148 lines
4.5 KiB
Go
148 lines
4.5 KiB
Go
package models
|
|
|
|
import "gorm.io/gorm"
|
|
|
|
// GetAllModels 数据库迁移用模型列表
|
|
func GetAllModels() []interface{} {
|
|
return []interface{}{
|
|
&LogEvent{},
|
|
&AlertOutbox{},
|
|
&ResourceMapping{},
|
|
&ResourceEventDedup{},
|
|
&TrapDictionaryEntry{},
|
|
&SyslogRule{},
|
|
&TrapRule{},
|
|
&TrapShield{},
|
|
&AuditLog{},
|
|
&DangerousOperationApproval{},
|
|
}
|
|
}
|
|
|
|
// InitData 初始化默认规则数据(幂等)
|
|
func InitData(db *gorm.DB) error {
|
|
if db == nil {
|
|
return nil
|
|
}
|
|
if err := seedDefaultSyslogRules(db); err != nil {
|
|
return err
|
|
}
|
|
if err := seedDefaultTrapRules(db); err != nil {
|
|
return err
|
|
}
|
|
if err := seedDefaultTrapDictionary(db); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func seedDefaultSyslogRules(db *gorm.DB) error {
|
|
var cnt int64
|
|
if err := db.Model(&SyslogRule{}).Count(&cnt).Error; err != nil {
|
|
return err
|
|
}
|
|
if cnt > 0 {
|
|
return nil
|
|
}
|
|
rows := []SyslogRule{
|
|
{
|
|
Name: "默认-系统严重错误",
|
|
Enabled: true,
|
|
Priority: 100,
|
|
DeviceNameContains: "",
|
|
KeywordRegex: "(?i)(panic|fatal|segmentation fault|kernel panic|out of memory|oom)",
|
|
AlertName: "Syslog严重错误",
|
|
SeverityCode: "critical",
|
|
PolicyID: 0,
|
|
},
|
|
{
|
|
Name: "默认-链路中断告警",
|
|
Enabled: true,
|
|
Priority: 90,
|
|
DeviceNameContains: "",
|
|
KeywordRegex: "(?i)(link down|interface .* down|port .* down)",
|
|
SourceMatch: "",
|
|
MessageRegex: "(?i)(link down|interface .* down|port .* down|LINK_DOWN)",
|
|
AlertName: "Syslog链路中断",
|
|
SeverityCode: "major",
|
|
SeverityMappingJSON: `{"(?i)(critical|fatal|emergency)":"critical","(?i)(error|LINK_DOWN|down)":"major","(?i)(warning|warn)":"warning"}`,
|
|
ResourceUIDExtractRegex: `(?i)(?:resource_uid=|resource=)(?P<resource_uid>[a-z0-9_-]+:[a-z0-9_.:/-]+)|Interface (?P<iface>[A-Za-z0-9/._-]+)`,
|
|
PolicyID: 0,
|
|
},
|
|
{
|
|
Name: "H3C-Syslog-接口中断",
|
|
Enabled: true,
|
|
Priority: 120,
|
|
SourceMatch: "h3c",
|
|
MessageRegex: `(?i)(LINK_DOWN|Interface .* down|port .* down)`,
|
|
AlertName: "H3C Syslog接口中断",
|
|
SeverityCode: "major",
|
|
SeverityMappingJSON: `{"(?i)(LINK_DOWN|down)":"major","(?i)(LINK_UP|up)":"info"}`,
|
|
ResourceUIDExtractRegex: `(?i)(?:resource_uid=|resource=)(?P<resource_uid>network:[a-z0-9_.:/-]+)|Interface (?P<iface>[A-Za-z0-9/._-]+)`,
|
|
PolicyID: 0,
|
|
},
|
|
}
|
|
return db.Create(&rows).Error
|
|
}
|
|
|
|
func seedDefaultTrapRules(db *gorm.DB) error {
|
|
var cnt int64
|
|
if err := db.Model(&TrapRule{}).Count(&cnt).Error; err != nil {
|
|
return err
|
|
}
|
|
if cnt > 0 {
|
|
return nil
|
|
}
|
|
rows := []TrapRule{
|
|
{
|
|
Name: "默认-Trap链路中断",
|
|
Enabled: true,
|
|
Priority: 100,
|
|
OIDPrefix: "1.3.6.1.6.3.1.1.5",
|
|
VarbindMatchRegex: "(?i)(linkdown|ifdown|down)",
|
|
AlertName: "SNMP Trap链路中断",
|
|
SeverityCode: "major",
|
|
PolicyID: 0,
|
|
},
|
|
}
|
|
return db.Create(&rows).Error
|
|
}
|
|
|
|
func seedDefaultTrapDictionary(db *gorm.DB) error {
|
|
var cnt int64
|
|
if err := db.Model(&TrapDictionaryEntry{}).Count(&cnt).Error; err != nil {
|
|
return err
|
|
}
|
|
if cnt > 0 {
|
|
return nil
|
|
}
|
|
rows := []TrapDictionaryEntry{
|
|
{
|
|
Vendor: "H3C",
|
|
OID: "1.3.6.1.6.3.1.1.5.3",
|
|
OIDPrefix: "1.3.6.1.6.3.1.1.5.3",
|
|
Name: "H3C ifDown 接口中断",
|
|
Title: "ifDown 接口中断",
|
|
Description: "检测到设备接口状态变为 down。",
|
|
SeverityCode: "major",
|
|
SeverityMappingJSON: `{"down":"major","up":"info"}`,
|
|
ParseExpression: `(?i)(ifName|interface)=?(?P<interface>[A-Za-z0-9/._-]+)`,
|
|
RecoveryMessage: "请检查链路、端口状态和对端设备。",
|
|
Enabled: true,
|
|
},
|
|
{
|
|
Vendor: "H3C",
|
|
OID: "1.3.6.1.6.3.1.1.5.4",
|
|
OIDPrefix: "1.3.6.1.6.3.1.1.5.4",
|
|
Name: "H3C ifUp 接口恢复",
|
|
Title: "ifUp 接口恢复",
|
|
Description: "检测到设备接口状态恢复为 up。",
|
|
SeverityCode: "info",
|
|
SeverityMappingJSON: `{"up":"info"}`,
|
|
ParseExpression: `(?i)(ifName|interface)=?(?P<interface>[A-Za-z0-9/._-]+)`,
|
|
RecoveryMessage: "接口已恢复,请确认业务连通性。",
|
|
Enabled: true,
|
|
},
|
|
}
|
|
return db.Create(&rows).Error
|
|
}
|