $alert['device_id']]);
}
echo $ret . ' (' . $o . '/' . $n . ")\r\n";
}
}
}
}
public function loadAlerts($where)
{
$alerts = [];
foreach (dbFetchRows("SELECT alerts.id, alerts.alerted, alerts.device_id, alerts.rule_id, alerts.state, alerts.note, alerts.info FROM alerts WHERE $where") as $alert_status) {
$alert = dbFetchRow(
'SELECT alert_log.id,alert_log.rule_id,alert_log.device_id,alert_log.state,alert_log.details,alert_log.time_logged,alert_rules.rule,alert_rules.severity,alert_rules.extra,alert_rules.name,alert_rules.query,alert_rules.builder,alert_rules.proc FROM alert_log,alert_rules WHERE alert_log.rule_id = alert_rules.id && alert_log.device_id = ? && alert_log.rule_id = ? && alert_rules.disabled = 0 ORDER BY alert_log.id DESC LIMIT 1',
[$alert_status['device_id'], $alert_status['rule_id']]
);
if (empty($alert['rule_id']) || ! $this->isRuleValid($alert_status['device_id'], $alert_status['rule_id'])) {
echo 'Stale-Rule: #' . $alert_status['rule_id'] . '/' . $alert_status['device_id'] . "\r\n";
// Alert-Rule does not exist anymore, let's remove the alert-state.
dbDelete('alerts', 'rule_id = ? && device_id = ?', [$alert_status['rule_id'], $alert_status['device_id']]);
} else {
$alert['alert_id'] = $alert_status['id'];
$alert['state'] = $alert_status['state'];
$alert['alerted'] = $alert_status['alerted'];
$alert['note'] = $alert_status['note'];
if (! empty($alert['details'])) {
$alert['details'] = json_decode(gzuncompress($alert['details']), true);
}
$alert['info'] = json_decode($alert_status['info'], true);
$alerts[] = $alert;
}
}
return $alerts;
}
/**
* Run all alerts
*
* @return void
*/
public function runAlerts()
{
foreach ($this->loadAlerts('alerts.state != ' . AlertState::ACKNOWLEDGED . ' && alerts.open = 1') as $alert) {
$noiss = false;
$noacc = false;
$updet = false;
$rextra = json_decode($alert['extra'], true);
if (! isset($rextra['recovery'])) {
// backwards compatibility check
$rextra['recovery'] = true;
}
$chk = dbFetchRow('SELECT alerts.alerted,devices.ignore,devices.disabled FROM alerts,devices WHERE alerts.device_id = ? && devices.device_id = alerts.device_id && alerts.rule_id = ?', [$alert['device_id'], $alert['rule_id']]);
if ($chk['alerted'] == $alert['state']) {
$noiss = true;
}
$tolerence_window = Config::get('alert.tolerance_window');
if (! empty($rextra['count']) && empty($rextra['interval'])) {
// This check below is for compat-reasons
if (! empty($rextra['delay']) && $alert['state'] != AlertState::RECOVERED) {
if ((time() - strtotime($alert['time_logged']) + $tolerence_window) < $rextra['delay'] || (! empty($alert['details']['delay']) && (time() - $alert['details']['delay'] + $tolerence_window) < $rextra['delay'])) {
continue;
} else {
$alert['details']['delay'] = time();
$updet = true;
}
}
if ($alert['state'] == AlertState::ACTIVE && ! empty($rextra['count']) && ($rextra['count'] == -1 || $alert['details']['count']++ < $rextra['count'])) {
if ($alert['details']['count'] < $rextra['count']) {
$noacc = true;
}
$updet = true;
$noiss = false;
}
} else {
// This is the new way
if (! empty($rextra['delay']) && (time() - strtotime($alert['time_logged']) + $tolerence_window) < $rextra['delay'] && $alert['state'] != AlertState::RECOVERED) {
continue;
}
if (! empty($rextra['interval'])) {
if (! empty($alert['details']['interval']) && (time() - $alert['details']['interval'] + $tolerence_window) < $rextra['interval']) {
continue;
} else {
$alert['details']['interval'] = time();
$updet = true;
}
}
if (in_array($alert['state'], [AlertState::ACTIVE, AlertState::WORSE, AlertState::BETTER]) && ! empty($rextra['count']) && ($rextra['count'] == -1 || $alert['details']['count']++ < $rextra['count'])) {
if ($alert['details']['count'] < $rextra['count']) {
$noacc = true;
}
$updet = true;
$noiss = false;
}
}
if ($chk['ignore'] == 1 || $chk['disabled'] == 1) {
$noiss = true;
$updet = false;
$noacc = false;
}
if (AlertUtil::isMaintenance($alert['device_id'])) {
$noiss = true;
$noacc = true;
}
if ($updet) {
dbUpdate(['details' => gzcompress(json_encode($alert['details']), 9)], 'alert_log', 'id = ?', [$alert['id']]);
}
if (! empty($rextra['mute'])) {
echo 'Muted Alert-UID #' . $alert['id'] . "\r\n";
$noiss = true;
}
if ($this->isParentDown($alert['device_id'])) {
$noiss = true;
Eventlog::log('Skipped alerts because all parent devices are down', $alert['device_id'], 'alert', Severity::Ok);
}
if ($alert['state'] == AlertState::RECOVERED && $rextra['recovery'] == false) {
// Rule is set to not send a recovery alert
$noiss = true;
}
if (! $noiss) {
$this->issueAlert($alert);
dbUpdate(['alerted' => $alert['state']], 'alerts', 'rule_id = ? && device_id = ?', [$alert['rule_id'], $alert['device_id']]);
}
if (! $noacc) {
dbUpdate(['open' => 0], 'alerts', 'rule_id = ? && device_id = ?', [$alert['rule_id'], $alert['device_id']]);
}
}
}
/**
* Run external transports
*
* @param array $obj Alert-Array
* @return void
*/
public function extTransports($obj)
{
$type = new Template;
// If alert transport mapping exists, override the default transports
$transport_maps = AlertUtil::getAlertTransports($obj['alert_id']);
if (! $transport_maps) {
$transport_maps = AlertUtil::getDefaultAlertTransports();
}
// alerting for default contacts, etc
if (Config::get('alert.transports.mail') === true && ! empty($obj['contacts'])) {
$transport_maps[] = [
'transport_id' => null,
'transport_type' => 'mail',
'opts' => $obj,
];
}
foreach ($transport_maps as $item) {
$class = Transport::getClass($item['transport_type']);
if (class_exists($class)) {
//FIXME remove Deprecated transport
$transport_title = "Transport {$item['transport_type']}";
$obj['transport'] = $item['transport_type'];
$obj['transport_name'] = $item['transport_name'];
$obj['alert'] = new AlertData($obj);
$obj['title'] = $type->getTitle($obj);
$obj['alert']['title'] = $obj['title'];
$obj['msg'] = $type->getBody($obj);
c_echo(" :: $transport_title => ");
try {
$instance = new $class(AlertTransport::find($item['transport_id']));
$tmp = $instance->deliverAlert($obj, $item['opts'] ?? []);
$this->alertLog($tmp, $obj, $obj['transport']);
} catch (AlertTransportDeliveryException $e) {
Eventlog::log($e->getTraceAsString() . PHP_EOL . $e->getMessage(), $obj['device_id'], 'alert', Severity::Error);
$this->alertLog($e->getMessage(), $obj, $obj['transport']);
} catch (\Exception $e) {
$this->alertLog($e, $obj, $obj['transport']);
}
unset($instance);
echo PHP_EOL;
}
}
if (count($transport_maps) === 0) {
echo 'No configured transports';
}
}
// Log alert event
public function alertLog($result, $obj, $transport)
{
$prefix = [
AlertState::RECOVERED => 'recovery',
AlertState::ACTIVE => $obj['severity'] . ' alert',
AlertState::ACKNOWLEDGED => 'acknowledgment',
AlertState::WORSE => 'got worse',
AlertState::BETTER => 'got better',
];
$severity = match ($obj['state']) {
AlertState::RECOVERED => Severity::Ok,
AlertState::ACTIVE => Severity::tryFrom((int) $obj['severity']) ?? Severity::Unknown,
AlertState::ACKNOWLEDGED => Severity::Notice,
default => Severity::Unknown,
};
if ($result === true) {
echo 'OK';
Eventlog::log('Issued ' . $prefix[$obj['state']] . " for rule '" . $obj['name'] . "' to transport '" . $transport . "'", $obj['device_id'], 'alert', $severity);
} elseif ($result === false) {
echo 'ERROR';
Eventlog::log('Could not issue ' . $prefix[$obj['state']] . " for rule '" . $obj['name'] . "' to transport '" . $transport . "'", $obj['device_id'], null, Severity::Error);
} else {
echo "ERROR: $result\r\n";
Eventlog::log('Could not issue ' . $prefix[$obj['state']] . " for rule '" . $obj['name'] . "' to transport '" . $transport . "' Error: " . $result, $obj['device_id'], 'error', Severity::Error);
}
}
/**
* Check if a device's all parent are down
* Returns true if all parents are down
*
* @param int $device Device-ID
* @return bool
*/
public function isParentDown($device)
{
$parent_count = dbFetchCell('SELECT count(*) from `device_relationships` WHERE `child_device_id` = ?', [$device]);
if (! $parent_count) {
return false;
}
$down_parent_count = dbFetchCell("SELECT count(*) from devices as d LEFT JOIN devices_attribs as a ON d.device_id=a.device_id LEFT JOIN device_relationships as r ON d.device_id=r.parent_device_id WHERE d.status=0 AND d.ignore=0 AND d.disabled=0 AND r.child_device_id=? AND (d.status_reason='icmp' OR (a.attrib_type='override_icmp_disable' AND a.attrib_value=true))", [$device]);
if ($down_parent_count == $parent_count) {
return true;
}
return false;
}
}