fix: Fix some bugs in the alert (#10176)

agent/utils/alert/alert.go

@@ -351,7 +351,7 @@ func CountRecentFailedLoginLogs(minutes uint, failCount uint) (int, bool, error)
 	if err != nil {
 		return 0, false, err
 	}
-	return int(count), int(count) > int(failCount), nil
+	return int(count), int(count) >= int(failCount), nil
 }
 
 func FindRecentSuccessLoginsNotInWhitelist(minutes int, whitelist []string) ([]model.LoginLog, error) {
@@ -381,7 +381,7 @@ func FindRecentSuccessLoginsNotInWhitelist(minutes int, whitelist []string) ([]m
 }
 
 func CountRecentFailedSSHLog(minutes uint, maxAllowed uint) (int, bool, error) {
-	lines, err := grepSSHLog("Failed password")
+	lines, err := grepSSHLog([]string{"Failed password", "Invalid user", "authentication failure"})
 	if err != nil {
 		return 0, false, err
 	}
@@ -402,11 +402,11 @@ func CountRecentFailedSSHLog(minutes uint, maxAllowed uint) (int, bool, error) {
 			count++
 		}
 	}
-	return count, count > int(maxAllowed), nil
+	return count, count >= int(maxAllowed), nil
 }
 
 func FindRecentSuccessLoginNotInWhitelist(minutes int, whitelist []string) ([]string, error) {
-	lines, err := grepSSHLog("Accepted password")
+	lines, err := grepSSHLog([]string{"Accepted password", "Accepted publickey"})
 	if err != nil {
 		return nil, err
 	}
@@ -452,35 +452,42 @@ func findGrepPath() (string, error) {
 	return path, nil
 }
 
-func grepSSHLog(keyword string) ([]string, error) {
+func grepSSHLog(keywords []string) ([]string, error) {
 	logFiles := []string{"/var/log/secure", "/var/log/auth.log"}
 	var results []string
+	seen := make(map[string]struct{})
+
 	grepPath, err := findGrepPath()
 	if err != nil {
-		panic(err)
+		return nil, fmt.Errorf("find grep failed: %w", err)
 	}
 
 	for _, logFile := range logFiles {
 		if _, err := os.Stat(logFile); err != nil {
 			continue
 		}
-		cmd := exec.Command(grepPath, "-a", keyword, logFile)
-		output, err := cmd.Output()
-		if err != nil {
-			var exitErr *exec.ExitError
-			if errors.As(err, &exitErr) {
-				if exitErr.ExitCode() == 1 {
-					continue
+		for _, keyword := range keywords {
+			cmd := exec.Command(grepPath, "-a", keyword, logFile)
+			output, err := cmd.Output()
+			if err != nil {
+				var exitErr *exec.ExitError
+				if errors.As(err, &exitErr) {
+					if exitErr.ExitCode() == 1 {
+						continue
+					}
 				}
+				return nil, fmt.Errorf("read log file fail [%s]: %w", logFile, err)
 			}
-			return nil, fmt.Errorf("read log file fail [%s]: %w", logFile, err)
-		}
 
-		lines := strings.Split(string(output), "\n")
-		for _, line := range lines {
-			line = strings.TrimSpace(line)
-			if line != "" {
-				results = append(results, line)
+			lines := strings.Split(string(output), "\n")
+			for _, line := range lines {
+				line = strings.TrimSpace(line)
+				if line != "" {
+					if _, exists := seen[line]; !exists {
+						results = append(results, line)
+						seen[line] = struct{}{}
+					}
+				}
 			}
 		}
 	}
@@ -490,12 +497,12 @@ func grepSSHLog(keyword string) ([]string, error) {
 
 func parseLogTime(line string) (time.Time, error) {
 	if len(line) < 15 {
-		return time.Time{}, errors.New("log line time is incorrect")
+		return time.Time{}, nil
 	}
 	timeStr := line[:15]
 	parsedTime, err := time.ParseInLocation("Jan 2 15:04:05", timeStr, time.Local)
 	if err != nil {
-		return time.Time{}, err
+		return time.Time{}, nil
 	}
 	return parsedTime.AddDate(time.Now().Year(), 0, 0), nil
 }

frontend/src/views/setting/alert/dash/index.vue

@@ -63,6 +63,7 @@
                 <ComplexTable
                     :pagination-config="paginationConfig"
                     :data="data"
+                    :height-diff="380"
                     @sort-change="changeSort"
                     @search="search()"
                 >

frontend/src/views/setting/alert/dash/task/index.vue

@@ -272,8 +272,10 @@
                         v-if="ipTypes.includes(dialogData.rowData!.type)"
                         prop="count"
                     >
-                        <div class="flex items-center flex-row md:flex-nowrap flex-wrap justify-between gap-x-3 w-full">
-                            <el-form-item prop="cycle">
+                        <div
+                            class="flex items-center flex-row md:flex-nowrap sm:flex-nowrap flex-wrap justify-between gap-2 w-full"
+                        >
+                            <el-form-item prop="cycle" class="md:flex-1 sm:flex-1">
                                 <el-input v-model.number="dialogData.rowData!.cycle" :max="200">
                                     <template #append>{{ $t('commons.units.minute') }}</template>
                                 </el-input>
@@ -282,7 +284,7 @@
                             <span class="whitespace-nowrap input-help w-[4.5rem]">
                                 {{ $t('xpack.alert.loginFail') }}
                             </span>
-                            <el-form-item prop="count">
+                            <el-form-item prop="count" class="md:flex-1 sm:flex-1">
                                 <el-input v-model.number="dialogData.rowData!.count">
                                     <template #append>{{ $t('commons.units.time') }}</template>
                                 </el-input>
@@ -498,7 +500,11 @@ function checkSendCount(rule: any, value: any, callback: any) {
     if (value === '') {
         callback();
     }
-    if (dialogData.value.rowData.type === 'disk' || avgTypes.includes(dialogData.value.rowData.type)) {
+    if (
+        dialogData.value.rowData.type === 'disk' ||
+        avgTypes.includes(dialogData.value.rowData.type) ||
+        ipTypes.includes(dialogData.value.rowData.type)
+    ) {
         const regex = /^(?:[1-9]|[1-4][0-9]|50)$/;
         if (!regex.test(value)) {
             return callback(new Error(i18n.global.t('commons.rule.numberRange', [1, 50])));