vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 15:39:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Implements unexpected behaviour alerts

Browse source
This commit is contained in:
Matteo Biscosi 2021-03-16 19:52:09 +01:00
parent 9c14f79a38
commit 3f46194e31
6 changed files with 233 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

9
scripts/lua/modules/ts_5min_dump_utils.lua
View file

@ -356,6 +356,10 @@ function ts_dump.host_update_stats_rrds(when, hostname, host, ifstats, verbose)
num_as_client=host["contacts.as_client"], num_as_server=host["contacts.as_server"]}, when)
end
enable_debug = true
if enable_debug then
io.write(hostname.. "\n")
end
-- Contacted Hosts Behaviour
if host["contacted_hosts_behaviour"] then
if(host.contacted_hosts_behaviour.value > 0) then
@ -378,7 +382,7 @@ function ts_dump.host_update_stats_rrds(when, hostname, host, ifstats, verbose)
end
if enable_debug then
io.write(hostname.."\n\t\t[Contacts Behaviour]\n\t\t[value: "..tostring(value).."][prediction: "..tostring(prediction).."][lower: "..tostring(lower).."][upper: "..tostring(upper).."]["..rsp.."]\n");
io.write("\t\t[Contacts Behaviour]\n\t\t[value: "..tostring(value).."][prediction: "..tostring(prediction).."][lower: "..tostring(lower).."][upper: "..tostring(upper).."]["..rsp.."]\n");
end
end
@ -391,7 +395,7 @@ function ts_dump.host_update_stats_rrds(when, hostname, host, ifstats, verbose)
local h = host["score_behaviour"]
if enable_debug then
io.write(hostname.."\n\t\t[Score Behaviour]\n\t\t\t[Client][value: "..tostring(h["as_client.value"]).."][prediction: "..tostring(h["as_client.prediction"]).."][lower: "..tostring(h["as_client.lower_bound"]).."][upper: "..tostring(h["as_client.upper_bound"]).."][ANOMALY:"..tostring(h["as_client.anomaly"]).."]\n");
io.write("\t\t[Score Behaviour]\n\t\t\t[Client][value: "..tostring(h["as_client.value"]).."][prediction: "..tostring(h["as_client.prediction"]).."][lower: "..tostring(h["as_client.lower_bound"]).."][upper: "..tostring(h["as_client.upper_bound"]).."][ANOMALY:"..tostring(h["as_client.anomaly"]).."]\n");
io.write("\t\t\t[Server][value: "..tostring(h["as_server.value"]).."][prediction: "..tostring(h["as_server.prediction"]).."][lower: "..tostring(h["as_server.lower_bound"]).."][upper: "..tostring(h["as_server.upper_bound"]).."][ANOMALY: "..tostring(h["as_client.anomaly"]).."]\n");
end
@ -451,6 +455,7 @@ function ts_dump.host_update_stats_rrds(when, hostname, host, ifstats, verbose)
ts_utils.append("host:srv_active_flows_anomalies", {ifid=ifstats.id, host=hostname,
anomaly=srv_anomaly}, when)
end
enable_debug = false
-- L4 Protocols
for id, _ in pairs(l4_keys) do