Examples with AlertCondition org.graylog2.plugin.alarms.AlertCondition used on opensource projects

Example 41 with AlertCondition

use of org.graylog2.plugin.alarms.AlertCondition in project graylog2-server by Graylog2.

the class EmailAlarmCallback method call.

@Override
public void call(Stream stream, AlertCondition.CheckResult result) throws AlarmCallbackException {
    // Send alerts.
    final EmailRecipients emailRecipients = this.getEmailRecipients();
    if (emailRecipients.isEmpty()) {
        if (!emailConfiguration.isEnabled()) {
            throw new AlarmCallbackException("Email transport is not enabled in server configuration file!");
        }
        LOG.info("Alarm callback has no email recipients, not sending any emails.");
        return;
    }
    AlertCondition alertCondition = result.getTriggeredCondition();
    try {
        if (alertCondition.getBacklog() > 0 && result.getMatchingMessages() != null) {
            alertSender.sendEmails(stream, emailRecipients, result, getAlarmBacklog(result));
        } else {
            alertSender.sendEmails(stream, emailRecipients, result);
        }
    } catch (TransportConfigurationException e) {
        LOG.warn("Alarm callback has email recipients and is triggered, but email transport is not configured.");
        Notification notification = notificationService.buildNow().addNode(nodeId.toString()).addType(Notification.Type.EMAIL_TRANSPORT_CONFIGURATION_INVALID).addSeverity(Notification.Severity.NORMAL).addDetail("stream_id", stream.getId()).addDetail("exception", e.getMessage());
        notificationService.publishIfFirst(notification);
        throw new AlarmCallbackException(e.getMessage(), e);
    } catch (Exception e) {
        LOG.error("Alarm callback has email recipients and is triggered, but sending emails failed", e);
        String exceptionDetail = e.toString();
        if (e.getCause() != null) {
            exceptionDetail += " (" + e.getCause() + ")";
        }
        Notification notification = notificationService.buildNow().addNode(nodeId.toString()).addType(Notification.Type.EMAIL_TRANSPORT_FAILED).addSeverity(Notification.Severity.NORMAL).addDetail("stream_id", stream.getId()).addDetail("exception", exceptionDetail);
        notificationService.publishIfFirst(notification);
        throw new AlarmCallbackException(e.getMessage(), e);
    }
}

Example 42 with AlertCondition

use of org.graylog2.plugin.alarms.AlertCondition in project graylog2-server by Graylog2.

the class EmailAlarmCallback method getAlarmBacklog.

protected List<Message> getAlarmBacklog(AlertCondition.CheckResult result) {
    final AlertCondition alertCondition = result.getTriggeredCondition();
    final List<MessageSummary> matchingMessages = result.getMatchingMessages();
    final int effectiveBacklogSize = Math.min(alertCondition.getBacklog(), matchingMessages.size());
    if (effectiveBacklogSize == 0) {
        return Collections.emptyList();
    }
    final List<MessageSummary> backlogSummaries = matchingMessages.subList(0, effectiveBacklogSize);
    final List<Message> backlog = Lists.newArrayListWithCapacity(effectiveBacklogSize);
    for (MessageSummary messageSummary : backlogSummaries) {
        backlog.add(messageSummary.getRawMessage());
    }
    return backlog;
}

Example 43 with AlertCondition

use of org.graylog2.plugin.alarms.AlertCondition in project graylog2-server by Graylog2.

the class AlertConditionFactory method createAlertCondition.

public AlertCondition createAlertCondition(String type, Stream stream, String id, DateTime createdAt, String creatorId, Map<String, Object> parameters, String title) throws ConfigurationException {
    final String conditionTitle = isNullOrEmpty(title) ? "" : "'" + title + "' ";
    final AlertCondition.Factory factory = this.alertConditionMap.get(type);
    checkArgument(factory != null, "Unknown alert condition type <%s> for alert condition %s<%s> on stream \"%s\" <%s>", type, conditionTitle, id, stream.getTitle(), stream.getId());
    /*
         * Ensure the given parameters fulfill the requested configuration preconditions.
         * Here we strictly use the Configuration object to verify the configuration and don't pass it down to
         * the factory. The reason for this is that Configuration only support int values, but at least an
         * alert condition expects a double.
         */
    try {
        final ConfigurationRequest requestedConfiguration = factory.config().getRequestedConfiguration();
        final Configuration configuration = new Configuration(parameters);
        requestedConfiguration.check(configuration);
    } catch (ConfigurationException e) {
        LOG.error("Could not load alert condition {}<{}> on stream \"{}\" <{}>, invalid configuration detected.", conditionTitle, id, stream.getTitle(), stream.getId());
        throw e;
    }
    return factory.create(stream, id, createdAt, creatorId, parameters, title);
}

Example 44 with AlertCondition

use of org.graylog2.plugin.alarms.AlertCondition in project graylog2-server by Graylog2.

the class AlertNotificationsSender method send.

public void send(AlertCondition.CheckResult result, Stream stream, Alert alert, AlertCondition alertCondition) {
    final List<AlarmCallbackConfiguration> callConfigurations = alarmCallbackConfigurationService.getForStream(stream);
    // Checking if alarm callbacks have been defined
    for (AlarmCallbackConfiguration configuration : callConfigurations) {
        AlarmCallbackHistory alarmCallbackHistory;
        AlarmCallback alarmCallback = null;
        try {
            alarmCallback = alarmCallbackFactory.create(configuration);
            alarmCallback.call(stream, result);
            alarmCallbackHistory = alarmCallbackHistoryService.success(configuration, alert, alertCondition);
        } catch (Exception e) {
            if (alarmCallback != null) {
                LOG.warn("Alarm callback <" + alarmCallback.getName() + "> failed. Skipping.", e);
            } else {
                LOG.warn("Alarm callback with id " + configuration.getId() + " failed. Skipping.", e);
            }
            alarmCallbackHistory = alarmCallbackHistoryService.error(configuration, alert, alertCondition, e.getMessage());
        }
        try {
            alarmCallbackHistoryService.save(alarmCallbackHistory);
        } catch (Exception e) {
            LOG.warn("Unable to save history of alarm callback run: ", e);
        }
    }
}

Example 45 with AlertCondition

use of org.graylog2.plugin.alarms.AlertCondition in project graylog2-server by Graylog2.

the class AlertServiceImpl method shouldRepeatNotifications.

@Override
public boolean shouldRepeatNotifications(AlertCondition alertCondition, Alert alert) {
    // Do not repeat notifications if alert has no state, is resolved or the option to repeat notifications is disabled
    if (!alert.isInterval() || isResolved(alert) || !alertCondition.shouldRepeatNotifications()) {
        return false;
    }
    // Repeat notifications if no grace period is set, avoiding looking through the notification history
    if (alertCondition.getGrace() == 0) {
        return true;
    }
    AlarmCallbackHistory lastTriggeredAlertHistory = null;
    for (AlarmCallbackHistory history : alarmCallbackHistoryService.getForAlertId(alert.getId())) {
        if (lastTriggeredAlertHistory == null || lastTriggeredAlertHistory.createdAt().isBefore(history.createdAt())) {
            lastTriggeredAlertHistory = history;
        }
    }
    // Repeat notifications if no alert was ever triggered for this condition
    if (lastTriggeredAlertHistory == null) {
        return true;
    }
    final int lastAlertSecondsAgo = Seconds.secondsBetween(lastTriggeredAlertHistory.createdAt(), Tools.nowUTC()).getSeconds();
    return lastAlertSecondsAgo >= alertCondition.getGrace() * 60;
}