Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filters able to raise alerts themselves #135

Merged
merged 30 commits into from
Dec 11, 2019
Merged

Filters able to raise alerts themselves #135

merged 30 commits into from
Dec 11, 2019

Conversation

HugoSoszynski
Copy link
Contributor

@HugoSoszynski HugoSoszynski commented Nov 20, 2019
edited
Loading

✨ Pull Request Template

‼️ Once all the checklist is done you have to:

  • stash merge this pull request
  • delete the corresponding branch
  • close the associated issue

📃 Type of change

Breaking change: fix or feature that would cause existing functionality to not work as expected.

💡 Related Issue(s)

✒️ Description

BREAKING: The filters no longer launch alert on 101 code (error code).

CAUTION: This PR implies new configuration fields for the filters. However those are not mandatory (see filters documentation).

Adding an AlertManager to the Core to enable every filter to raise an alert.

The alerts can be raised in :

  • File
  • Redis list
  • Redis channel

Alert file rotation is handled catching the SIGHUP or SIGUSR1 signal.

Core

The new alerting configuration fields are:

  • 'log_file_path': path to the log file dedicated to alerts
  • 'redis_socket_path': path to the redis UNIX socket to send alert to
  • 'alert_redis_list_name': name of the alert list in redis
  • 'alert_redis_channel_name': name of redis channel to publish alert to

If the alert configuration is missing or wrong, it is not applied.
If the alert configuration is partialy correct, apply as much as possible.
In both cases a warning is logged.

DARWIN_RAISE_ALERT(str) macro makes filter code easier to read. (AlertManager.hpp)

CMake

  • Added the Redis dependencies to the CMakeLists.txt because it will soon be part of all the filters through the Alert Manager.
  • Added the required toolkit parts to the core sources.
  • Added DARWIN_LIBRARIES var to remove duplicata and avoid core libraries mistake.

FileManager

  • Only accepts const strings as no modification should occur.
  • Rewrote parts of the FileManager to be more C++ friendly.
  • Force reopen is now possible with our FiLeManager.
  • File opening / reopening is now done under mutex lock to prevent writing while opening / closing the file.

Filters

  • Filters are now using the AlertManager to raise alert.
  • Added ftest to enable easier testing of the core functions. This filter is not compiled by default but is mandatory for tests.

Tests

  • Added the alert manager tests (around 75 tests so no listing here)
  • Updated TAnomaly tests to check for proper handling of both legacy and new configuration file.

🎯 Test Environments

FreeBSD (version)

  • Redis 4.0.14_1
  • Boost 1.71.0
  • clang++ 8.0.1
  • CMake 3.15.4
  • Python 3.6

Ubuntu (version)

  • Redis 5.0.3
  • Boost 1.71.0
  • g++ 8.3.0
  • CMake 3.13.14
  • Python 3.7.3
  • Valgrind 3.14.0

✔️ Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • (ftest) I have added corresponding page to the documentation
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

  • 🙋 I certify on my honor that all the information provided is true, and I've done all I can to deliver a high quality code

@HugoSoszynski HugoSoszynski added this to the Version 1.2 milestone Nov 20, 2019
@HugoSoszynski HugoSoszynski self-assigned this Nov 20, 2019
@HugoSoszynski
WIP: ALERT MANAGER DONE BUT NOT IMPLEMENTED
0325881 
FileManager:
 - only accepts const strings as no modification should occur.

AlertManager:
 - Added WriteLogs, write the given string to the parameter log file.
   The input is considered as a log line, add new line at the end (\n).
 - Added REDISAddLogs, add given string to given redis list
   and publish it to given redis channel.
   If either the first or the other is not given,
   only apply to the given one.

TODO:
 - implement in the filters
 - automated  testing
 - flogs removal
- Vulture integration (non-blocking)
@HugoSoszynski
Merge branch 'dev' of github.com:VultureProject/darwin into remove_flogs
99a0e19
@HugoSoszynski
UPDATED FILEMANAGER FAIL HANDLING
4779feb 
Rewrote parts of the FileManager to be mor C++ friendly.
Exceptions should not be used as error return / flags!

Add operator bool to verify current state of the file the extensive way.
@HugoSoszynski
WORKING ALERTMANAGER - HAND TESTED
543514b 
Core:
AlertManager is now fully usable.
The Core method for loading the associated configuration are imlemented.
The new configuration fields are:
 - 'log_file_path': path to the log file dedicated to alerts
 - 'redis_socket_path': path to the redis UNIX socket to send alert to
 - 'alert_redis_list_name': name of the alert list in redis
 - 'alert_redis_channel_name': name of redis channel to publish alert to

If the alert configuration is missing or wrong,
it is not applied.
If the alert configuration is partialy correct,
apply as much as possible.
In both cases a warning is logged.

DARWIN_RAISE_ALERT(str) macro makes filter code easier to read.
(AlertManager.hpp)

CMake:
Added the redis dependencie to the CMakeLists.txt because it will soon
be part of all the filters through the Alert Manager.

Added the required toolkit parts to the core sources.

Added DARWIN_LIBRARIES var to remove duplicata and
avoid core libraries mistake.

fhostlookup:
Migration to the Alert Manager done and hand tested.
@HugoSoszynski
WIP: FILTERS MIGRATION TO ALERTMANAGER
8eb71fb 
NOT TESTED!

All the filters are migrated to use the AlertManager.

All the filters compile on linux.
@HugoSoszynski
UPDATED CONFIGURATION EXAMPLES
6884493 
Upadted configurations exaple to match the new alerting workflow.

Added missing DARWIN_RAISE_ALERT to fdga.
@HugoSoszynski
Merge branch 'dev' of github.com:VultureProject/darwin into remove_flogs
8a140cc
@HugoSoszynski
WIP: ALERTMANAGER AUTOMATED TESTING
0573268 
Added ftest to enable easier testing of the core functions.
This filter is not compiled by default but is mandatory for tests.
@HugoSoszynski
WIP: GENERATED ALERT TESTS
947d620 
Tests are generated to cover all the possible cases.
TODO: Run the tests.
@HugoSoszynski
WIP: ADDED ALERT TESTS TO CORE TESTS
79efc91
@HugoSoszynski
VARIOUS FIX AFTER TESTING
7dd9101 
Fix log in ftanomaly tests.

Fix TEST search in CMakeList.
TEST being a cmake function the word needs quotes around.

Removed useless files.

Fix multiple errors in AlertManager testing.

Added missing certitude pushback in TestTask.

Removed duplicate alert in file in ftanomaly.

Replaced some double quotes by simple quotes in order
to respect the json format of the logs.
@HugoSoszynski
Merge branch 'dev' of github.com:VultureProject/darwin into remove_flogs
f6ae3af
@HugoSoszynski
CHANGED TEST ORDER TO PASS ON UBUNTU BECAUSE
7fcafe7
@HugoSoszynski HugoSoszynski marked this pull request as ready for review December 10, 2019 14:42
@HugoSoszynski HugoSoszynski added the DO NOT MERGE Do not merge this PR label Dec 10, 2019
@HugoSoszynski
Copy link
Contributor Author

As the log rotate mechanism was put to my attention, this will require a dev and associated tests.

@HugoSoszynski
ADDED ALERT FILE ROTATION
87857a3 
Now the alert file rotation is handled by the SIGHUP or SIGUSR1 signal.

Added AlertManager file rotation automated test.

Force reopen is now possible with our FiLeManager.
File opening / reopening is now done under mutex lock to
prevent writing while opening / closing the file.
@HugoSoszynski HugoSoszynski removed the DO NOT MERGE Do not merge this PR label Dec 11, 2019
frikilax
frikilax requested changes Dec 11, 2019
View reviewed changes
HugoSoszynski and others added 9 commits December 11, 2019 11:33
@HugoSoszynski @frikilax
Update samples/ftest/Generator.cpp
31dd3bb 
Co-Authored-By: frikilax <[email protected]>
@HugoSoszynski @frikilax
Update samples/ftest/Generator.hpp
77ef118 
Co-Authored-By: frikilax <[email protected]>
@HugoSoszynski @frikilax
Update samples/ftest/TestTask.cpp
ec35bce 
Co-Authored-By: frikilax <[email protected]>
@HugoSoszynski @frikilax
Update samples/ftest/TestTask.cpp
2c62b73 
Co-Authored-By: frikilax <[email protected]>
@HugoSoszynski @frikilax
Update samples/ftest/TestTask.cpp
c727917 
Co-Authored-By: frikilax <[email protected]>
@HugoSoszynski @frikilax
Update samples/ftest/TestTask.hpp
313c1eb 
Co-Authored-By: frikilax <[email protected]>
@HugoSoszynski @frikilax
Update tests/core/alert.py
9ebecf8 
Co-Authored-By: frikilax <[email protected]>
@HugoSoszynski @frikilax
Update toolkit/FileManager.hpp
f648577 
Co-Authored-By: frikilax <[email protected]>
@HugoSoszynski
ALERTMANAGER DELAY ON WRITE RETRY
208ed03 
Added a slight delay (1 millisecond) before retrying to write the alert.
@HugoSoszynski HugoSoszynski merged commit e690f82 into dev Dec 11, 2019
@HugoSoszynski HugoSoszynski deleted the remove_flogs branch December 11, 2019 12:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frikilax frikilax frikilax approved these changes

@NS4nti NS4nti Awaiting requested review from NS4nti

Assignees

@HugoSoszynski HugoSoszynski

Labels
None yet
Projects
None yet
Milestone
Version 1.2
Development

Successfully merging this pull request may close these issues.

[IDEA] Do not alert on error (certitude = 101) [IDEA] Remove flogs for an "AlertManager" in the Core
2 participants
@HugoSoszynski @frikilax