use of org.graylog2.alerts.Alert in project graylog2-server by Graylog2.
the class StreamResource method cloneStream.
@POST
@Path("/{streamId}/clone")
@Timed
@ApiOperation(value = "Clone a stream")
@ApiResponses(value = { @ApiResponse(code = 404, message = "Stream not found."), @ApiResponse(code = 400, message = "Invalid or missing Stream id.") })
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@AuditEvent(type = AuditEventTypes.STREAM_CREATE)
public Response cloneStream(@ApiParam(name = "streamId", required = true) @PathParam("streamId") String streamId, @ApiParam(name = "JSON body", required = true) @Valid @NotNull CloneStreamRequest cr) throws ValidationException, NotFoundException {
checkPermission(RestPermissions.STREAMS_CREATE);
checkPermission(RestPermissions.STREAMS_READ, streamId);
checkNotDefaultStream(streamId, "The default stream cannot be cloned.");
final Stream sourceStream = streamService.load(streamId);
final String creatorUser = getCurrentUser().getName();
// Create stream.
final Map<String, Object> streamData = Maps.newHashMap();
streamData.put(StreamImpl.FIELD_TITLE, cr.title());
streamData.put(StreamImpl.FIELD_DESCRIPTION, cr.description());
streamData.put(StreamImpl.FIELD_CREATOR_USER_ID, creatorUser);
streamData.put(StreamImpl.FIELD_CREATED_AT, Tools.nowUTC());
streamData.put(StreamImpl.FIELD_MATCHING_TYPE, sourceStream.getMatchingType().toString());
streamData.put(StreamImpl.FIELD_REMOVE_MATCHES_FROM_DEFAULT_STREAM, cr.removeMatchesFromDefaultStream());
streamData.put(StreamImpl.FIELD_INDEX_SET_ID, cr.indexSetId());
final Stream stream = streamService.create(streamData);
streamService.pause(stream);
final String id = streamService.save(stream);
final List<StreamRule> sourceStreamRules = streamRuleService.loadForStream(sourceStream);
for (StreamRule streamRule : sourceStreamRules) {
final Map<String, Object> streamRuleData = Maps.newHashMapWithExpectedSize(6);
streamRuleData.put(StreamRuleImpl.FIELD_TYPE, streamRule.getType().toInteger());
streamRuleData.put(StreamRuleImpl.FIELD_FIELD, streamRule.getField());
streamRuleData.put(StreamRuleImpl.FIELD_VALUE, streamRule.getValue());
streamRuleData.put(StreamRuleImpl.FIELD_INVERTED, streamRule.getInverted());
streamRuleData.put(StreamRuleImpl.FIELD_STREAM_ID, new ObjectId(id));
streamRuleData.put(StreamRuleImpl.FIELD_DESCRIPTION, streamRule.getDescription());
final StreamRule newStreamRule = streamRuleService.create(streamRuleData);
streamRuleService.save(newStreamRule);
}
for (AlertCondition alertCondition : streamService.getAlertConditions(sourceStream)) {
try {
final AlertCondition clonedAlertCondition = alertService.fromRequest(CreateConditionRequest.create(alertCondition.getType(), alertCondition.getTitle(), alertCondition.getParameters()), stream, creatorUser);
streamService.addAlertCondition(stream, clonedAlertCondition);
} catch (ConfigurationException e) {
LOG.warn("Unable to clone alert condition <" + alertCondition + "> - skipping: ", e);
}
}
for (AlarmCallbackConfiguration alarmCallbackConfiguration : alarmCallbackConfigurationService.getForStream(sourceStream)) {
final CreateAlarmCallbackRequest request = CreateAlarmCallbackRequest.create(alarmCallbackConfiguration);
final AlarmCallbackConfiguration alarmCallback = alarmCallbackConfigurationService.create(stream.getId(), request, getCurrentUser().getName());
alarmCallbackConfigurationService.save(alarmCallback);
}
for (Output output : sourceStream.getOutputs()) {
streamService.addOutput(stream, output);
}
clusterEventBus.post(StreamsChangedEvent.create(stream.getId()));
final Map<String, String> result = ImmutableMap.of("stream_id", id);
final URI streamUri = getUriBuilderToSelf().path(StreamResource.class).path("{streamId}").build(id);
return Response.created(streamUri).entity(result).build();
}
use of org.graylog2.alerts.Alert in project graylog2-server by Graylog2.
the class AlertScannerThread method doRun.
@Override
public void doRun() {
LOG.debug("Running alert checks.");
final List<Stream> alertedStreams = streamService.loadAllWithConfiguredAlertConditions();
LOG.debug("There are {} streams with configured alert conditions.", alertedStreams.size());
// Load all streams that have configured alert conditions.
for (Stream stream : alertedStreams) {
LOG.debug("Stream [{}] has [{}] configured alert conditions.", stream, streamService.getAlertConditions(stream).size());
if (stream.isPaused()) {
LOG.debug("Stream [{}] has been paused. Skipping alert check.", stream);
continue;
}
// Check if a threshold is reached.
streamService.getAlertConditions(stream).forEach(alertCondition -> alertScanner.checkAlertCondition(stream, alertCondition));
}
}
use of org.graylog2.alerts.Alert in project graylog2-server by Graylog2.
the class FunctionsSnippetsTest method syslog.
@Test
public void syslog() {
final Rule rule = parser.parseRule(ruleForTest(), false);
final Message message = evaluateRule(rule);
assertThat(actionsTriggered.get()).isTrue();
assertThat(message).isNotNull();
assertThat(message.getField("level0")).isEqualTo("Emergency");
assertThat(message.getField("level1")).isEqualTo("Alert");
assertThat(message.getField("level2")).isEqualTo("Critical");
assertThat(message.getField("level3")).isEqualTo("Error");
assertThat(message.getField("level4")).isEqualTo("Warning");
assertThat(message.getField("level5")).isEqualTo("Notice");
assertThat(message.getField("level6")).isEqualTo("Informational");
assertThat(message.getField("level7")).isEqualTo("Debug");
assertThat(message.getField("facility0")).isEqualTo("kern");
assertThat(message.getField("facility1")).isEqualTo("user");
assertThat(message.getField("facility2")).isEqualTo("mail");
assertThat(message.getField("facility3")).isEqualTo("daemon");
assertThat(message.getField("facility4")).isEqualTo("auth");
assertThat(message.getField("facility5")).isEqualTo("syslog");
assertThat(message.getField("facility6")).isEqualTo("lpr");
assertThat(message.getField("facility7")).isEqualTo("news");
assertThat(message.getField("facility8")).isEqualTo("uucp");
assertThat(message.getField("facility9")).isEqualTo("clock");
assertThat(message.getField("facility10")).isEqualTo("authpriv");
assertThat(message.getField("facility11")).isEqualTo("ftp");
assertThat(message.getField("facility12")).isEqualTo("ntp");
assertThat(message.getField("facility13")).isEqualTo("log audit");
assertThat(message.getField("facility14")).isEqualTo("log alert");
assertThat(message.getField("facility15")).isEqualTo("cron");
assertThat(message.getField("facility16")).isEqualTo("local0");
assertThat(message.getField("facility17")).isEqualTo("local1");
assertThat(message.getField("facility18")).isEqualTo("local2");
assertThat(message.getField("facility19")).isEqualTo("local3");
assertThat(message.getField("facility20")).isEqualTo("local4");
assertThat(message.getField("facility21")).isEqualTo("local5");
assertThat(message.getField("facility22")).isEqualTo("local6");
assertThat(message.getField("facility23")).isEqualTo("local7");
assertThat(message.getField("prio1_facility")).isEqualTo(0);
assertThat(message.getField("prio1_level")).isEqualTo(0);
assertThat(message.getField("prio2_facility")).isEqualTo(20);
assertThat(message.getField("prio2_level")).isEqualTo(5);
assertThat(message.getField("prio3_facility")).isEqualTo("kern");
assertThat(message.getField("prio3_level")).isEqualTo("Emergency");
assertThat(message.getField("prio4_facility")).isEqualTo("local4");
assertThat(message.getField("prio4_level")).isEqualTo("Notice");
}
use of org.graylog2.alerts.Alert in project graylog2-server by Graylog2.
the class HTTPAlarmCallback method getRequestedConfiguration.
@Override
public ConfigurationRequest getRequestedConfiguration() {
final ConfigurationRequest configurationRequest = new ConfigurationRequest();
configurationRequest.addField(new TextField(CK_URL, "URL", "https://example.org/alerts", "The URL to POST to when an alert is triggered", ConfigurationField.Optional.NOT_OPTIONAL));
return configurationRequest;
}
use of org.graylog2.alerts.Alert in project graylog2-server by Graylog2.
the class FormattedEmailAlertSender method sendEmails.
@Override
public void sendEmails(Stream stream, EmailRecipients recipients, AlertCondition.CheckResult checkResult, List<Message> backlog) throws TransportConfigurationException, EmailException {
if (!configuration.isEnabled()) {
throw new TransportConfigurationException("Email transport is not enabled in server configuration file!");
}
if (recipients == null || recipients.isEmpty()) {
throw new RuntimeException("Cannot send emails: empty recipient list.");
}
final Set<String> recipientsSet = recipients.getEmailRecipients();
if (recipientsSet.size() == 0) {
final Notification notification = notificationService.buildNow().addNode(nodeId.toString()).addType(Notification.Type.GENERIC).addSeverity(Notification.Severity.NORMAL).addDetail("title", "Stream \"" + stream.getTitle() + "\" is alerted, but no recipients have been defined!").addDetail("description", "To fix this, go to the alerting configuration of the stream and add at least one alert recipient.");
notificationService.publishIfFirst(notification);
}
for (String email : recipientsSet) {
sendEmail(email, stream, checkResult, backlog);
}
}
Aggregations