diff --git a/include/AlertsManager.h b/include/AlertsManager.h
index a62ef8b940..5fb527190c 100644
--- a/include/AlertsManager.h
+++ b/include/AlertsManager.h
@@ -74,7 +74,11 @@ class AlertsManager : protected StoreManager {
   int getAlerts(lua_State* vm, patricia_tree_t *allowed_hosts,
 		u_int32_t start_offset, u_int32_t end_offset,
 		bool engaged, const char *sql_where_clause);
+  int getFlowAlerts(lua_State* vm, patricia_tree_t *allowed_hosts,
+		    u_int32_t start_offset, u_int32_t end_offset,
+		    const char *sql_where_clause);
   int getNumAlerts(bool engaged, const char *sql_where_clause);
+  int getNumFlowAlerts(const char *sql_where_clause);
 
   /* private methods to check the goodness of submitted inputs and possible return the input database string */
   bool isValidHost(Host *h, char *host_string, size_t host_string_len);
@@ -132,13 +136,14 @@ class AlertsManager : protected StoreManager {
   /*
     ========== FLOW alerts API =========
    */
-  int storeFlowAlert(Flow *f, AlertType alert_type, AlertLevel alert_severity, const char *alert_json,
-		     Host *alert_origin, Host *alert_target);
-  inline int storeFlowAlert(Flow *f, AlertType alert_type, AlertLevel alert_severity, const char *alert_json) {
-    return storeFlowAlert(f, alert_type, alert_severity, alert_json, NULL, NULL);
+  int storeFlowAlert(Flow *f, AlertType alert_type, AlertLevel alert_severity, const char *alert_json);
+  inline int getFlowAlerts(lua_State* vm, patricia_tree_t *allowed_hosts,
+			   u_int32_t start_offset, u_int32_t end_offset) {
+    return getFlowAlerts(vm, allowed_hosts, start_offset, end_offset, NULL);
+  };
+  inline int getNumFlowAlerts() {
+    return getNumFlowAlerts(NULL);
   };
-
-
   /*
     ========== NETWORK alerts API ======
    */
@@ -183,7 +188,7 @@ class AlertsManager : protected StoreManager {
     return engaged ? num_alerts_engaged : num_alerts_stored;
   };
   inline void refreshCachedNumAlerts() {
-    num_alerts_stored  = getNumAlerts(false, static_cast<char*>(NULL));
+    num_alerts_stored  = getNumAlerts(false, static_cast<char*>(NULL)) + getNumFlowAlerts(NULL);
     num_alerts_engaged = getNumAlerts(true,  static_cast<char*>(NULL));
   };
   inline int getNumAlerts(bool engaged) {
@@ -198,6 +203,7 @@ class AlertsManager : protected StoreManager {
   /*
     ========== delete API ======
    */
+  int deleteFlowAlerts(const int *rowid);
   int deleteAlerts(bool engaged, const int *rowid);
   int deleteAlerts(bool engaged, AlertEntity alert_entity, const char *alert_entity_value);
   int deleteAlerts(bool engaged, AlertEntity alert_entity, const char *alert_entity_value, AlertType alert_type);
diff --git a/include/Flow.h b/include/Flow.h
index bef6a53cd5..dd3e93a97c 100644
--- a/include/Flow.h
+++ b/include/Flow.h
@@ -212,7 +212,9 @@ class Flow : public GenericHashEntry {
   char* serialize(bool partial_dump = false, bool es_json = false);
   json_object* flow2json(bool partial_dump);
   json_object* flow2es(json_object *flow_object);
-  inline u_int8_t getTcpFlags() { return(src2dst_tcp_flags | dst2src_tcp_flags);  };
+  inline u_int8_t getTcpFlags()        { return(src2dst_tcp_flags | dst2src_tcp_flags);  };
+  inline u_int8_t getTcpFlagsCli2Srv() { return(src2dst_tcp_flags);                      };
+  inline u_int8_t getTcpFlagsSrv2Cli() { return(dst2src_tcp_flags);                      };
   bool isPassVerdict();
   void setDropVerdict()         { passVerdict = false; };
   u_int32_t getPid(bool client);
@@ -265,6 +267,8 @@ class Flow : public GenericHashEntry {
   inline u_int64_t get_bytes_srv2cli()            { return(srv2cli_bytes);                   };
   inline u_int64_t get_goodput_bytes()            { return(cli2srv_goodput_bytes+srv2cli_goodput_bytes);     };
   inline u_int64_t get_packets()                  { return(cli2srv_packets+srv2cli_packets); };
+  inline u_int64_t get_packets_cli2srv()          { return(cli2srv_packets);                 };
+  inline u_int64_t get_packets_srv2cli()          { return(srv2cli_packets);                 };
   inline u_int64_t get_partial_bytes()            { return(get_bytes() - (last_db_dump.cli2srv_bytes+last_db_dump.srv2cli_bytes));       };
   inline u_int64_t get_partial_bytes_cli2srv()    { return(cli2srv_bytes - last_db_dump.cli2srv_bytes);       };
   inline u_int64_t get_partial_bytes_srv2cli()    { return(srv2cli_bytes - last_db_dump.srv2cli_bytes);       };
diff --git a/include/ntop_defines.h b/include/ntop_defines.h
index fe02ac869d..1e5473ee4f 100644
--- a/include/ntop_defines.h
+++ b/include/ntop_defines.h
@@ -511,6 +511,7 @@
 #define STORE_MANAGER_MAX_KEY                20
 #define ALERTS_MANAGER_MAX_ENTITY_ALERTS     1024
 #define ALERTS_MANAGER_TABLE_NAME            "closed_alerts"
+#define ALERTS_MANAGER_FLOWS_TABLE_NAME      "flows_alerts"
 #define ALERTS_MANAGER_ENGAGED_TABLE_NAME    "engaged_alerts"
 #define ALERTS_MANAGER_STORE_NAME            "alerts_v2.db"
 #define ALERTS_MANAGER_QUEUE_NAME            "ntopng.alerts.ifid_%i.queue"
diff --git a/scripts/lua/get_alerts_data.lua b/scripts/lua/get_alerts_data.lua
index 5beff32d0c..0c7e30978b 100644
--- a/scripts/lua/get_alerts_data.lua
+++ b/scripts/lua/get_alerts_data.lua
@@ -41,7 +41,10 @@ local num_alerts
 if _GET["entity"] == "host" then
    alerts = interface.getAlerts(initial_idx, perPage, engaged, "host", _GET["entity_val"])
    num_alerts = interface.getNumAlerts(engaged, "host", _GET["entity_val"])
-else
+elseif status == "historical-flows" then
+   alerts = interface.getFlowAlerts(initial_idx, perPage)
+   num_alerts = interface.getNumFlowAlerts()
+else --if status == "historical" then
    alerts = interface.getAlerts(initial_idx, perPage, engaged)
    num_alerts = interface.getNumAlerts(engaged)
 end
@@ -58,8 +61,18 @@ for _key,_value in ipairs(alerts) do
    if(total > 0) then print(",\n") end
 
    alert_id        = _value["rowid"]
-   alert_entity    = alertEntityLabel(_value["alert_entity"])
-   alert_entity_val= _value["alert_entity_val"]
+   if _value["alert_entity"] ~= nil then
+      alert_entity    = alertEntityLabel(_value["alert_entity"])
+   else
+      alert_entity = "flow" -- flow alerts page doesn't have an entity
+   end
+   if _value["alert_entity_val"] ~= nil then
+      alert_entity_val = _value["alert_entity_val"]
+   else
+      alert_entity_val = ""
+   end
+--   tprint(alert_entity)
+--   tprint(alert_entity_val)
    column_date     = os.date("%c", _value["alert_tstamp"])
    if tonumber(_value["alert_tstamp_end"]) ~= nil then
       local duration = secondsToTime(tonumber(_value["alert_tstamp_end"]) - tonumber(_value["alert_tstamp"]))
@@ -69,7 +82,7 @@ for _key,_value in ipairs(alerts) do
    column_type     = alertTypeLabel(tonumber(_value["alert_type"]))
    column_msg      = _value["alert_json"]
 
-   column_id = "<form class=form-inline style='margin-bottom: 0px;' method=get>"
+   column_id = "<form class=form-inline style='margin-bottom: 0px;' method=GET>"
    if _GET["ifname"] ~= nil and _GET["ifname"] ~= "" then
       column_id = column_id.."<input type=hidden name=ifname value=".._GET["ifname"]..">"
    end
@@ -82,7 +95,7 @@ for _key,_value in ipairs(alerts) do
    if _GET["page"] ~= nil and _GET["page"] ~= "" then
       column_id = column_id.."<input type=hidden name=page value=".._GET["page"]..">"
    end
-   column_id = column_id.."<input type=hidden name=id_to_delete value="..alert_id.."><input type=hidden name=currentPage value=".. currentPage .."><input type=hidden name=perPage value=".. perPage .."><input type=hidden name=engaged value="..tostring(engaged).."><input type=hidden name=alerts_impl value="..tostring(alertsImpl).."><button class='btn btn-default btn-xs' type='submit'><input id=csrf name=csrf type=hidden value='"..ntop.getRandomCSRFValue().."' /><i type='submit' class='fa fa-trash-o'></i></button></form>"
+   column_id = column_id.."<input type=hidden name=id_to_delete value="..alert_id.."><input type=hidden name=currentPage value=".. currentPage .."><input type=hidden name=perPage value=".. perPage .."><input type=hidden name=status value="..tostring(status).."><input type=hidden name=alerts_impl value="..tostring(alertsImpl).."><button class='btn btn-default btn-xs' type='submit'><input id=csrf name=csrf type=hidden value='"..ntop.getRandomCSRFValue().."' /><i type='submit' class='fa fa-trash-o'></i></button></form>"
 
    print('{ "column_key" : "'..column_id..'", "column_date" : "'..column_date..'", "column_severity" : "'..column_severity..'", "column_type" : "'..column_type..'", "column_msg" : "'..column_msg..'", "column_entity":"'..alert_entity..'", "column_entity_val":"'..alert_entity_val..'" }')
 
diff --git a/scripts/lua/host_details.lua b/scripts/lua/host_details.lua
index 0c1eb2704d..a52cbe38d5 100644
--- a/scripts/lua/host_details.lua
+++ b/scripts/lua/host_details.lua
@@ -1981,7 +1981,7 @@ if num_alerts > 0 or num_engaged_alerts > 0 then
    print("<a href=\""..ntop.getHttpPrefix().."/lua/host_details.lua?ifname="..ifId.."&"..hostinfo2url(host_info).."&page=alerts&tab=alert_list\">Detected Alerts</a></li>\n")
 else
    -- if there are no alerts, we show the first alert granularity configuration page
-   if(tab == nil) then tab = alerts_granularity[1][1] end
+   if(tab == nil or tab=="alert_list") then tab = alerts_granularity[1][1] end
 end
 
 for _,e in pairs(alerts_granularity) do
@@ -2065,7 +2065,7 @@ if tab == "alert_list" then
    _GET["host"] = host_ip
    _GET["vlan"] = host_vlan
    _GET["ifname"] = ifId
-   drawAlertTables(num_alerts, num_engaged_alerts, _GET)
+   drawAlertTables(num_alerts, num_engaged_alerts, 0, _GET)
 else
    print [[
     <table id="user" class="table table-bordered table-striped" style="clear: both"> <tbody>
diff --git a/scripts/lua/modules/alert_utils.lua b/scripts/lua/modules/alert_utils.lua
index 3ddf5055a0..454e4efbfb 100644
--- a/scripts/lua/modules/alert_utils.lua
+++ b/scripts/lua/modules/alert_utils.lua
@@ -658,14 +658,17 @@ function checkDeleteStoredAlerts()
 	       -- delete all existing alerts
 	       interface.deleteAlerts(true --[[ engaged --]])
 	       interface.deleteAlerts(false --[[ and not engaged --]])
+	       interface.deleteFlowAlerts()
 	    end
 	 else
 	    local id_to_delete = tonumber(_GET["id_to_delete"])
 	    if id_to_delete ~= nil then
-	       if _GET["engaged"] == "true" then
+	       if _GET["status"] == "engaged" then
 		  interface.deleteAlerts(true, id_to_delete)
-	       else
+	       elseif _GET["status"] == "historical" then
 		  interface.deleteAlerts(false, id_to_delete)
+	       elseif _GET["status"] == "historical-flows" then
+		  interface.deleteFlowAlerts(id_to_delete)
 	       end
 	    end
 	 end
@@ -675,17 +678,31 @@ end
 
 -- #################################
 
-function drawAlertTables(num_alerts, num_engaged_alerts, url_params)
+function drawAlertTables(num_alerts, num_engaged_alerts, num_flow_alerts, url_params)
    local alert_items = {}
 
+   print[[
+<br>
+<ul class="nav nav-tabs" role="tablist" id="alert-tabs">
+<!-- will be populated later with javascript -->
+</ul>
+
+<div class="tab-content">
+]]
+
+   local status = _GET["status"]
    if num_engaged_alerts > 0 then
-      alert_items[#alert_items + 1] = {["label"] = "Currently Engaged Alerts", ["div-id"] = "table-engaged-alerts",  ["status"] = "engaged", ["date"] = "First Seen"}
+      alert_items[#alert_items + 1] = {["label"] = "Engaged Alerts", ["div-id"] = "table-engaged-alerts",  ["status"] = "engaged", ["date"] = "First Seen"}
    end
 
    if num_alerts > 0 then
       alert_items[#alert_items +1] = {["label"] = "Alerts History", ["div-id"] = "table-alerts-history",  ["status"] = "historical", ["date"] = "Time"}
    end
 
+   if num_flow_alerts > 0 then
+      alert_items[#alert_items +1] = {["label"] = "Flow Alerts History", ["div-id"] = "table-flow-alerts-history",  ["status"] = "historical-flows", ["date"] = "Time"}
+   end
+
    local url_extra_params = ""
    if type(url_params) == "table" then
       for k, v in pairs(url_params) do
@@ -696,9 +713,22 @@ function drawAlertTables(num_alerts, num_engaged_alerts, url_params)
    end
 
    for k, t in ipairs(alert_items) do
+      local clicked = "0"
+      if (k == 1 and status == nil) or (status ~= nil and status == t["status"]) then
+	 clicked = "1"
+      end
       print [[
-      <div id="]] print(t["div-id"]) print[["></div>
-	 <script>
+      <div class="tab-pane fade in" id="tab-]] print(t["div-id"]) print[[">
+        <div id="]] print(t["div-id"]) print[["></div>
+      </div>
+
+      <script type="text/javascript">
+
+         $("#alert-tabs").append('<li><a href="#tab-]] print(t["div-id"]) print[[" clicked="]] print(clicked) print[[" role="tab" data-toggle="tab">]] print(t["label"]) print[[</a></li>')
+
+         $('a[href="#tab-]] print(t["div-id"]) print[["]').on('shown.bs.tab', function (e) {
+         // append the li to the tabs
+
 	 $("#]] print(t["div-id"]) print[[").datatable({
 			url: "]]
       print (ntop.getHttpPrefix())
@@ -706,8 +736,12 @@ function drawAlertTables(num_alerts, num_engaged_alerts, url_params)
 	       showPagination: true,
 ]]
 
-      if(_GET["currentPage"] ~= nil) then print("currentPage: ".._GET["currentPage"]..",\n") end
-      if(_GET["perPage"] ~= nil)     then print("perPage: ".._GET["perPage"]..",\n") end
+      if(_GET["currentPage"] ~= nil and status == t["status"]) then
+	 print("currentPage: ".._GET["currentPage"]..",\n")
+      end
+      if(_GET["perPage"] ~= nil and status == t["status"]) then
+	 print("perPage: ".._GET["perPage"]..",\n")
+      end
 
       print [[
 	        title: "]] print(t["label"]) print[[",
@@ -743,22 +777,6 @@ function drawAlertTables(num_alerts, num_engaged_alerts, url_params)
 	    }
 	 },
 
-	 {
-	    title: "Entity Type",
-	    field: "column_entity",
-	    css: { 
-	       textAlign: 'center'
-	    }
-	 },
-
-	 {
-	    title: "Entity Value",
-	    field: "column_entity_val",
-	    css: { 
-	       textAlign: 'center'
-	    }
-	 },
-
 	 {
 	    title: "Description",
 	    field: "column_msg",
@@ -768,15 +786,31 @@ function drawAlertTables(num_alerts, num_engaged_alerts, url_params)
 	 }
       ]
    });
+   });
    </script>
 	      ]]
 
    end
 
-   if (num_alerts > 0 or num_engaged_alerts > 0) then
-      print [[
 
-<a href="#myModal" role="button" class="btn btn-default" data-toggle="modal"><i type="submit" class="fa fa-trash-o"></i> Purge All Alerts</button></a>
+
+   if (num_alerts > 0 or num_flow_alerts > 0 or num_engaged_alerts > 0) then
+      -- trigger the click on the right tab to force table load
+      print[[
+<script type="text/javascript">
+$("[clicked=1]").trigger("click");
+</script>
+]]
+      
+      local entity = nil
+      if _GET["entity"] ~= nil and _GET["entity"] ~= "" then entity = _GET["entity"] end
+      local purge_msg = " Purge All "
+      if entity ~= nil and entity ~= "" then purge_msg = purge_msg..firstToUpper(entity).." " end
+      purge_msg = purge_msg.."Alerts"
+      print [[
+</div> <!-- closes tab-content -->
+
+<a href="#myModal" role="button" class="btn btn-default" data-toggle="modal"><i type="submit" class="fa fa-trash-o"></i>]] print(purge_msg) print[[</button></a>
  
 <!-- Modal -->
 <div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
@@ -803,8 +837,8 @@ function drawAlertTables(num_alerts, num_engaged_alerts, url_params)
 	    end
 	 end
       end
-      if _GET["entity"] ~= nil and _GET["entity"] ~= "" then
-	 print('<input name="entity" type="hidden" value="'.._GET["entity"]..'"/>\n')
+      if entity ~= nil and entity ~= "" then
+	 print('<input name="entity" type="hidden" value="'..entity..'"/>\n')
       end
       
       print [[
diff --git a/scripts/lua/show_alerts.lua b/scripts/lua/show_alerts.lua
index 9ffb5e2a7d..2631f0ddd0 100644
--- a/scripts/lua/show_alerts.lua
+++ b/scripts/lua/show_alerts.lua
@@ -20,17 +20,19 @@ dofile(dirs.installdir .. "/scripts/lua/inc/menu.lua")
 
 local num_alerts         = interface.getNumAlerts(false --[[ NOT engaged --]])
 local num_engaged_alerts = interface.getNumAlerts(true --[[ engaged --]])
+local num_flow_alerts    = interface.getNumFlowAlerts()
+
 if ntop.getPrefs().are_alerts_enabled == false then
    print("<div class=\"alert alert alert-warning\"><img src=".. ntop.getHttpPrefix() .. "/img/warning.png> Alerts are disabled. Please check the preferences page to enable them.</div>")
 --return
-elseif num_alerts == 0 and num_engaged_alerts == 0 then
+elseif num_alerts == 0 and num_flow_alerts == 0 and num_engaged_alerts == 0 then
    print("<div class=\"alert alert alert-info\"><img src=".. ntop.getHttpPrefix() .. "/img/info_icon.png> No recorded alerts so far for interface "..ifname.."</div>")
 else
 
    if ntop.isEnterprise() then
-      drawAlertStatsCharts()
+      -- drawAlertStatsCharts()
    end
-   drawAlertTables(num_alerts, num_engaged_alerts)
+   drawAlertTables(num_alerts, num_engaged_alerts, num_flow_alerts)
 
 end -- closes if ntop.getPrefs().are_alerts_enabled == false then
 
diff --git a/src/AlertsManager.cpp b/src/AlertsManager.cpp
index 6a7e9563a4..e572943327 100644
--- a/src/AlertsManager.cpp
+++ b/src/AlertsManager.cpp
@@ -59,7 +59,7 @@ AlertsManager::AlertsManager(int interface_id, const char *filename) : StoreMana
 /* **************************************************** */
 
 int AlertsManager::openStore() {
-  char create_query[STORE_MANAGER_MAX_QUERY];
+  char create_query[STORE_MANAGER_MAX_QUERY * 3];
   int rc;
 
   if(!store_initialized)
@@ -116,6 +116,69 @@ int AlertsManager::openStore() {
   rc = exec_query(create_query, NULL, NULL);
   m.unlock(__FILE__, __LINE__);
 
+  snprintf(create_query, sizeof(create_query),
+	   "CREATE TABLE IF NOT EXISTS %s ("
+	   "alert_tstamp     INTEGER NOT NULL, "
+	   "alert_type       INTEGER NOT NULL, "
+	   "alert_severity   INTEGER NOT NULL, "
+	   "alert_json       TEXT DEFAULT NULL, "
+	   "vlan_id          INTEGER NOT NULL DEFAULT 0, "
+	   "proto            INTEGER NOT NULL DEFAULT 0, "
+	   "l7_proto         INTEGER NOT NULL DEFAULT %u, "
+	   "first_switched   INTEGER NOT NULL DEFAULT 0, "
+	   "last_switched    INTEGER NOT NULL DEFAULT 0, "
+	   "cli_country      TEXT DEFAULT NULL, "
+	   "srv_country      TEXT DEFAULT NULL, "
+	   "cli_os           TEXT DEFAULT NULL, "
+	   "srv_os           TEXT DEFAULT NULL, "
+	   "cli_asn          TEXT DEFAULT NULL, "
+	   "srv_asn          TEXT DEFAULT NULL, "
+	   "cli_addr         TEXT DEFAULT NULL, "
+	   "srv_addr         TEXT DEFAULT NULL, "
+	   "cli_port         INTEGER NOT NULL DEFAULT 0, "
+	   "srv_port         INTEGER NOT NULL DEFAULT 0, "
+	   "cli2srv_bytes    INTEGER NOT NULL DEFAULT 0, "
+	   "srv2cli_bytes    INTEGER NOT NULL DEFAULT 0, "
+	   "cli2srv_packets  INTEGER NOT NULL DEFAULT 0, "
+	   "srv2cli_packets  INTEGER NOT NULL DEFAULT 0, "
+	   "cli2srv_tcpflags INTEGER DEFAULT NULL, "
+	   "srv2cli_tcpflags INTEGER DEFAULT NULL, "
+	   "cli_blacklisted  INTEGER NOT NULL DEFAULT 0, "
+	   "srv_blacklisted  INTEGER NOT NULL DEFAULT 0 "
+	   ");"
+	   "CREATE INDEX IF NOT EXISTS t3i_tstamp    ON %s(alert_tstamp); "
+	   "CREATE INDEX IF NOT EXISTS t3i_type      ON %s(alert_type); "
+	   "CREATE INDEX IF NOT EXISTS t3i_severity  ON %s(alert_severity); "
+	   "CREATE INDEX IF NOT EXISTS t3i_vlanid    ON %s(vlan_id); "
+	   "CREATE INDEX IF NOT EXISTS t3i_proto     ON %s(proto); "
+	   "CREATE INDEX IF NOT EXISTS t3i_l7proto   ON %s(l7_proto); "
+	   "CREATE INDEX IF NOT EXISTS t3i_fswitched ON %s(first_switched); "
+	   "CREATE INDEX IF NOT EXISTS t3i_lswitched ON %s(last_switched); "
+	   "CREATE INDEX IF NOT EXISTS t3i_ccountry  ON %s(cli_country); "
+	   "CREATE INDEX IF NOT EXISTS t3i_scountry  ON %s(srv_country); "
+	   "CREATE INDEX IF NOT EXISTS t3i_cos       ON %s(cli_os); "
+	   "CREATE INDEX IF NOT EXISTS t3i_sos       ON %s(srv_os); "
+	   "CREATE INDEX IF NOT EXISTS t3i_casn      ON %s(cli_asn); "
+	   "CREATE INDEX IF NOT EXISTS t3i_sasn      ON %s(srv_asn); "
+	   "CREATE INDEX IF NOT EXISTS t3i_caddr     ON %s(cli_addr); "
+	   "CREATE INDEX IF NOT EXISTS t3i_saddr     ON %s(srv_addr); "
+	   "CREATE INDEX IF NOT EXISTS t3i_cport     ON %s(cli_port); "
+	   "CREATE INDEX IF NOT EXISTS t3i_sport     ON %s(srv_port); ",
+	   ALERTS_MANAGER_FLOWS_TABLE_NAME,
+	   NDPI_PROTOCOL_UNKNOWN,
+	   ALERTS_MANAGER_FLOWS_TABLE_NAME, ALERTS_MANAGER_FLOWS_TABLE_NAME,
+	   ALERTS_MANAGER_FLOWS_TABLE_NAME, ALERTS_MANAGER_FLOWS_TABLE_NAME,
+	   ALERTS_MANAGER_FLOWS_TABLE_NAME, ALERTS_MANAGER_FLOWS_TABLE_NAME,
+	   ALERTS_MANAGER_FLOWS_TABLE_NAME, ALERTS_MANAGER_FLOWS_TABLE_NAME,
+	   ALERTS_MANAGER_FLOWS_TABLE_NAME, ALERTS_MANAGER_FLOWS_TABLE_NAME,
+	   ALERTS_MANAGER_FLOWS_TABLE_NAME, ALERTS_MANAGER_FLOWS_TABLE_NAME,
+	   ALERTS_MANAGER_FLOWS_TABLE_NAME, ALERTS_MANAGER_FLOWS_TABLE_NAME,
+	   ALERTS_MANAGER_FLOWS_TABLE_NAME, ALERTS_MANAGER_FLOWS_TABLE_NAME,
+	   ALERTS_MANAGER_FLOWS_TABLE_NAME, ALERTS_MANAGER_FLOWS_TABLE_NAME);
+  m.lock(__FILE__, __LINE__);
+  rc = exec_query(create_query, NULL, NULL);
+  m.unlock(__FILE__, __LINE__);
+
   return rc;
 }
 
@@ -689,6 +752,103 @@ int AlertsManager::storeAlert(AlertEntity alert_entity, const char *alert_entity
   return rc;  
 }
 
+/* **************************************************** */
+
+int AlertsManager::storeFlowAlert(Flow *f, AlertType alert_type, AlertLevel alert_severity, const char *alert_json) {
+  char query[STORE_MANAGER_MAX_QUERY];
+  sqlite3_stmt *stmt = NULL;
+  int rc = 0;
+  Host *cli, *srv;
+  char *cli_ip = NULL, *srv_ip = NULL;
+
+  if(!store_initialized || !store_opened || !f)
+    return -1;
+
+  cli = f->get_cli_host(), srv = f->get_srv_host();
+  if(cli && cli->get_ip() && (cli_ip = (char*)malloc(sizeof(char) * 256)))
+    cli->get_ip()->print(cli_ip, 256);
+  if(srv && srv->get_ip() && (srv_ip = (char*)malloc(sizeof(char) * 256)))
+    srv->get_ip()->print(srv_ip, 256);
+
+  /* TODO: implement check maximum for flow alerts
+  else if(check_maximum && isMaximumReached(alert_entity, alert_entity_value, false))
+    deleteOldestAlert(alert_entity, alert_entity_value, false);
+  */
+
+  /* This alert is being engaged */
+  snprintf(query, sizeof(query),
+	   "INSERT INTO %s "
+	   "(alert_tstamp, alert_type, alert_severity, alert_json, "
+	   "vlan_id, proto, l7_proto, first_switched, last_switched, "
+	   "cli_country, srv_country, cli_os, srv_os, cli_asn, srv_asn, "
+	   "cli_addr, srv_addr, cli_port, srv_port, "
+	   "cli2srv_bytes, srv2cli_bytes, "
+	   "cli2srv_packets, srv2cli_packets, "
+	   "cli2srv_tcpflags, srv2cli_tcpflags, cli_blacklisted, srv_blacklisted) "
+	   "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?); ",
+	   ALERTS_MANAGER_FLOWS_TABLE_NAME);
+
+  m.lock(__FILE__, __LINE__);
+
+  if(sqlite3_prepare(db, query, -1, &stmt, 0)) {
+    ntop->getTrace()->traceEvent(TRACE_ERROR, "Unable to prepare the statement for %s", query);
+    rc = 3;
+    goto out;
+  }
+
+  if(sqlite3_bind_int64(stmt, 1, static_cast<long int>(time(NULL)))
+     || sqlite3_bind_int(stmt,   2, (int)(alert_type))
+     || sqlite3_bind_int(stmt,   3, (int)(alert_severity))
+     || sqlite3_bind_text(stmt,  4, alert_json, -1, SQLITE_STATIC)
+     || sqlite3_bind_int(stmt,   5, f->get_vlan_id())
+     || sqlite3_bind_int(stmt,   6, f->get_protocol())
+     || sqlite3_bind_int(stmt,   7, f->get_detected_protocol().protocol)
+     || sqlite3_bind_int(stmt,   8, f->get_first_seen())
+     || sqlite3_bind_int(stmt,   9, f->get_last_seen())
+     || sqlite3_bind_text(stmt, 10, cli ? cli->get_country() : NULL, -1, SQLITE_STATIC)
+     || sqlite3_bind_text(stmt, 11, srv ? srv->get_country() : NULL, -1, SQLITE_STATIC)
+     || sqlite3_bind_text(stmt, 12, cli ? cli->get_os() : NULL, -1, SQLITE_STATIC)
+     || sqlite3_bind_text(stmt, 13, srv ? srv->get_os() : NULL, -1, SQLITE_STATIC)
+     || sqlite3_bind_int(stmt,  14, cli ? cli->get_asn() : 0)
+     || sqlite3_bind_int(stmt,  15, srv ? srv->get_asn() : 0)
+     || sqlite3_bind_text(stmt, 16, cli_ip, -1, SQLITE_STATIC)
+     || sqlite3_bind_text(stmt, 17, srv_ip, -1, SQLITE_STATIC)
+     || sqlite3_bind_int(stmt,  18, f->get_cli_port())
+     || sqlite3_bind_int(stmt,  19, f->get_srv_port())
+     || sqlite3_bind_int64(stmt,20, f->get_bytes_cli2srv())
+     || sqlite3_bind_int64(stmt,21, f->get_bytes_srv2cli())
+     || sqlite3_bind_int64(stmt,22, f->get_packets_cli2srv())
+     || sqlite3_bind_int64(stmt,23, f->get_packets_srv2cli())
+     || sqlite3_bind_int(stmt,  24, f->getTcpFlagsCli2Srv())
+     || sqlite3_bind_int(stmt,  25, f->getTcpFlagsSrv2Cli())
+     || sqlite3_bind_int(stmt,  26, (cli && cli->is_blacklisted()) ? 1 : 0)
+     || sqlite3_bind_int(stmt,  27, (srv && srv->is_blacklisted()) ? 1 : 0)
+     ) {
+    ntop->getTrace()->traceEvent(TRACE_ERROR, "Unable to bind to arguments to %s", query);
+    rc = 2;
+    goto out;
+  }
+
+  while((rc = sqlite3_step(stmt)) != SQLITE_DONE) {
+    if(rc == SQLITE_ERROR) {
+      ntop->getTrace()->traceEvent(TRACE_ERROR, "SQL Error: step [%s]", query);
+      rc = 1;
+      goto out;
+    }
+  }
+
+  rc = 0;
+  num_alerts_stored++;
+ out:
+  if(cli_ip) free(cli_ip);
+  if(srv_ip) free(srv_ip);
+
+  if (stmt) sqlite3_finalize(stmt);
+  m.unlock(__FILE__, __LINE__);
+
+  return rc;  
+}
+
 /* ******************************************* */
 
 bool AlertsManager::isValidHost(Host *h, char *host_string, size_t host_string_len) {
@@ -812,10 +972,8 @@ int AlertsManager::getHostAlerts(Host *h, lua_State* vm, patricia_tree_t *allowe
   }
 
   sqlite3_snprintf(sizeof(wherebuf), wherebuf,
-		   " (alert_entity=%i AND alert_entity_val='%q') "
-		   " OR (alert_entity=%i AND ( alert_origin='%q' OR alert_target='%q'))",
-		   static_cast<int>(alert_entity_host), ipbuf_id,
-		   static_cast<int>(alert_entity_flow), ipbuf_id, ipbuf_id);
+		   " (alert_entity=%i AND alert_entity_val='%q') ",
+		   static_cast<int>(alert_entity_host), ipbuf_id);
 
   return getAlerts(vm, allowed_hosts, start_offset, end_offset, engaged, wherebuf);
 }
@@ -833,10 +991,8 @@ int AlertsManager::getHostAlerts(const char *host_ip, u_int16_t vlan_id,
   }
 
   sqlite3_snprintf(sizeof(wherebuf), wherebuf,
-		   " (alert_entity=%i AND alert_entity_val='%q@%i') "
-		   " OR (alert_entity=%i AND ( alert_origin='%q@%i' OR alert_target='%q@%i'))",
-		   static_cast<int>(alert_entity_host), host_ip, vlan_id,
-		   static_cast<int>(alert_entity_flow), host_ip, vlan_id, host_ip, vlan_id);
+		   " (alert_entity=%i AND alert_entity_val='%q@%i') ",
+		   static_cast<int>(alert_entity_host), host_ip, vlan_id);
 
   return getAlerts(vm, allowed_hosts, start_offset, end_offset, engaged, wherebuf);
 }
@@ -850,10 +1006,8 @@ int AlertsManager::getNumHostAlerts(const char *host_ip, u_int16_t vlan_id, bool
   }
 
   sqlite3_snprintf(sizeof(wherebuf), wherebuf,
-		   " (alert_entity=%i AND alert_entity_val='%q@%i') "
-		   " OR (alert_entity=%i AND ( alert_origin='%q@%i' OR alert_target='%q@%i'))",
-		   static_cast<int>(alert_entity_host), host_ip, vlan_id,
-		   static_cast<int>(alert_entity_flow), host_ip, vlan_id, host_ip, vlan_id);
+		   " (alert_entity=%i AND alert_entity_val='%q@%i') ",
+		   static_cast<int>(alert_entity_host), host_ip, vlan_id);
 
   return getNumAlerts(engaged, static_cast<const char*>(wherebuf));
 }
@@ -868,32 +1022,14 @@ int AlertsManager::getNumHostAlerts(Host *h, bool engaged) {
     return -1;
 
   sqlite3_snprintf(sizeof(wherebuf), wherebuf,
-		   " (alert_entity=%i AND alert_entity_val='%q') "
-		   " OR (alert_entity=%i AND ( alert_origin='%q' OR alert_target='%q'))",
-		   static_cast<int>(alert_entity_host), ipbuf_id,
-		   static_cast<int>(alert_entity_flow), ipbuf_id, ipbuf_id);
+		   " (alert_entity=%i AND alert_entity_val='%q') ",
+		   static_cast<int>(alert_entity_host), ipbuf_id);
 
   return getNumAlerts(engaged, static_cast<const char *>(wherebuf));
 }
 
 /* ******************************************* */
 
-int AlertsManager::storeFlowAlert(Flow *f, AlertType alert_type, AlertLevel alert_severity, const char *alert_json,
-				  Host *alert_origin, Host *alert_target) {
-  char ipbuf_origin[256];
-  char ipbuf_target[256];
-  int ret = 0;
-  ret = storeAlert(alert_entity_flow, (char*)"flow"/* TODO: possibly add an unique id for flows */,
-		   alert_type, alert_severity, alert_json,
-		   isValidHost(alert_origin, ipbuf_origin, sizeof(ipbuf_origin)) ? ipbuf_origin : NULL,
-		   isValidHost(alert_target, ipbuf_target, sizeof(ipbuf_target)) ? ipbuf_target : NULL,
-		   true /* perform check on maximum */);
-
-  return ret;
-}
-
-/* ******************************************* */
-
 struct alertsRetriever {
   lua_State *vm;
   u_int32_t current_offset;
@@ -961,6 +1097,50 @@ int AlertsManager::getAlerts(lua_State* vm, patricia_tree_t *allowed_hosts,
   return rc;
 }
 
+/* ******************************************* */
+
+int AlertsManager::getFlowAlerts(lua_State* vm, patricia_tree_t *allowed_hosts,
+				 u_int32_t start_offset, u_int32_t end_offset,
+				 const char *sql_where_clause) {
+  alertsRetriever ar;
+  char query[STORE_MANAGER_MAX_QUERY];
+  char *zErrMsg = 0;
+  int rc = 0;
+
+  if(!store_initialized || !store_opened)
+    return -1;
+
+  snprintf(query, sizeof(query),
+	   "SELECT rowid, * "
+	   "FROM %s "
+	   "%s %s " /* optional where clause */
+	   "ORDER BY alert_tstamp DESC LIMIT %u,%u",
+	   ALERTS_MANAGER_FLOWS_TABLE_NAME /* from */,
+	   sql_where_clause ? (char*)"WHERE"  : "",
+	   sql_where_clause ? sql_where_clause : "",
+	   start_offset, end_offset - start_offset + 1);
+
+  m.lock(__FILE__, __LINE__);
+
+  lua_newtable(vm);
+
+  ar.vm = vm, ar.current_offset = 0;
+  rc = sqlite3_exec(db, query, getAlertsCallback, (void*)&ar, &zErrMsg);
+
+  if( rc != SQLITE_OK ){
+    rc = 1;
+    ntop->getTrace()->traceEvent(TRACE_ERROR, "SQL Error: %s\n%s", zErrMsg, query);
+    sqlite3_free(zErrMsg);
+    goto out;
+  }
+
+  rc = 0;
+ out:
+  m.unlock(__FILE__, __LINE__);
+
+  return rc;
+}
+
 /* **************************************************** */
 
 int AlertsManager::getNumAlerts(bool engaged, const char *sql_where_clause) {
@@ -1004,12 +1184,60 @@ int AlertsManager::getNumAlerts(bool engaged, const char *sql_where_clause) {
 
 /* **************************************************** */
 
+int AlertsManager::getNumFlowAlerts(const char *sql_where_clause) {
+  char query[STORE_MANAGER_MAX_QUERY];
+  sqlite3_stmt *stmt = NULL;
+  int rc;
+  int num = -1;
+
+  snprintf(query, sizeof(query),
+	   "SELECT count(*) "
+	   "FROM %s "
+	   "%s %s",
+	   ALERTS_MANAGER_FLOWS_TABLE_NAME,
+	   sql_where_clause ? "WHERE"  : "",
+	   sql_where_clause ? sql_where_clause : "");
+
+  //  ntop->getTrace()->traceEvent(TRACE_NORMAL, "Going to execute: %s", query);
+
+  m.lock(__FILE__, __LINE__);
+  if(sqlite3_prepare(db, query, -1, &stmt, 0)) {
+    ntop->getTrace()->traceEvent(TRACE_ERROR, "Unable to prepare statement for query %s.", query);
+    goto out;
+  }
+
+  while((rc = sqlite3_step(stmt)) != SQLITE_DONE) {
+    if (rc == SQLITE_ROW) {
+      num = sqlite3_column_int(stmt, 0);
+      // ntop->getTrace()->traceEvent(TRACE_NORMAL, "%s\n", sqlite3_column_text(stmt, 0));
+    } else if(rc == SQLITE_ERROR) {
+      ntop->getTrace()->traceEvent(TRACE_INFO, "SQL Error: step");
+      goto out;
+    }
+  }
+
+ out:
+  if (stmt) sqlite3_finalize(stmt);
+  m.unlock(__FILE__, __LINE__);
+
+  return num;
+}
+
+/* **************************************************** */
+
 int AlertsManager::getNumAlerts(bool engaged, u_int64_t start_time) {
   char wherebuf[STORE_MANAGER_MAX_QUERY];
+  int num_alerts, num_flow_alerts = 0;
   
   sqlite3_snprintf(sizeof(wherebuf), wherebuf,
 		   "alert_tstamp >= %lu", start_time);
-  return getNumAlerts(engaged, static_cast<const char*>(wherebuf));
+
+  num_alerts = getNumAlerts(engaged, static_cast<const char*>(wherebuf));
+
+  if(!engaged) /* flow alerts are by definition not engageable */
+    num_flow_alerts = getNumFlowAlerts(static_cast<const char*>(wherebuf));
+
+  return num_alerts + num_flow_alerts;
 }
 
 /* **************************************************** */
@@ -1039,6 +1267,44 @@ int AlertsManager::getNumAlerts(bool engaged, AlertEntity alert_entity, const ch
 
 /* **************************************************** */
 
+int AlertsManager::deleteFlowAlerts(const int *rowid) {
+  char query[STORE_MANAGER_MAX_QUERY];
+  sqlite3_stmt *stmt = NULL;
+  int rc;
+
+  snprintf(query, sizeof(query),
+	   "DELETE FROM %s %s ",
+	   ALERTS_MANAGER_FLOWS_TABLE_NAME,
+	   rowid ? "WHERE rowid = ?" : "");
+
+  m.lock(__FILE__, __LINE__);
+  if(sqlite3_prepare(db, query, -1, &stmt, 0)) {
+    ntop->getTrace()->traceEvent(TRACE_ERROR, "Unable to prepare statement for query %s.", query);
+    rc = -1;
+    goto out;
+  } else if(rowid && sqlite3_bind_int(stmt,   1, *rowid)) {
+    ntop->getTrace()->traceEvent(TRACE_ERROR, "Unable to bind values to prepared statement for query %s.", query);
+    rc = -2;
+    goto out;
+  }
+
+  while((rc = sqlite3_step(stmt)) != SQLITE_DONE) {
+    if(rc == SQLITE_ERROR) {
+      ntop->getTrace()->traceEvent(TRACE_INFO, "SQL Error: step");
+      goto out;
+    }
+  }
+
+  rc = 0;
+ out:
+  if (stmt) sqlite3_finalize(stmt);
+  m.unlock(__FILE__, __LINE__);
+
+  return rc;
+}
+
+/* **************************************************** */
+
 int AlertsManager::deleteAlerts(bool engaged, const int *rowid) {
   char query[STORE_MANAGER_MAX_QUERY];
   sqlite3_stmt *stmt = NULL;
diff --git a/src/Flow.cpp b/src/Flow.cpp
index 4215dc2589..06273cb8df 100644
--- a/src/Flow.cpp
+++ b/src/Flow.cpp
@@ -245,8 +245,7 @@ Flow::~Flow() {
 		 print(fbuf, sizeof(fbuf)));
 
 	iface->getAlertsManager()->storeFlowAlert(this, alert_suspicious_activity,
-						  alert_level_warning, alert_msg,
-						  cli_host, srv_host);
+						  alert_level_warning, alert_msg);
 
 	// ntop->getTrace()->traceEvent(TRACE_WARNING, "%s", print(alert_msg, sizeof(alert_msg)));
 	break;
@@ -328,9 +327,7 @@ void Flow::checkBlacklistedFlow() {
       if(!strstr(s, "@")) sprintf(&s[strlen(s)], "@%i", srv_host->get_vlan_id());
 
       iface->getAlertsManager()->storeFlowAlert(this, alert_dangerous_host,
-						alert_level_warning, alert_msg,
-						cli_host->is_blacklisted() ? srv_host : cli_host,
-						srv_host->is_blacklisted() ? srv_host : cli_host);
+						alert_level_warning, alert_msg);
     }
 
     blacklist_alarm_emitted = true;
diff --git a/src/Lua.cpp b/src/Lua.cpp
index bd3dd273d7..24e6ff385a 100644
--- a/src/Lua.cpp
+++ b/src/Lua.cpp
@@ -4429,6 +4429,32 @@ static int ntop_interface_get_alerts(lua_State* vm) {
     ? CONST_LUA_ERROR : CONST_LUA_OK;
 }
 
+/* ****************************************** */
+
+static int ntop_interface_get_flow_alerts(lua_State* vm) {
+  NetworkInterface *iface = getCurrentInterface(vm);
+  u_int32_t num, start_idx = 0;
+  AlertsManager *am;
+
+  ntop->getTrace()->traceEvent(TRACE_DEBUG, "%s() called", __FUNCTION__);
+
+  if(!iface || !(am = iface->getAlertsManager()))
+    return (CONST_LUA_ERROR);
+
+  if(ntop_lua_check(vm, __FUNCTION__, 1, LUA_TNUMBER)) return(CONST_LUA_ERROR);
+  start_idx = (u_int32_t)lua_tonumber(vm, 1);
+
+  if(ntop_lua_check(vm, __FUNCTION__, 2, LUA_TNUMBER)) return(CONST_LUA_ERROR);
+  num = (u_int32_t)lua_tonumber(vm, 2);
+
+  if(num < 1) num = 1;
+  else if(num > CONST_MAX_NUM_READ_ALERTS) num = CONST_MAX_NUM_READ_ALERTS;
+
+  /* all the existing alerts */
+  return am->getFlowAlerts(vm, get_allowed_nets(vm), start_idx, start_idx + num - 1)
+    ? CONST_LUA_ERROR : CONST_LUA_OK;
+}
+
 /* ****************************************** */
 #ifdef NOTUSED
 static int ntop_interface_store_alert(lua_State* vm) {
@@ -4658,6 +4684,22 @@ static int ntop_interface_get_num_alerts(lua_State* vm) {
 
 /* ****************************************** */
 
+static int ntop_interface_get_num_flow_alerts(lua_State* vm) {
+  NetworkInterface *iface = getCurrentInterface(vm);
+  AlertsManager *am;
+
+  ntop->getTrace()->traceEvent(TRACE_DEBUG, "%s() called", __FUNCTION__);
+
+  if(!iface || !(am = iface->getAlertsManager()))
+    return (CONST_LUA_ERROR);
+
+  lua_pushinteger(vm, am->getNumFlowAlerts());
+
+  return(CONST_LUA_OK);
+}
+
+/* ****************************************** */
+
 static int ntop_interface_get_cached_num_alerts(lua_State* vm) {
   NetworkInterface *iface = getCurrentInterface(vm);
   AlertsManager *am;
@@ -4718,6 +4760,31 @@ static int ntop_interface_delete_alerts(lua_State* vm) {
   iface->setRefreshAlertCounters(true);
   return(CONST_LUA_OK);
 }
+/* ****************************************** */
+
+static int ntop_interface_delete_flow_alerts(lua_State* vm) {
+  NetworkInterface *iface = getCurrentInterface(vm);
+  AlertsManager *am;
+
+  ntop->getTrace()->traceEvent(TRACE_DEBUG, "%s() called", __FUNCTION__);
+
+  if(!iface || !(am = iface->getAlertsManager()))
+    return (CONST_LUA_ERROR);
+
+  if(lua_type(vm, 1) == LUA_TNUMBER){
+    int rowid, *rowid_ptr = NULL;
+    rowid = lua_tonumber(vm, 1);
+    rowid_ptr = &rowid;
+    lua_pushinteger(vm, am->deleteFlowAlerts(rowid_ptr));
+
+  } else {
+    /* delete everything */
+    lua_pushinteger(vm, am->deleteFlowAlerts(NULL));
+  }
+
+  iface->setRefreshAlertCounters(true);
+  return(CONST_LUA_OK);
+}
 
 /* ****************************************** */
 
@@ -5241,9 +5308,12 @@ static const luaL_Reg ntop_interface_reg[] = {
 
   /* New generation alerts */
   { "getAlerts" ,           ntop_interface_get_alerts               },
+  { "getFlowAlerts" ,       ntop_interface_get_flow_alerts          },
   { "getNumAlerts",         ntop_interface_get_num_alerts           },
+  { "getNumFlowAlerts",     ntop_interface_get_num_flow_alerts      },
   { "getCachedNumAlerts",   ntop_interface_get_cached_num_alerts    },
   { "deleteAlerts",         ntop_interface_delete_alerts            },
+  { "deleteFlowAlerts",     ntop_interface_delete_flow_alerts       },
   { "selectAlertsRaw",      ntop_interface_select_alerts_raw        },
   { "engageHostAlert",      ntop_interface_engage_host_alert        },
   { "releaseHostAlert",     ntop_interface_release_host_alert       },