File: syslog_utils.lua

package info (click to toggle)
ntopng 5.2.1%2Bdfsg1-2
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 121,832 kB
  • sloc: javascript: 143,431; cpp: 71,175; ansic: 11,108; sh: 4,687; makefile: 911; python: 587; sql: 512; pascal: 234; perl: 118; ruby: 52; exp: 4
file content (158 lines) | stat: -rw-r--r-- 4,345 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
--
-- (C) 2019-22 - ntop.org
--

dirs = ntop.getDirs()
package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path

local alert_consts = require("alert_consts")
local alerts_api = require "alerts_api"
local companion_interface_utils = require "companion_interface_utils"

local syslog_utils = {}

-- #################################################################
  
local syslog_facility = {
   [0] = "kernel messages",
   [1] = "user-level messages",
   [2] = "mail system",
   [3] = "system daemons",
   [4] = "**security/authorization messages",
   [5] = "messages generated internally by syslog",
   [6] = "line printer subsystem",
   [7] = "network news subsystem",
   [8] = "UUCP subsystem",
   [9] = "clock daemon",
   [10] = "security/authorization messages",
   [11] = "FTP daemon",
   [12] = "NTP subsystem",
   [13] = "log audit",
   [14] = "log alert",
   [15] = "clock daemon",
}

------------------------------------------------------------------------

local syslog_level = {
   [0] = "EMERGENCY",
   [1] = "ALERT",
   [2] = "CRITICAL",
   [3] = "ERROR",
   [4] = "WARNING",
   [5] = "NOTICE",
   [6] = "INFORMATIONAL",
   [7] = "DEBUG",
}

------------------------------------------------------------------------

-- The function below returns a subtype for the log based on a simple hash
local function getLogSubtype(line)
   local hash = 0
   for i = 1, #line do
    hash = hash + line:byte(i)
   end
   return tostring(hash)
end

------------------------------------------------------------------------

function syslog_utils.handle_event(message, host, priority, level_threshold)
   -- Priority = Facility * 8 + Level
   local facility = math.floor(priority / 8)
   local level = priority - (facility * 8)

   local facility_name = syslog_facility[facility] or ""
   local level_name = syslog_level[level] or ""

   -- traceError(TRACE_NORMAL, TRACE_CONSOLE, "[host="..host.."][facility="..facility_name.."][level="..level_name.."][message="..message.."]")

   -- Discard info messages
   if level_threshold and level <= level_threshold then

      local entity = alerts_api.hostAlertEntity(host, 0)

      local score = 10
      if level <= 3 then
         score = 100
      elseif level <= 4 then
         score = 50
      end

      local type_info = alert_consts.alert_types.host_alert_host_log.new(
         host,
         level_name,
         facility_name,
         message)
         
      type_info:set_subtype(getLogSubtype(message))
      type_info:set_score(score)

      -- Deliver alert
      type_info:store(entity)

         -- Deliver to companion if any
      local companion_of = companion_interface_utils.getCurrentCompanionOf(interface.getId())
      local curr_iface = tostring(interface.getId())
      for _, m in pairs(companion_of) do
         interface.select(m)
         type_info:store(entity)
      end
      interface.select(curr_iface)

      return true
   end

   return false
end

-- #################################################################

local function getProducersMapKey(ifid)
  return string.format("ntopng.syslog.ifid_%d.producers_map", ifid)
end

------------------------------------------------------------------------

function syslog_utils.getProducers(ifid)
  local key = getProducersMapKey(ifid)
  local providers = ntop.getHashAllCache(key) or {}

  local res = {}
  for host, producer in pairs(providers) do
    res[#res + 1] = {
      host = host,
      producer = producer,
      producer_title = i18n(producer.."_collector.title"),
    }
  end

  return res
end

------------------------------------------------------------------------

function syslog_utils.hasProducer(ifid, host)
  local key = getProducersMapKey(ifid)
  local producer_type = ntop.getHashCache(key, host)
  return not isEmptyString(producer_type) 
end

------------------------------------------------------------------------

function syslog_utils.addProducer(ifid, host, producer_type)
  local key = getProducersMapKey(ifid)
  ntop.setHashCache(key, host, producer_type) 
end

------------------------------------------------------------------------

function syslog_utils.deleteProducer(ifid, host)
  local key = getProducersMapKey(ifid)
  ntop.delHashCache(key, host)
end

------------------------------------------------------------------------

return syslog_utils