Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Help with SQL Expression possibilities :) #229

Open
jdcoats opened this issue Aug 22, 2024 · 6 comments
Open

Help with SQL Expression possibilities :) #229

jdcoats opened this issue Aug 22, 2024 · 6 comments

Comments

@jdcoats
Copy link

jdcoats commented Aug 22, 2024

I need assistance with an expression for syslog. I have firewall syslog messages example:

Teardown TCP connection 1067175433 for inside:10.1.5.21/60506 to outside:35.184.35.160/443 duration 0:01:27 bytes 18844 TCP FINs from outside

The objective is to alert on bytes > 200000000 or some threshold.
This doesn't work but shows the spirit of the task anyway

select * from syslog.syslog_incoming where host = 'FTD-Primary' and message like '%bytes > 200000000%';

Is there a way to do this without the # being in a column of its own?
@TheWitness
Copy link
Member

@jdcoats , I would do use the flowview plugin, and then with your help get those bad boys nailed down. Make sure you have space.

There is a ticket we've asked for help on. Where if the stream is coming from a FW, we can collect the client indpoint traffic if it relevant.

The issue then becomes, how to trigger an alert.

Syslog may be quicker...

@TheWitness
Copy link
Member

TheWitness commented Aug 22, 2024
edited
Loading

If only my alerting plugin that has the capability to do SQL queries was available and QA'd for normal Cacti. It's specifically designed for RTM. It's out on GitHub but no guarantees that will work for this particular use case. It's called gridalarms.

@TheWitness
Copy link
Member

TheWitness commented Aug 22, 2024
edited
Loading

It looks and feels a lot like thold but designed for either running scripts or queries.

@TheWitness
Copy link
Member

Sorry, gridalarms,

https://github.com/IBM/ibm-spectrum-lsf-rtm-server/tree/develop/cacti%2Fplugins%2Fgridalarms

@jdcoats
Copy link
Author

jdcoats commented Aug 23, 2024

it looks to be packaged as a whole new cacti install with a few new plugins in it. Doesn't seem like a simple plugin install.

@jdcoats
Copy link
Author

jdcoats commented Aug 23, 2024
edited
Loading

That makes a mess

2024/08/23 11:18:46 - CMDPHP ERROR: debounce key was truncated from debounce_missing:plugins/RTM/include/fusioncharts/fusioncharts.js to debounce_missing:plugins/RTM/include/fusioncharts/ Backtrace: (/plugins.php[216]:top_header(), /lib/functions.php[4654]:include_once(), /include/top_header.php[34]:html_common_header(), /lib/html.php[2675]:api_plugin_hook(), /lib/plugins.php[95]:api_plugin_run_plugin_hook(), /lib/plugins.php[237]:rtm_page_head(), /plugins/RTM/setup.php[45]:get_md5_include_js(), /lib/functions.php[6680]:get_include_relpath(), /lib/functions.php[6666]:debounce_run_notification(), /lib/functions.php[7383]:cacti_debug_backtrace())
2024/08/23 11:18:46 - CMDPHP PHP ERROR WARNING Backtrace: (/plugins.php[216]:top_header(), /lib/functions.php[4654]:include_once(), /include/top_header.php[34]:html_common_header(), /lib/html.php[2675]:api_plugin_hook(), /lib/plugins.php[95]:api_plugin_run_plugin_hook(), /lib/plugins.php[237]:rtm_page_head(), /plugins/RTM/setup.php[42]:include_once(), /plugins/RTM/setup.php[42]:CactiErrorHandler())
2024/08/23 11:18:46 - ERROR PHP WARNING in Plugin 'RTM': include_once(): Failed opening '/var/www/localhost/htdocs/cacti/lib/rtm_functions.php' for inclusion (include_path='.:/usr/share/php7:/usr/share/php:/var/www/localhost/htdocs/cacti:/var/www/localhost/htdocs/cacti/') in file: /var/www/localhost/htdocs/cacti/plugins/RTM/setup.php on line: 42
2024/08/23 11:18:46 - CMDPHP PHP ERROR WARNING Backtrace: (/plugins.php[216]:top_header(), /lib/functions.php[4654]:include_once(), /include/top_header.php[34]:html_common_header(), /lib/html.php[2675]:api_plugin_hook(), /lib/plugins.php[95]:api_plugin_run_plugin_hook(), /lib/plugins.php[237]:rtm_page_head(), /plugins/RTM/setup.php[42]:include_once(), /plugins/RTM/setup.php[42]:CactiErrorHandler())
2024/08/23 11:18:46 - ERROR PHP WARNING in Plugin 'RTM': include_once(/var/www/localhost/htdocs/cacti/lib/rtm_functions.php): Failed to open stream: No such file or directory in file: /var/www/localhost/htdocs/cacti/plugins/RTM/setup.php on line: 42

2024/08/23 10:19:53 - ERROR PHP DEPRECATED in Plugin 'grid': Optional parameter $apply_limits declared before required parameter $total_rows is implicitly treated as a required parameter in file: /var/www/localhost/htdocs/cacti/plugins/grid/lib/grid_functions.php on line: 11721
2024/08/23 10:19:53 - CMDPHP PHP ERROR Backtrace: (/plugins/syslog/syslog_process.php[25]:include(), /include/cli_check.php[45]:include(), /include/global.php[549]:include_once(), /include/global_arrays.php[2930]:api_plugin_hook(), /lib/plugins.php[95]:api_plugin_run_plugin_hook(), /lib/plugins.php[237]:grid_config_arrays(), /plugins/grid/setup.php[6158]:include_once(), /plugins/grid/include/grid_constants.php[21]:include_once(), /plugins/grid/include/grid_constants.php[21]:CactiErrorHandler())
2024/08/23 10:19:53 - ERROR PHP DEPRECATED in Plugin 'grid': Optional parameter $apply_limits declared before required parameter $total_rows is implicitly treated as a required parameter in file: /var/www/localhost/htdocs/cacti/plugins/grid/lib/grid_functions.php on line: 11721
2024/08/23 10:19:53 - CMDPHP PHP ERROR Backtrace: (/plugins/hmib/poller_hmib.php[29]:include(), /include/cli_check.php[45]:include(), /include/global.php[549]:include_once(), /include/global_arrays.php[2930]:api_plugin_hook(), /lib/plugins.php[95]:api_plugin_run_plugin_hook(), /lib/plugins.php[237]:grid_config_arrays(), /plugins/grid/setup.php[6158]:include_once(), /plugins/grid/include/grid_constants.php[21]:include_once(), /plugins/grid/include/grid_constants.php[21]:CactiErrorHandler())
2024/08/23 10:19:53 - ERROR PHP DEPRECATED in Plugin 'grid': Optional parameter $apply_limits declared before required parameter $rowsquery is implicitly treated as a required parameter in file: /var/www/localhost/htdocs/cacti/plugins/grid/lib/grid_functions.php on line: 10343
2024/08/23 10:19:53 - CMDPHP PHP ERROR Backtrace: (/plugins/syslog/syslog_process.php[25]:include(), /include/cli_check.php[45]:include(), /include/global.php[549]:include_once(), /include/global_arrays.php[2930]:api_plugin_hook(), /lib/plugins.php[95]:api_plugin_run_plugin_hook(), /lib/plugins.php[237]:grid_config_arrays(), /plugins/grid/setup.php[6158]:include_once(), /plugins/grid/include/grid_constants.php[21]:include_once(), /plugins/grid/include/grid_constants.php[21]:CactiErrorHandler())
2024/08/23 10:19:53 - ERROR PHP DEPRECATED in Plugin 'grid': Optional parameter $apply_limits declared before required parameter $rowsquery is implicitly treated as a required parameter in file: /var/www/localhost/htdocs/cacti/plugins/grid/lib/grid_functions.php on line: 10343

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TheWitness @jdcoats