vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-03 09:20:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixes issues with unexpected XXX alerts where impacted server was not reported

Browse source 
Added Lua getFlowProtoClientIP/getFlowProtoServerIP calls in flows
This commit is contained in:
Luca Deri 2020-11-25 15:51:08 +01:00
parent fbbbe4f4ad
commit 06161556ac
19 changed files with 143 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

17
scripts/plugins/alerts/security/unexpected_smtp/user_scripts/flow/unexpected_smtp.lua
View file

@ -49,7 +49,15 @@ function script.hooks.protocolDetected(now, conf)
if(table.len(conf.items) > 0) then
local ok = 0
local flow_info = flow.getInfo()
local server_ip = flow_info["srv.ip"]
local client_ip, server_ip
if(flow_info["cli.protocol_server"]) then
client_ip = flow_info["srv.ip"]
server_ip = flow_info["cli.ip"]
else
client_ip = flow_info["cli.ip"]
server_ip = flow_info["srv.ip"]
end
for _, smtp_ip in pairs(conf.items) do
if server_ip == smtp_ip then
@ -59,12 +67,7 @@ function script.hooks.protocolDetected(now, conf)
end
if ok == 0 then
local unexpected_smtp_type = flow_consts.status_types.status_unexpected_smtp.create(
server_ip,
flow_info["srv.ip"],
flow_info["cli.ip"]
)
local unexpected_smtp_type = flow_consts.status_types.status_unexpected_smtp.create(client_ip, server_ip)
alerts_api.trigger_status(unexpected_smtp_type, alert_consts.alert_severities.error, 0, 100, 100)
end
end