real time filters: added silent period to prevent filters from firing multiple events

Author: mickem

docs/docs/reference/check/CheckLogFile.md

@@ -311,6 +311,7 @@ This is a section of objects. This means that you will create objects below this
 | perf config      |                           | PERF CONFIG      |
 | read entire file |                           | read entire file |
 | severity         |                           | SEVERITY         |
+| silent period    | false                     | Silent period    |
 | source id        |                           | SOURCE ID        |
 | target           |                           | DESTINATION      |
 | target id        |                           | TARGET ID        |
@@ -341,6 +342,7 @@ maximum age=5m
 #perf config=...
 #read entire file=...
 #severity=...
+silent period=false
 #source id=...
 #target=...
 #target id=...

docs/docs/reference/windows/CheckDisk.md

@@ -353,7 +353,7 @@ L        cli WARNING: WARNING: 0/1 files (AsChkDev.txt: 328)
 L        cli  Performance data: 'count'=1;0;0
 ```
 
-### Check file sizes
+#### Check file sizes
 
 ```
 check_files path=c:/windows pattern=*.txt "detail-syntax=%(filename): %(size)" "warn=size>20k" max-depth=1

docs/docs/reference/windows/CheckEventLog.md

@@ -812,6 +812,7 @@ This is a section of objects. This means that you will create objects below this
 | ok syntax     |                           | SYNTAX          |
 | perf config   |                           | PERF CONFIG     |
 | severity      |                           | SEVERITY        |
+| silent period | false                     | Silent period   |
 | source id     |                           | SOURCE ID       |
 | target        |                           | DESTINATION     |
 | target id     |                           | TARGET ID       |
@@ -840,6 +841,7 @@ maximum age=5m
 #ok syntax=...
 #perf config=...
 #severity=...
+silent period=false
 #source id=...
 #target=...
 #target id=...

docs/docs/reference/windows/CheckSystem.md

@@ -2441,6 +2441,7 @@ This is a section of objects. This means that you will create objects below this
 | ok syntax     |                           | SYNTAX          |
 | perf config   |                           | PERF CONFIG     |
 | severity      |                           | SEVERITY        |
+| silent period | false                     | Silent period   |
 | source id     |                           | SOURCE ID       |
 | target        |                           | DESTINATION     |
 | target id     |                           | TARGET ID       |
@@ -2469,6 +2470,7 @@ maximum age=5m
 #ok syntax=...
 #perf config=...
 #severity=...
+silent period=false
 #source id=...
 #target=...
 #target id=...
@@ -2510,6 +2512,7 @@ This is a section of objects. This means that you will create objects below this
 | ok syntax     |                           | SYNTAX          |
 | perf config   |                           | PERF CONFIG     |
 | severity      |                           | SEVERITY        |
+| silent period | false                     | Silent period   |
 | source id     |                           | SOURCE ID       |
 | target        |                           | DESTINATION     |
 | target id     |                           | TARGET ID       |
@@ -2536,6 +2539,7 @@ maximum age=5m
 #ok syntax=...
 #perf config=...
 #severity=...
+silent period=false
 #source id=...
 #target=...
 #target id=...
@@ -2576,6 +2580,7 @@ This is a section of objects. This means that you will create objects below this
 | ok syntax     |                           | SYNTAX          |
 | perf config   |                           | PERF CONFIG     |
 | severity      |                           | SEVERITY        |
+| silent period | false                     | Silent period   |
 | source id     |                           | SOURCE ID       |
 | target        |                           | DESTINATION     |
 | target id     |                           | TARGET ID       |
@@ -2602,6 +2607,7 @@ maximum age=5m
 #ok syntax=...
 #perf config=...
 #severity=...
+silent period=false
 #source id=...
 #target=...
 #target id=...
@@ -2643,6 +2649,7 @@ This is a section of objects. This means that you will create objects below this
 | perf config   |                           | PERF CONFIG     |
 | process       |                           | PROCESS         |
 | severity      |                           | SEVERITY        |
+| silent period | false                     | Silent period   |
 | source id     |                           | SOURCE ID       |
 | target        |                           | DESTINATION     |
 | target id     |                           | TARGET ID       |
@@ -2669,6 +2676,7 @@ maximum age=5m
 #perf config=...
 #process=...
 #severity=...
+silent period=false
 #source id=...
 #target=...
 #target id=...

docs/samples/CheckDisk_check_files_samples.md

@@ -26,7 +26,7 @@ L        cli WARNING: WARNING: 0/1 files (AsChkDev.txt: 328)
 L        cli  Performance data: 'count'=1;0;0
 ```
 
-### Check file sizes
+#### Check file sizes
 
 ```
 check_files path=c:/windows pattern=*.txt "detail-syntax=%(filename): %(size)" "warn=size>20k" max-depth=1

include/nscapi/nscapi_settings_filter.cpp

@@ -57,6 +57,9 @@ namespace nscapi {
 				("maximum age", sh::string_fun_key(boost::bind(&filter_object::set_max_age, this, _1), "5m"),
 					"MAGIMUM AGE", "How long before reporting \"ok\".\nIf this is set to \"false\" no periodic ok messages will be reported only errors.")
 
+				("silent period", sh::string_fun_key(boost::bind(&filter_object::set_silent_period, this, _1), "false"),
+					"Silent period", "How long before a new alert is reported after an alert is reported. In other words whenever an alert is fired and a notification is sent the same notification will not be sent again until this period has ended.\nIf this is set to \"false\" no periodic ok messages will be reported only errors.")
+
 				("empty message", sh::string_key(&timeout_msg, "eventlog found no records"),
 					"EMPTY MESSAGE", "The message to display if nothing matches the filter (generally considered the ok state).", !is_default)
 

include/nscapi/nscapi_settings_filter.hpp

@@ -47,6 +47,7 @@ namespace nscapi {
 			NSCAPI::nagiosReturn severity;
 			std::string command;
 			boost::optional<boost::posix_time::time_duration> max_age;
+			boost::optional<boost::posix_time::time_duration> silent_period;
 			std::string target_id;
 			std::string source_id;
 			std::string timeout_msg;
@@ -76,6 +77,7 @@ namespace nscapi {
 				, severity(other.severity) 
 				, command(other.command)
 				, max_age(other.max_age)
+				, silent_period(other.silent_period)
 				, target_id(other.target_id)
 				, source_id(other.source_id)
 				, timeout_msg(other.timeout_msg)
@@ -114,6 +116,10 @@ namespace nscapi {
 				if (age != "none" && age != "infinite" && age != "false" && age != "off")
 					max_age = parse_time(age);
 			}
+			void set_silent_period(std::string age) {
+				if (age != "none" && age != "infinite" && age != "false" && age != "off")
+					silent_period = parse_time(age);
+			}
 
 			void read_object(nscapi::settings_helper::path_extension &path, const bool is_default);
 			void apply_parent(const filter_object &parent);

include/parsers/filter/realtime_helper.hpp

@@ -47,25 +47,92 @@ namespace parsers {
 			typedef typename runtime_data::transient_data_type transient_data_type;
 			typedef boost::optional<boost::posix_time::time_duration> op_duration;
 			struct container {
+			private:
 				std::string alias;
+				std::string event_name;
 				std::string target;
 				std::string target_id;
 				std::string source_id;
+			public:
 				std::string command;
 				std::string timeout_msg;
 				NSCAPI::nagiosReturn severity;
-				runtime_data data;
-				filter_type filter;
 				boost::optional<boost::posix_time::time_duration> max_age;
+				boost::optional<boost::posix_time::time_duration> silent_period;
+
+				// should be private...
+				filter_type filter;
+
+			private:
 				boost::posix_time::ptime next_ok_;
+				boost::posix_time::ptime next_alert_;
+			public:
 				bool debug;
 				bool escape_html;
-				std::string event_name;
-				container() : debug(false), escape_html(false) {}
+				runtime_data data;
+
+				container(std::string alias, std::string event_name, runtime_data data) : alias(alias), event_name(event_name), command(alias), debug(false), escape_html(false), data(data) {}
+
+				void set_target(std::string new_target, std::string new_target_id, std::string new_source_id) {
+					target = new_target;
+					target_id = new_target_id;
+					source_id = new_source_id;
+				}
+				bool is_event() const {
+					return target == "event";
+				}
+				bool is_events() const {
+					return target == "events";
+				}
+
+				std::string get_event_name() const {
+					return event_name;
+				}
+				std::string get_alias() const {
+					return alias;
+				}
+				std::string get_target() const {
+					return target;
+				}
+				std::string get_target_id() const {
+					return target_id;
+				}
+				std::string get_source_id() const {
+					return source_id;
+				}
+
+				bool build_filters(nscapi::settings_filters::filter_object config, std::string &error) {
+					std::string message;
+					if (!filter.build_syntax(config.debug, config.syntax_top, config.syntax_detail, config.perf_data, config.perf_config, config.syntax_ok, config.syntax_empty, message)) {
+						error = "Failed to build strings " + alias + ": " + message;
+						return false;
+					}
+					if (!filter.build_engines(config.debug, config.filter_string, config.filter_ok, config.filter_warn, config.filter_crit)) {
+						error = "Failed to build filters: " + alias;
+						return false;
+					}
+
+					if (!filter.validate(message)) {
+						error = "Failed to validate filter for " + alias + ": " + message;
+						return false;
+					}
+					return true;
+				}
+
+				bool is_silent(const boost::posix_time::ptime &now) {
+					if (!silent_period) {
+						return false;
+					}
+					return now < next_alert_;
+				}
 
-				void touch(const boost::posix_time::ptime &now) {
+				void touch(const boost::posix_time::ptime &now, bool alert) {
 					if (max_age)
 						next_ok_ = now + (*max_age);
+					if (alert && silent_period)
+						next_alert_ = now + (*silent_period);
+					else if (silent_period)
+						next_alert_ = now;
 					data.touch(now);
 				}
 
@@ -90,37 +157,23 @@ namespace parsers {
 			std::list<container_type> items;
 
 			bool add_item(const boost::shared_ptr<config_object> object, const runtime_data &source_data, const std::string event_name) {
-				container_type item(new container);
-				item->event_name = event_name;
-				item->alias = object->get_alias();
-				item->data = source_data;
-				item->target = object->filter.target;
-				item->target_id = object->filter.target_id;
-				item->source_id = object->filter.source_id;
-				item->command = item->alias;
+				container_type item(new container(object->get_alias(), event_name, source_data));
+				item->set_target(object->filter.target, object->filter.target_id, object->filter.source_id);
 				item->timeout_msg = object->filter.timeout_msg;
 				item->severity = object->filter.severity;
 				item->max_age = object->filter.max_age;
+				item->silent_period = object->filter.silent_period;
 				item->debug = object->filter.debug;
 				item->escape_html = object->filter.escape_html;
 				if (!object->filter.command.empty())
 					item->command = object->filter.command;
 				std::string message;
 
-				if (!item->filter.build_syntax(object->filter.debug, object->filter.syntax_top, object->filter.syntax_detail, object->filter.perf_data, object->filter.perf_config, object->filter.syntax_ok, object->filter.syntax_empty, message)) {
-					NSC_LOG_ERROR("Failed to build strings " + object->get_alias() + ": " + message);
-					return false;
-				}
-				if (!item->filter.build_engines(object->filter.debug, object->filter.filter_string, object->filter.filter_ok, object->filter.filter_warn, object->filter.filter_crit)) {
-					NSC_LOG_ERROR("Failed to build filters: " + object->get_alias());
+				if (!item->build_filters(object->filter, message)) {
+					NSC_LOG_ERROR(message);
 					return false;
 				}
 
-				std::string error;
-				if (!item->filter.validate(error)) {
-					NSC_LOG_ERROR("Failed to validate filter for " + object->get_alias() + ": " + error);
-					return false;
-				}
 				item->data.boot();
 				items.push_back(item);
 				return true;
@@ -129,14 +182,14 @@ namespace parsers {
 			void process_timeout(const container_type item) {
 				std::string response;
 				nscapi::core_helper ch(core, plugin_id);
-				if (!ch.submit_simple_message(item->target, item->source_id, item->target_id, item->command, NSCAPI::query_return_codes::returnOK, item->timeout_msg, "", response)) {
+				if (!ch.submit_simple_message(item->get_target(), item->get_source_id(), item->get_target_id(), item->command, NSCAPI::query_return_codes::returnOK, item->timeout_msg, "", response)) {
 					NSC_LOG_ERROR("Failed to submit result: " + response);
 				}
 			}
 
-			bool process_item(container_type item, transient_data_type data) {
+			bool process_item(container_type item, transient_data_type data, bool is_silent) {
 				std::string response;
-				if (item->target == "events" || item->target == "event") {
+				if (item->is_events() || item->is_event()) {
 					item->filter.fetch_hash(true);
 				}
 				item->filter.start_match();
@@ -148,22 +201,27 @@ namespace parsers {
 					return false;
 				}
 
+				if (is_silent) {
+					NSC_TRACE_MSG("Eventlog filter is silenced " + item->get_alias());
+					return true;
+				}
+
 				nscapi::core_helper ch(core, plugin_id);
-				if (item->target == "event") {
+				if (item->is_event()) {
 					typedef std::list<std::map<std::string, std::string> > list_type;
 					typedef std::map<std::string, std::string> hash_type;
 
 					list_type keys = item->filter.records_;
 					BOOST_FOREACH(hash_type &bundle, keys) {
-						if (!ch.emit_event(item->event_name, item->alias, bundle, response)) {
+						if (!ch.emit_event(item->get_event_name(), item->get_alias(), bundle, response)) {
 							NSC_LOG_ERROR("Failed to submit '" + response);
 						}
 					}
 					return true;
 				}
-				if (item->target == "events") {
+				if (item->is_events()) {
 					std::list<std::map<std::string, std::string> > keys = item->filter.records_;
-					if (!ch.emit_event(item->event_name, item->alias, keys, response)) {
+					if (!ch.emit_event(item->get_event_name(), item->get_alias(), keys, response)) {
 						NSC_LOG_ERROR("Failed to submit '" + response);
 					}
 					return true;
@@ -172,7 +230,7 @@ namespace parsers {
 				std::string message = item->filter.get_message();
 				if (message.empty())
 					message = "Nothing matched";
-				if (!ch.submit_simple_message(item->target, item->source_id, item->target_id, item->command, item->filter.summary.returnCode, message, "", response)) {
+				if (!ch.submit_simple_message(item->get_target(), item->get_source_id(), item->get_target_id(), item->command, item->filter.summary.returnCode, message, "", response)) {
 					NSC_LOG_ERROR("Failed to submit '" + message);
 				}
 				return true;
@@ -181,7 +239,7 @@ namespace parsers {
 			void touch_all() {
 				boost::posix_time::ptime current_time = boost::posix_time::second_clock::local_time();
 				BOOST_FOREACH(container_type item, items) {
-					item->touch(current_time);
+					item->touch(current_time, false);
 				}
 			}
 
@@ -197,9 +255,9 @@ namespace parsers {
 					BOOST_FOREACH(container_type item, items) {
 						if (item->data.has_changed(data)) {
 							has_changed = true;
-							if (process_item(item, data)) {
+							if (process_item(item, data, item->is_silent(current_time))) {
 								has_matched = true;
-								item->touch(current_time);
+								item->touch(current_time, true);
 							}
 						}
 					}
@@ -224,7 +282,7 @@ namespace parsers {
 					BOOST_FOREACH(container_type item, items) {
 						if (item->has_timedout(current_time)) {
 							process_timeout(item);
-							item->touch(current_time);
+							item->touch(current_time, false);
 						}
 					}
 				} catch (...) {