def compare(self, event): key = hashable(lookup_es_key(event, self.rules['query_key'])) values = [] elastalert_logger.debug(" Previous Values of compare keys " + str(self.occurrences)) for val in self.rules['compound_compare_key']: lookup_value = lookup_es_key(event, val) values.append(lookup_value) elastalert_logger.debug(" Current Values of compare keys " + str(values)) start = changed = False for val in values: if not isinstance(val, bool) and not val and self.rules['ignore_null']: return False # If we have seen this key before, compare it to the new value if key in self.occurrences: for idx, previous_values in enumerate(self.occurrences[key]): elastalert_logger.debug(" " + str(previous_values) + " " + str(values[idx])) start = (previous_values != values[idx] and values[idx] in self.rules['blacklist']) changed = (previous_values != values[idx] and previous_values in self.rules['blacklist']) if start or changed: break if changed: entry = [self.occurrences[key], None, None] # If using timeframe, only return true if the time delta is < timeframe if key in self.occurrence_time: changed = (event[self.rules['timestamp_field']] - self.occurrence_time[key] <= self.timeframe(key)) old_time = self.occurrence_time[key] new_time = event[self.rules['timestamp_field']] duration = new_time - old_time entry[1], entry[2] = [old_time, duration.total_seconds()] self.change_map[key] = tuple(entry) if key not in self.occurrences or start or changed: # Update the current value and time elastalert_logger.debug( " Setting current value of compare keys values " + str(values)) self.occurrences[key] = values self.occurrence_time[key] = event[self.rules['timestamp_field']] elastalert_logger.debug( "Final result of comparision between previous and current values " + str(changed)) return changed
def add_match(self, match): # TODO this is not technically correct # if the term changes multiple times before an alert is sent # this data will be overwritten with the most recent change change = self.change_map.get( hashable(lookup_es_key(match, self.rules['query_key']))) extra = {} if change: extra = { 'value': change[0], 'start_time': change[1], 'duration': change[2] } elastalert_logger.debug("Description of the changed records " + str(dict(match.items() + extra.items()))) super(BlacklistDurationRule, self).add_match(dict(match.items() + extra.items()))
def alert(self, matches): body = '' for match in matches: body += str(BasicMatchString(self.rule, match)) # Separate text of aggregated alerts with dashes if len(matches) > 1: body += '\n----------------------------------------\n' if self.custom_message is None: self.message = self.create_title(matches) else: self.message = self.custom_message.format(**matches[0]) self.recipients = self._parse_responders(self.recipients, self.recipients_args, matches, self.default_reciepients) self.teams = self._parse_responders(self.teams, self.teams_args, matches, self.default_teams) post = {} post['message'] = self.message if self.account: post['user'] = self.account if self.recipients: post['responders'] = [{ 'username': r, 'type': 'user' } for r in self.recipients] if self.teams: post['teams'] = [{'name': r, 'type': 'team'} for r in self.teams] if self.description: post['description'] = self.description.format(**matches[0]) else: post['description'] = body if self.entity: post['entity'] = self.entity.format(**matches[0]) if self.source: post['source'] = self.source.format(**matches[0]) post['tags'] = [] for i, tag in enumerate(self.tags): post['tags'].append(tag.format(**matches[0])) priority = self.priority if priority: priority = priority.format(**matches[0]) if priority and priority not in ('P1', 'P2', 'P3', 'P4', 'P5'): elastalert_logger.warning( "Priority level does not appear to be specified correctly. \ Please make sure to set it to a value between P1 and P5" ) else: post['priority'] = priority if self.alias is not None: post['alias'] = self.alias.format(**matches[0]) details = self.get_details(matches) if details: post['details'] = details elastalert_logger.debug(json.dumps(post)) headers = { 'Content-Type': 'application/json', 'Authorization': 'GenieKey {}'.format(self.api_key), } # set https proxy, if it was provided proxies = { 'https': self.opsgenie_proxy } if self.opsgenie_proxy else None try: r = requests.post(self.to_addr, json=post, headers=headers, proxies=proxies) elastalert_logger.debug('request response: {0}'.format(r)) if r.status_code != 202: elastalert_logger.info("Error response from {0} \n " "API Response: {1}".format( self.to_addr, r)) r.raise_for_status() elastalert_logger.info("Alert sent to OpsGenie") except Exception as err: raise EAException("Error sending alert: {0}".format(err))
def alert(self, matches): try: elastalert_logger.debug("matches:%s", json.dumps(matches)) client = self.get_client() # Instantiate a request object. You can further set the request parameters according to the API called and actual conditions # You can directly check the SDK source code to determine which attributes of `SendSmsRequest` can be set # An attribute may be of a basic type or import another data structure # We recommend you use the IDE for development where you can easily redirect to and view the documentation of each API and data structure req = models.SendSmsRequest() # Settings of a basic parameter: # The SDK uses the pointer style to specify parameters, so even for basic parameters, you need to use pointers to assign values to them. # The SDK provides encapsulation functions for importing the pointers of basic parameters # Help link: # SMS console: https://console.cloud.tencent.com/smsv2 # sms helper: https://intl.cloud.tencent.com/document/product/382/3773?from_cn_redirect=1 # SMS application ID, which is the `SdkAppId` generated after an application is added in the [SMS console], such as 1400006666 # 短信应用ID: 短信SdkAppid在 [短信控制台] 添加应用后生成的实际SdkAppid,示例如 1400006666 req.SmsSdkAppId = self.tencent_sms_sdk_appid # SMS signature content, which should be encoded in UTF-8. You must enter an approved signature, which can be viewed in the [SMS console] # 短信签名内容: 使用 UTF-8 编码,必须填写已审核通过的签名,签名信息可登录 [短信控制台] 查看 req.SignName = self.tencent_sms_sign_name # SMS code number extension, which is not activated by default. If you need to activate it, please contact [SMS Helper] # 短信码号扩展号: 默认未开通,如需开通请联系 [sms helper] req.ExtendCode = "" # User session content, which can carry context information such as user-side ID and will be returned as-is by the server # 用户的 session 内容: 可以携带用户侧 ID 等上下文信息,server 会原样返回 # req.SessionContext = "xxx" # `senderid` for Global SMS, which is not activated by default. If you need to activate it, please contact [SMS Helper] for assistance. This parameter should be left empty for Mainland China SMS # 国际/港澳台短信 senderid: 国内短信填空,默认未开通,如需开通请联系 [sms helper] # req.SenderId = "" # Target mobile number in the E.164 standard (+[country/region code][mobile number]) # Example: +8613711112222, which has a + sign followed by 86 (country/region code) and then by 13711112222 (mobile number). Up to 200 mobile numbers are supported # 下发手机号码,采用 e.164 标准,+[国家或地区码][手机号] # 示例如:+8613711112222,其中前面有一个+号 ,86为国家码,13711112222为手机号,最多不要超过200个手机号 req.PhoneNumberSet = self.tencent_sms_to_number # Template ID. You must enter the ID of an approved template, which can be viewed in the [SMS console] # 模板 ID: 必须填写已审核通过的模板 ID。模板ID可登录 [短信控制台] 查看 req.TemplateId = self.tencent_sms_template_id # Template parameters. If there are no template parameters, leave it empty req.TemplateParamSet = self.create_template_parm(matches) elastalert_logger.debug("SendSms request :%s", json.dumps(req.__dict__)) # Initialize the request by calling the `DescribeInstances` method on the client object. Note: the request method name corresponds to the request object # The returned `resp` is an instance of the `DescribeInstancesResponse` class which corresponds to the request object resp = client.SendSms(req) # A string return packet in JSON format is outputted elastalert_logger.debug("SendSms response :%s", resp.to_json_string()) for item in resp.SendStatusSet: if item.Code != "Ok": raise TencentCloudSDKException(item.Code, item.Message, resp.RequestId) except TencentCloudSDKException as e: raise EAException("Error posting to TencentSMS: %s" % e) elastalert_logger.info("Alert sent to TencentSMS")