Feature - Resolve syslog IP against cacti Hosts (#243)

* agents

* Update copilot-instructions.md

* correct filename spelling

* Allow for resolving syslog device ip against cacti hosts table

Some devices dont send the device name as the hostname for syslog instead they send the IP
This feature will allow for resolving the IP against the cacti host table  as the device may not be in DNS

* Update .github/ISSUE_TEMPLATE/agents/mysql-mariadb.agent.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update .github/ISSUE_TEMPLATE/agents/mysql-mariadb.agent.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update functions.php

* Consolodate setting

Update the flow as follows

1) If we recive a host check DNS
2.) if the IP is not in DNS check the cacti host table
3.) Mark as invalid if we cant find it

* update friendly name

* Update functions.php

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update .github/ISSUE_TEMPLATE/agents/mysql-mariadb.agent.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update .github/ISSUE_TEMPLATE/copilot-instructions.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* update the host validation logic

Dont just mark the device as invalid
instead pass the  original sent hostname/ip and log  that it could not be resolved

* Update to Hostname resolution logic

1.) Provide a way to disable dns resolution if your hosts are not in DNS
2.) Prefix an invalid hostname with unresolved-original_hostname for better traceability

* Group host discovery options together

* Allow for no DNS option to be disabled

Allow for the check against cacti to continue

* Fix  logic issue when dns  lookup is disabled

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: bmfmancini

functions.php

@@ -1495,7 +1495,7 @@ function syslog_process_alert($alert, $sql, $params, $count, $hostname = '') {
 					/**
 					 * Open a ticket if this options have been selected.
 					 */
-					$command = read_config_option('syslog_ticket_command');
+					 $command = read_config_option('syslog_ticket_command');
 
 					if ($command != '') {
 						$command = trim($command);
@@ -1765,6 +1765,46 @@ function syslog_strip_incoming_domains($uniqueID) {
 	}
 }
 
+
+
+
+/**
+ * Check if the hostname is in the cacti hosts table
+ * Some devices only send IP addresses in syslog messages, and may not be in the DNS
+ * however they may be in the cacti hosts table as monitored devices.
+ * 
+ * @param  (string) The hostname to check
+ * @param  (int) The unique id for syslog_incoming messages to process
+ * 
+ * @return (bool) True if the host exists in the Cacti database, false otherwise
+ */
+
+function syslog_check_cacti_hosts($host, $uniqueID) {
+	global $syslogdb_default;
+
+	if (empty($host)) {
+		return false;
+	}
+
+	// Check if the host exists in cacti by hostname and get the description
+	$cacti_host = db_fetch_row_prepared('SELECT DISTINCT description
+		FROM host
+		WHERE hostname = ?
+		LIMIT 1',
+		array($host));
+
+	if (cacti_sizeof($cacti_host) && !empty($cacti_host['description'])) {
+		syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . '`.`syslog_incoming`
+			SET host = ?
+			WHERE host = ?
+			AND `status` = ?',
+			array($cacti_host['description'], $host, $uniqueID));
+		
+		return true;
+	}
+	
+	return false;
+}
 /**
  * syslog_update_reference_tables - There are many values in the syslog plugin
  *   that for the purposes of reducing the size of the syslog table are normalized
@@ -1784,20 +1824,45 @@ function syslog_update_reference_tables($uniqueID) {
 	syslog_debug('-------------------------------------------------------------------------------------');
 	syslog_debug('Updating Reference Tables from New Syslog Records');
 
-	/* correct for invalid hosts */
-	if (read_config_option('syslog_validate_hostname') == 'on') {
-		$hosts = syslog_db_fetch_assoc('SELECT DISTINCT host
-			FROM `' . $syslogdb_default . '`.`syslog_incoming`');
-
-		foreach($hosts as $host) {
-			if ($host['host'] == gethostbyname($host['host'])) {
-				syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . "`.`syslog_incoming`
-					SET host = 'invalid_host'
-					WHERE host = ?",
-					array($host['host']));
-			}
-		}
-	}
+	/* Validate and resolve hostnames - check DNS first, then Cacti, then mark invalid */
+    if (read_config_option('syslog_resolve_hostname') == 'on') {
+        $hosts = syslog_db_fetch_assoc_prepared('SELECT DISTINCT host
+            FROM `' . $syslogdb_default . '`.`syslog_incoming`
+            WHERE `status` = ?',
+            array($uniqueID));
+
+        foreach($hosts as $host) {
+            if (!isset($host['host']) || empty($host['host'])) {
+                continue;
+            }
+            
+            $resolved = false;
+            
+            // Check if hostname resolves via DNS (only if DNS is enabled)
+            if (read_config_option('syslog_no_dns') != 'on') {
+                if ($host['host'] != gethostbyname($host['host'])) {
+                    // DNS resolved successfully
+                    $resolved = true;
+                }
+            }
+            
+            // Check if hostname exists in Cacti hosts table (only if not already resolved via DNS)
+            if (!$resolved) {
+                $resolved = syslog_check_cacti_hosts($host['host'], $uniqueID);
+            }
+            
+            // If not resolved via DNS or found in Cacti, prefix the hostname
+            if (!$resolved) {
+                $unresolved_host = 'unresolved-' . $host['host'];
+                cacti_log("SYSLOG WARNING: Hostname '" . $host['host'] . "' could not be resolved via DNS or found in Cacti hosts table, marking as '" . $unresolved_host . "'", false, 'SYSLOG');
+                syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . "`.`syslog_incoming`
+                    SET host = ?
+                    WHERE host = ?
+                    AND `status` = ?",
+                    array($unresolved_host, $host['host'], $uniqueID));
+            }
+        }
+    }
 
 	syslog_db_execute_prepared('INSERT INTO `' . $syslogdb_default . '`.`syslog_programs`
 		(program, last_updated)

setup.php

@@ -1138,12 +1138,6 @@ function syslog_config_settings() {
 			'size' => 80,
 			'max_length' => 255,
 		),
-		'syslog_validate_hostname' => array(
-			'friendly_name' => __('Validate Hostnames', 'syslog'),
-			'description' => __('If this checkbox is set, all hostnames are validated.  If the hostname is not valid. All records are assigned to a special host called \'invalidhost\'.  This setting can impact syslog processing time on large systems.  Therefore, use of this setting should only be used when other means are not in place to prevent this from happening.', 'syslog'),
-			'method' => 'checkbox',
-			'default' => ''
-		),
 		'syslog_refresh' => array(
 			'friendly_name' => __('Refresh Interval', 'syslog'),
 			'description' => __('This is the time in seconds before the page refreshes.', 'syslog'),
@@ -1173,6 +1167,23 @@ function syslog_config_settings() {
 			'size' => 80
 		),
 		'syslog_html_header' => array(
+			'friendly_name' => __('Host Discovery Options', 'syslog'),
+			'method' => 'spacer',
+			'collapsible' => 'true'
+		),
+		'syslog_resolve_hostname' => array(
+			'friendly_name' => __('Enable Hostname Resolution', 'syslog'),
+			'description' => __('If this checkbox is set, all hostnames are resolved via DNS lookup first (If enabled). If the DNS lookup fails, the system will attempt to resolve the hostname against the Cacti host table and replace it with the Cacti host description. If both DNS and Cacti lookups fail, records are assigned a prefix \'unresolved-Original_hostname\'.', 'syslog'),
+			'method' => 'checkbox',
+			'default' => ''
+		),
+		'syslog_no_dns' => array(
+			'friendly_name' => __('Skip DNS Resolution for incoming hosts', 'syslog'),
+			'description' => __('If this checkbox is set, the system will not attempt to resolve hosts via DNS lookups.  This is useful for environments where DNS resolution is not possible or not desired.', 'syslog'),
+			'method' => 'checkbox',
+			'default' => ''
+		),
+		'syslog_html_notification_header' => array(
 			'friendly_name' => __('HTML Notification Settings', 'syslog'),
 			'method' => 'spacer',
 			'collapsible' => 'true'