alerts sync and rendering in app

Author: codeyourweb

config/docker-config/backend-entrypoint.sh

@@ -143,6 +143,40 @@ setup_symfony() {
 setup_symfony
 EOF
 
+echo "=== Setting up ElastAlert sync daemon ==="
+chmod +x /usr/local/bin/elastalert-sync-daemon.sh
+chown www-data:www-data /usr/local/bin/elastalert-sync-daemon.sh
+
+echo "Creating ElastAlert sync daemon script..."
+
+touch /var/log/elastalert-sync.log
+chown www-data:www-data /var/log/elastalert-sync.log
+
+cat > /tmp/elastalert-sync-daemon.sh << 'EOF'
+#!/bin/bash
+
+echo "$(date): Starting ElastAlert sync daemon"
+
+while true; do
+    echo "$(date): Running ElastAlert sync..."
+    
+    # Run the sync command from the correct directory
+    cd /var/www/html
+    if php bin/console app:alerts:sync --since="-1 minute" 2>&1; then
+        echo "$(date): Sync completed successfully"
+    else
+        echo "$(date): Sync failed with exit code $?"
+    fi
+    
+    # Wait 30 seconds before next sync
+    sleep 30
+done
+EOF
+
+chmod +x /tmp/elastalert-sync-daemon.sh
+echo "Starting ElastAlert sync daemon..."
+su -s /bin/bash www-data -c '/tmp/elastalert-sync-daemon.sh' &
+
 if [ "$APP_ENV" = "prod" ]; then
     echo "Starting PRODUCTION mode with Nginx + PHP-FPM..."
 

config/docker-config/elastalert-sync-daemon.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+while true; do
+    echo "[$(date)] Running ElastAlert sync..."
+    cd /var/www/html
+    /usr/local/bin/php bin/console app:elastalert:sync-alerts --since='-1 minute' >> /var/log/elastalert-sync.log 2>&1
+    if [ $? -eq 0 ]; then
+        echo "[$(date)] Sync completed successfully" >> /var/log/elastalert-sync.log
+    else
+        echo "[$(date)] Sync failed with exit code $?" >> /var/log/elastalert-sync.log
+    fi
+    sleep 30
+done

docker-compose.yml

@@ -47,6 +47,9 @@ services:
       - DATAMONITOR_SERVER_TOKEN=${SENTINELKIT_DATAMONITOR_SERVER_TOKEN}
       - CORS_ALLOW_ORIGIN=https://${SENTINELKIT_FRONTEND_HOSTNAME}
       - FLUENTBIT_SERVER_URL=http://sentinel-kit-server-fluentbit:24224
+      - ELASTICSEARCH_HOST=sentinel-kit-db-elasticsearch-es01:9200
+      - ELASTICSEARCH_USERNAME=elastic
+      - ELASTICSEARCH_SSL=true
       - ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD}
     volumes:
       - ./config/docker-config/backend-entrypoint.sh:/usr/local/bin/backend-entrypoint.sh:ro
@@ -70,6 +73,8 @@ services:
     depends_on:
       sentinel-kit-db-mysql:
         condition: service_healthy
+      sentinel-kit-db-elasticsearch-es01:
+        condition: service_healthy
 
   sentinel-kit-server-rules-scanner:
     container_name: sentinel-kit-server-rules-scanner

sentinel-kit_server_backend/.env

@@ -45,7 +45,8 @@ JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
 JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
 ###< lexik/jwt-authentication-bundle ###
 
-ELASTICSEARCH_HOST=sentinel-kit-db-elasticsearch
+ELASTICSEARCH_HOST=sentinel-kit-db-elasticsearch-es01:9200
 ELASTICSEARCH_PORT=9200
-ELASTICSEARCH_LOGIN=elastic
+ELASTICSEARCH_USERNAME=elastic
+ELASTICSEARCH_SSL=true
 #ELASTICSEARCH_PASSWORD=propagated by OS environment variable

sentinel-kit_server_backend/config/services.yaml

@@ -4,6 +4,10 @@
 # Put parameters here that don't need to change on each machine where the app is deployed
 # https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
 parameters:
+    elasticsearch.host: '%env(ELASTICSEARCH_HOST)%'
+    elasticsearch.username: '%env(ELASTICSEARCH_USERNAME)%'
+    elasticsearch.password: '%env(ELASTICSEARCH_PASSWORD)%'
+    elasticsearch.ssl: '%env(bool:ELASTICSEARCH_SSL)%'
 
 services:
     # default configuration for services in *this* file

sentinel-kit_server_backend/src/Command/ElastalertSyncAlertsCommand.php

@@ -0,0 +1,134 @@
+<?php
+
+namespace App\Command;
+
+use App\Service\ElastalertSyncService;
+use Symfony\Component\Console\Attribute\AsCommand;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Style\SymfonyStyle;
+
+#[AsCommand(
+    name: 'app:alerts:sync',
+    description: 'ElastAlert synchronization with the Alert entity'
+)]
+class ElastalertSyncAlertsCommand extends Command
+{
+    private ElastalertSyncService $elastalertSyncService;
+
+    public function __construct(ElastalertSyncService $elastalertSyncService)
+    {
+        parent::__construct();
+        $this->elastalertSyncService = $elastalertSyncService;
+    }
+
+    protected function configure(): void
+    {
+        $this
+            ->addOption(
+                'since',
+                's',
+                InputOption::VALUE_REQUIRED,
+                'Synchronize alerts since this date (format: Y-m-d H:i:s or -1 hour, -1 day, etc.)',
+                '-1 hour'
+            )
+            ->addOption(
+                'stats',
+                null,
+                InputOption::VALUE_NONE,
+                'Show statistics only without synchronizing'
+            )
+            ->setHelp('
+This command synchronizes ElastAlert alerts with the backend Alert entity.
+
+Examples:
+  app:elastalert:sync-alerts --stats
+  app:elastalert:sync-alerts --since="-5 minutes"
+  app:elastalert:sync-alerts --since "2024-12-03 10:00:00"
+  app:elastalert:sync-alerts -s "-1 hour" --stats
+            ');
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $io = new SymfonyStyle($input, $output);
+        $sinceOption = $input->getOption('since');
+        $showStatsOnly = $input->getOption('stats');
+
+        try {
+            if (str_starts_with($sinceOption, '-')) {
+                $since = new \DateTime($sinceOption);
+            } else {
+                $since = new \DateTime($sinceOption);
+            }
+        } catch (\Exception $e) {
+            $io->error('Invalid date format: ' . $sinceOption);
+            return Command::FAILURE;
+        }
+
+        $io->title('Sync ElastAlert alerts');
+        $io->info('Time: since ' . $since->format('Y-m-d H:i:s'));
+
+        if ($showStatsOnly) {
+            return $this->showStats($io, $since);
+        }
+
+        $io->section('Synchronization in progress...');
+        $stats = $this->elastalertSyncService->syncElastalertAlerts($since);
+
+        $io->section('Synchronization results');
+        $io->definitionList(
+            ['Processed' => $stats['processed']],
+            ['Created alerts' => '<fg=green>' . $stats['created'] . '</>'],
+            ['Ignored alerts (already existing)' => '<fg=yellow>' . $stats['skipped'] . '</>'],
+            ['Errors' => $stats['errors'] > 0 ? '<fg=red>' . $stats['errors'] . '</>' : $stats['errors']]
+        );
+
+        if ($stats['errors'] > 0) {
+            $io->warning('Errors were encountered. Check the logs for more details.');
+            return Command::FAILURE;
+        }
+
+        if ($stats['created'] > 0 || $stats['processed'] > 0) {
+            $io->success('Synchronization completed successfully!');
+        } else {
+            $io->info('No new alerts to synchronize.');
+        }
+
+        return Command::SUCCESS;
+    }
+
+    private function showStats(SymfonyStyle $io, \DateTime $since): int
+    {
+        $io->section('Alert statistics');
+        
+        try {
+            $stats = $this->elastalertSyncService->getAlertStats($since);
+            
+            $io->info('Total synchronized alerts: ' . $stats['total_alerts']);
+            
+            if (!empty($stats['alerts_by_rule'])) {
+                $io->section('Alerts by rule');
+                $tableData = [];
+                foreach ($stats['alerts_by_rule'] as $rule) {
+                    $tableData[] = [$rule['rule_title'], $rule['alert_count']];
+                }
+                
+                $io->table(
+                    ['Rule', 'Number of alerts'],
+                    $tableData
+                );
+            } else {
+                $io->info('No alerts found for this period.');
+            }
+            
+        } catch (\Exception $e) {
+            $io->error('Error retrieving statistics: ' . $e->getMessage());
+            return Command::FAILURE;
+        }
+
+        return Command::SUCCESS;
+    }
+}