def find_incident(self, key_prefix=None, incident_horizon=None): start_time = current_time_offset()-incident_horizon recent_incidents = redis.zrevrangebyscore(KEY_INCIDENTS, '+inf', start_time) for incident in recent_incidents: if incident.startswith(key_prefix): return incident return None
def do_creation(self, ): """ Insert an Incident hash. Before creating a new incident, a check is performed to see if the same src host has a live incident within the configured time horizon. """ now = current_time_offset() incident_key_prefix = self.INCIDENT_KEY_PREFIX + self.data['src_host'] incident_horizon = float( c.config.getVal(self.CONFIG_INCIDENT_HORIZON, default=c.config.getVal('console.incident_horizon', default=60))) current_incident_key = self.find_incident( key_prefix=incident_key_prefix, incident_horizon=incident_horizon) if current_incident_key: #an incident already exists, update it current_incident = redis.hgetall(current_incident_key) current_incident['events_list'] += ',' + repr(now) current_incident['events_count'] = int( current_incident['events_count']) + 1 current_incident['updated'] = True #add new log data to old incident if self.data.has_key('logdata'): current_incident = self.add_log_data(current_incident) redis.hmset(current_incident_key, current_incident) redis.zrem(KEY_INCIDENTS, current_incident_key) redis.zadd(KEY_INCIDENTS, now, current_incident_key) else: #this is a new incident incident_key = self.make_key(time=now) self.data['created'] = now self.data['events_list'] = repr(now) self.data['events_count'] = 1 self.data['acknowledged'] = False self.data['notified'] = False self.data['updated'] = True self.data['description'] = self.DESCRIPTION if self.data.has_key('logdata'): if type(self.data['logdata']) == list: self.data['logdata'] = simplejson.dumps( self.data['logdata']) else: self.data['logdata'] = simplejson.dumps( [self.data['logdata']]) redis.hmset(incident_key, self.data) redis.zadd(KEY_INCIDENTS, now, incident_key) deferToThread(notify, self)
def do_creation(self,): """ Insert an Incident hash. Before creating a new incident, a check is performed to see if the same src host has a live incident within the configured time horizon. """ now = current_time_offset() incident_key_prefix = self.INCIDENT_KEY_PREFIX + self.data['src_host'] incident_horizon = float(c.config.getVal( self.CONFIG_INCIDENT_HORIZON, default=c.config.getVal( 'console.incident_horizon', default=60))) current_incident_key = self.find_incident(key_prefix=incident_key_prefix, incident_horizon=incident_horizon) if current_incident_key: #an incident already exists, update it current_incident = redis.hgetall(current_incident_key) current_incident['events_list'] += ','+repr(now) current_incident['events_count'] = int(current_incident['events_count'])+1 current_incident['updated'] = True #add new log data to old incident if self.data.has_key('logdata'): current_incident = self.add_log_data(current_incident) redis.hmset(current_incident_key, current_incident) redis.zrem(KEY_INCIDENTS, current_incident_key) redis.zadd(KEY_INCIDENTS, now, current_incident_key) else: #this is a new incident incident_key = self.make_key(time=now) self.data['created'] = now self.data['events_list'] = repr(now) self.data['events_count'] = 1 self.data['acknowledged'] = False self.data['notified'] = False self.data['updated'] = True self.data['description'] = self.DESCRIPTION if self.data.has_key('logdata'): if type(self.data['logdata']) == list: self.data['logdata'] = simplejson.dumps(self.data['logdata']) else: self.data['logdata'] = simplejson.dumps([self.data['logdata']]) redis.hmset(incident_key, self.data) redis.zadd(KEY_INCIDENTS, now, incident_key) deferToThread(notify, self)