Alarm grouping

[bmfmancini]

This pull request introduces a major new feature to the syslog plugin: the ability to group duplicate syslog messages in the UI, making it easier to review and analyze large volumes of similar log entries. It also adds new agent templates for code quality, PHP development, and MySQL/MariaDB database administration, and includes minor documentation and style improvements.

Syslog Plugin: Message Grouping Feature

• Added a "Grouped Messages" display option to the syslog UI, allowing users to view duplicate messages as single grouped entries with occurrence counts, first/last timestamps, and sequence lists. This includes UI controls, backend query logic, and correct row counting for pagination. [1] [2] [3] [4] [5] [6] [7] [8] [9]
• Enhanced table row rendering by adding a syslog-detail-row class for improved styling and hover effects. [1] [2]

Documentation and Developer Experience

• Added links to Cacti main repository and documentation in the syslog plugin instructions for easier developer onboarding. [1] [2]

Agent Templates

• Introduced new custom GitHub agent templates for:
  • Code Quality Specialist, focusing on code standards, refactoring, and maintainability. (.github/ISSUE_TEMPLATE/agents/code-quality.agent.md)
  • PHP Developer, with emphasis on PSR-12, modern PHP, and Cacti integration. (.github/ISSUE_TEMPLATE/agents/php-devloper.agent.md)
  • MySQL/MariaDB Database Administrator, including best practices and Cacti DB function references. (.github/ISSUE_TEMPLATE/agents/mysql-mariadb.agent.md)

[Copilot]

Pull request overview

This pull request introduces a significant new feature to the syslog plugin enabling message grouping in the UI, along with new GitHub agent templates for development assistance and minor documentation improvements.

Key Changes:

• Adds message grouping functionality to aggregate duplicate syslog entries with occurrence counts, timestamps, and expandable detail views
• Introduces three new GitHub agent templates for code quality, PHP development, and MySQL/MariaDB administration
• Updates documentation with links to main Cacti repository and resources

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated 27 comments.

Show a summary per file

File	Description
syslog.php	Implements core grouping feature with SQL queries, UI controls, row counting logic, and JavaScript expand/collapse functionality
syslog.css	Adds styling for group toggle icons and detail row hover effects
functions.php	Modifies syslog_row_color to return severity class and add syslog-detail-row class
.gitignore	Removes .git* pattern exclusion
.github/ISSUE_TEMPLATE/copilot-instructions.md	Adds documentation links and clarifies syslog reception workflow
.github/ISSUE_TEMPLATE/agents/php-devloper.agent.md	New agent template for PHP development assistance
.github/ISSUE_TEMPLATE/agents/mysql-mariadb.agent.md	New agent template for database administration
.github/ISSUE_TEMPLATE/agents/code-quality.agent.md	New agent template for code quality assurance

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Missing space after '##' in the heading. Should be '## Web documentation'.

Suggested change

	##web documentation
	## Web documentation

[Copilot]

Typo in 'Custom' - should be lowercase 'custom' to maintain consistency with the description format in other agent files.

Suggested change

	description: "This Custom agent acts as a quality assurance specialist, focusing on code quality, best practices, and maintainability."
	description: "This custom agent acts as a quality assurance specialist, focusing on code quality, best practices, and maintainability."

[Copilot]

Extra space before the period in 'effectively .' - should be 'effectively.'

Suggested change

	You are a Code Quality Specialist agent. Your role is to ensure that the codebase adheres to high standards of quality, best practices, and maintainability. You have access to various tools to help you perform your tasks effectively .
	You are a Code Quality Specialist agent. Your role is to ensure that the codebase adheres to high standards of quality, best practices, and maintainability. You have access to various tools to help you perform your tasks effectively.

[Copilot]

The WHERE clause in this query uses raw seq values from the seq_list without prepared statement parameters. While array_map('intval', ...) provides type casting protection, this pattern should ideally use prepared statements for consistency with database best practices. Consider using syslog_db_fetch_assoc_prepared instead.

Suggested change

	// Get individual messages for this group
	$detail_messages = syslog_db_fetch_assoc("SELECT syslog.*, syslog_programs.program
	FROM `" . $syslogdb_default . "`.`" . (($sm['mtype'] == 'main') ? 'syslog' : 'syslog_removed') . "` AS syslog
	LEFT JOIN `" . $syslogdb_default . "`.`syslog_programs`
	ON syslog.program_id=syslog_programs.program_id
	WHERE syslog.seq IN (" . implode(',', array_map('intval', $seq_array)) . ")
	ORDER BY syslog.logtime DESC");
	$seq_array = array_map('intval', $seq_array);
	// Get individual messages for this group using a prepared statement
	if (!empty($seq_array)) {
	$placeholders = implode(',', array_fill(0, count($seq_array), '?'));
	$sql = "SELECT syslog.*, syslog_programs.program
	FROM `" . $syslogdb_default . "`.`" . (($sm['mtype'] == 'main') ? 'syslog' : 'syslog_removed') . "` AS syslog
	LEFT JOIN `" . $syslogdb_default . "`.`syslog_programs`
	ON syslog.program_id=syslog_programs.program_id
	WHERE syslog.seq IN (" . $placeholders . ")
	ORDER BY syslog.logtime DESC";
	$detail_messages = syslog_db_fetch_assoc_prepared($sql, $seq_array);
	} else {
	$detail_messages = array();
	}

[Copilot]

The CONCAT function with pipe delimiters for counting distinct groups could produce incorrect counts if the message text contains the pipe character '|'. This would cause messages to be grouped incorrectly. Consider using CONCAT_WS with a null byte separator or a multi-column COUNT DISTINCT approach if the database supports it.

[Copilot]

This complex nested query structure with multiple branching paths (grouping on/off, removal values -1/0/1) creates significant code duplication and maintainability challenges. The same SQL construction logic is repeated multiple times with minor variations. Consider extracting common query building logic into helper functions or using a query builder pattern to reduce duplication and make the code more maintainable.

[Copilot]

Similar to the query construction, the row counting logic duplicates significant SQL construction for grouping/non-grouping cases and removal filter values. This duplication makes it harder to maintain consistency between the query and count logic. Consider consolidating this with the query building logic to ensure they stay in sync.

[Copilot]

The link URL has 'www.github.com' which is incorrect - GitHub's documentation is at 'github.com' without the 'www' subdomain. The correct URL should be https://github.com/Cacti/documentation.

Suggested change

	- [Cacti Documentation](https://www.github.com/Cacti/documentation)
	- [Cacti Documentation](https://github.com/Cacti/documentation)

[Copilot]

Missing space after the heading '##' in 'Sample design patternsHere'. Should be '## Sample design patterns' with 'Here are...' on a new line or with proper spacing.

[Copilot]

The new grouped message detail rows render database fields like logtime, host, program, message, facility, and priority directly into <td> elements without HTML-escaping, e.g. filter_value(title_trim($dm[$syslog_incoming_config['textField']], ...), get_request_var('rfilter')) is printed raw. Because syslog message and related fields originate from syslog traffic and can contain attacker-controlled content (including HTML/JS), expanding a grouped row can result in stored XSS in the browser. To mitigate this, ensure all untrusted fields in these detail rows are passed through html_escape (or an equivalent encoding) before output, or reuse the same safe rendering helper used for the main syslog table rows so that any HTML metacharacters are properly encoded.

Suggested change

	print "<td class='left' style='padding-left:30px;'>" . $dm['logtime'] . "</td>";
	print "<td class='left'>" . (isset($hosts[$dm['host_id']]) ? $hosts[$dm['host_id']] : __('Unknown', 'syslog')) . "</td>";
	print "<td class='left'>" . $dm['program'] . "</td>";
	print "<td class='left syslogMessage'>" . filter_value(title_trim($dm[$syslog_incoming_config['textField']], get_request_var_request('trimval')), get_request_var('rfilter')) . "</td>";
	print "<td class='left'>" . (isset($facilities[$dm['facility_id']]) ? $facilities[$dm['facility_id']] : __('Unknown', 'syslog')) . "</td>";
	print "<td class='left'>" . (isset($priorities[$dm['priority_id']]) ? $priorities[$dm['priority_id']] : __('Unknown', 'syslog')) . "</td>";
	print "<td class='left' style='padding-left:30px;'>" . html_escape($dm['logtime']) . "</td>";
	print "<td class='left'>" . (isset($hosts[$dm['host_id']]) ? html_escape($hosts[$dm['host_id']]) : __('Unknown', 'syslog')) . "</td>";
	print "<td class='left'>" . html_escape($dm['program']) . "</td>";
	print "<td class='left syslogMessage'>" . filter_value(title_trim(html_escape($dm[$syslog_incoming_config['textField']]), get_request_var_request('trimval')), get_request_var('rfilter')) . "</td>";
	print "<td class='left'>" . (isset($facilities[$dm['facility_id']]) ? html_escape($facilities[$dm['facility_id']]) : __('Unknown', 'syslog')) . "</td>";
	print "<td class='left'>" . (isset($priorities[$dm['priority_id']]) ? html_escape($priorities[$dm['priority_id']]) : __('Unknown', 'syslog')) . "</td>";