vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 23:49:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Removed plugin from ntopng and migrated all of them

Browse source
This commit is contained in:
Matteo Biscosi 2022-02-03 17:20:42 +01:00
parent 2d186582b2
commit 59754483c9
115 changed files with 535 additions and 2013 deletions
Download patch file Download diff file Expand all files Collapse all files

53
scripts/lua/modules/check_definitions/interface/dropped_alerts.lua Normal file
View file

@ -0,0 +1,53 @@
--
-- (C) 2019-21 - ntop.org
--
local checks = require("checks")
local alerts_api = require("alerts_api")
local alert_consts = require("alert_consts")
local script = {
-- Script category
category = checks.check_categories.internals,
-- See below
hooks = {},
gui = {
i18n_title = "internals.alert_drops",
i18n_description = "internals.alert_drops_descr",
},
}
-- #################################################################
local function dropped_alerts_check(params)
local dropped_alerts = interface.getStats()["num_dropped_alerts"]
-- Compute the delta with the previous value for drops
local delta_drops = alerts_api.interface_delta_val(script.key, params.granularity, dropped_alerts, true --[[ skip first --]])
local alert = alert_consts.alert_types.alert_dropped_alerts.new(
interface.getId(),
delta_drops
)
alert:set_score_error()
alert:set_subtype(getInterfaceName(interface.getId()))
alert:set_granularity(params.granularity)
if(delta_drops > 0) then
alert:trigger(params.alert_entity, nil, params.cur_alerts)
else
alert:release(params.alert_entity, nil, params.cur_alerts)
end
end
-- #################################################################
script.hooks.min = dropped_alerts_check
-- #################################################################
return script

54
scripts/lua/modules/check_definitions/interface/ghost_networks.lua Normal file
View file

@ -0,0 +1,54 @@
--
-- (C) 2019-21 - ntop.org
--
local alerts_api = require("alerts_api")
local alert_consts = require("alert_consts")
local checks = require("checks")
local script
-- #################################################################
local function check_ghost_networks(params)
for domain, domain_info in pairs(params.entity_info.bcast_domains or {}) do
if(domain_info.ghost_network) then
local key = params.check.key .. "__" .. domain
local delta_hits = alerts_api.interface_delta_val(key, params.granularity, domain_info.hits)
local alert = alert_consts.alert_types.alert_ghost_network.new(domain)
alert:set_score_warning()
alert:set_granularity(params.granularity)
alert:set_subtype(domain)
if(delta_hits > 0) then
alert:trigger(params.alert_entity, nil, params.cur_alerts)
else
alert:release(params.alert_entity, nil, params.cur_alerts)
end
end
end
end
-- #################################################################
script = {
-- Script category
category = checks.check_categories.security,
default_enabled = true,
hooks = {
min = check_ghost_networks,
},
gui = {
i18n_title = "alerts_dashboard.ghost_networks",
i18n_description = "alerts_dashboard.ghost_networks_description",
},
}
-- #################################################################
return script

57
scripts/lua/modules/check_definitions/interface/periodic_activity_not_executed.lua Normal file
View file

@ -0,0 +1,57 @@
--
-- (C) 2019-21 - ntop.org
--
local alert_consts = require("alert_consts")
local alerts_api = require("alerts_api")
local checks = require("checks")
local script
-- #################################################################
local function check_periodic_activity_not_executed(params)
local scripts_stats = interface.getPeriodicActivitiesStats()
for ps_name, ps_stats in pairs(scripts_stats) do
local delta = alerts_api.interface_delta_val(script.key..ps_name --[[ metric name --]], params.granularity, ps_stats["num_not_executed"] or 0)
local alert = alert_consts.alert_types.alert_periodic_activity_not_executed.new(
ps_name,
ps_stats["last_queued_time"] or 0
)
alert:set_score_warning()
alert:set_granularity(params.granularity)
alert:set_subtype(ps_name)
if delta > 0 then
-- tprint({ps_name = ps_name, s = ">>>>>>>>>>>>>>>>>>>>>> TRIGGER"})
alert:trigger(params.alert_entity, nil, params.cur_alerts)
else
-- tprint({ps_name = ps_name, s = "---------------------- RELEASE"})
alert:release(params.alert_entity, nil, params.cur_alerts)
end
end
end
-- #################################################################
script = {
-- Script category
category = checks.check_categories.internals,
hooks = {
min = check_periodic_activity_not_executed,
},
gui = {
i18n_title = "alerts_dashboard.periodic_activity_not_executed",
i18n_description = "alerts_dashboard.periodic_activity_not_executed_descr",
}
}
-- #################################################################
return script

57
scripts/lua/modules/check_definitions/interface/slow_periodic_activity.lua Normal file
View file

@ -0,0 +1,57 @@
--
-- (C) 2019-21 - ntop.org
--
local alert_consts = require("alert_consts")
local alerts_api = require("alerts_api")
local checks = require("checks")
local script
-- #################################################################
local function check_slow_periodic_activity(params)
local scripts_stats = interface.getPeriodicActivitiesStats()
for ps_name, ps_stats in pairs(scripts_stats) do
local delta = alerts_api.interface_delta_val(script.key..ps_name --[[ metric name --]], params.granularity, ps_stats["num_is_slow"] or 0)
local alert = alert_consts.alert_types.alert_slow_periodic_activity.new(
ps_name,
(ps_stats["max_duration_secs"] or 0) * 1000
)
alert:set_score_warning()
alert:set_granularity(params.granularity)
alert:set_subtype(ps_name)
if delta > 0 then
-- tprint({ps_name = ps_name, s = ">>>>>>>>>>>>>>>>>>>>>> TRIGGER"})
alert:trigger(params.alert_entity, nil, params.cur_alerts)
else
-- tprint({ps_name = ps_name, s = "---------------------- RELEASE"})
alert:release(params.alert_entity, nil, params.cur_alerts)
end
end
end
-- #################################################################
script = {
-- Script category
category = checks.check_categories.internals,
hooks = {
min = check_slow_periodic_activity,
},
gui = {
i18n_title = "alerts_dashboard.slow_periodic_activity",
i18n_description = "alerts_dashboard.slow_periodic_activity_descr",
}
}
-- #################################################################
return script

47
scripts/lua/modules/check_definitions/interface/throughput.lua Normal file
View file

@ -0,0 +1,47 @@
--
-- (C) 2019-21 - ntop.org
--
local alerts_api = require("alerts_api")
local alert_consts = require("alert_consts")
local checks = require("checks")
local script = {
-- Script category
category = checks.check_categories.network,
default_enabled = false,
default_value = {
},
-- See below
hooks = {},
gui = {
i18n_title = "alerts_thresholds_config.throughput",
i18n_description = "alerts_thresholds_config.alert_throughput_description",
i18n_field_unit = checks.field_units.mbits,
input_builder = "threshold_cross",
}
}
-- #################################################################
function script.hooks.min(params)
local interface_bytes = params.entity_info["stats"]["bytes"]
-- Delta
local value = alerts_api.interface_delta_val(script.key, params.granularity, interface_bytes)
-- Granularity
value = value / alert_consts.granularity2sec(params.granularity)
-- Bytes to Mbit
value = (value * 8) / 1000000
-- Check if the configured threshold is crossed by the value and possibly trigger an alert
alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_threshold_cross, value)
end
-- #################################################################
return script

130
scripts/lua/modules/check_definitions/interface/unexpected_new_device.lua Normal file
View file

@ -0,0 +1,130 @@
--
-- (C) 2019-21 - ntop.org
--
local alert_consts = require "alert_consts"
local alerts_api = require "alerts_api"
local alert_utils = require "alert_utils"
local checks = require("checks")
local callback_utils = require "callback_utils"
-- #################################################################
local script
-- #################################################################
local function check_allowed_mac(params)
-- Holds a per-interface timestamp
local prev_first_seen_key = string.format("ntopng.cache.ifid_%d.unexpected_new_device.prev_first_seen", interface.getId())
local seen_devices_hash = getFirstSeenDevicesHashKey(interface.getId())
-- Saving the mac address list into a local variable and swapping keys with value due to performance issues
local mac_list = {}
-- Retrieving the list of the addresses already seen
local seen_devices = ntop.getHashAllCache(seen_devices_hash) or {}
-- This is the whitelist, that is, MACs configured here won't trigger any alert
for key, mac in ipairs(params.check_config.items) do
mac_list[mac:upper()] = 1
end
-- Keep the current time
local cur_first_seen = os.time()
-- Read the previous time, that is, the time of the previous script execution
local prev_first_seen = tonumber(ntop.getCache(prev_first_seen_key))
if prev_first_seen then
-- If here, this is not the first run
local macs_stats = interface.getMacsInfo(nil --[[ sortColumn --]], nil --[[ perPage --]], nil --[[ to_skip --]],
nil --[[ sOrder --]], nil --[[ source_macs_only --]], nil --[[ manufacturer --]],
nil, nil --[[ device_type --]], "", prev_first_seen)
-- tprint("processing interface: ".. interface.getId().." prev_first_seen: "..formatEpoch(prev_first_seen).." cur_first_seen: "..formatEpoch(cur_first_seen))
for _, mac in pairs(macs_stats["macs"] or {}) do
local addr = mac["mac"]:upper()
-- tprint("processing: ".. addr.. " first_seen: "..formatEpoch(mac["seen.first"]).. " prev_first_seen: "..formatEpoch(prev_first_seen).." cur_first_seen: "..formatEpoch(cur_first_seen))
if mac["seen.first"] >= cur_first_seen then
-- Will be processed during the next execution (this avoids processing items twice)
goto continue
end
if mac_list[addr] then
-- MAC belongs to the whitelist, no alert
goto continue
end
if seen_devices[addr] then
-- MAC already seen, no alert
goto continue
end
if mac["location"] == "lan" and not mac["special_mac"] then
-- This is a LAN MAC address, let's trigger an alert
-- Add this mac to the already seen devices
ntop.setHashCache(seen_devices_hash, addr, 1)
local device = getDeviceName(addr)
-- Check if the new mac address is expected or not
local alert = alert_consts.alert_types.alert_unexpected_new_device.new(
device,
addr
)
alert:set_score_warning()
alert:set_subtype(device)
alert:set_device_type(mac["devtype"])
alert:set_device_name(device)
alert:store(alerts_api.macEntity(addr))
end
::continue::
end
end
-- Store the current time so that it will be read again during the next execution
ntop.setCache(prev_first_seen_key, tostring(cur_first_seen))
end
-- #################################################################
script = {
-- Script category
category = checks.check_categories.network,
default_enabled = false,
-- Specify the default value whe clicking on the "Reset Default" button
default_value = {
items = {},
},
hooks = {
min = check_allowed_mac,
},
gui = {
i18n_title = "checks.unexpected_new_device_title",
i18n_description = "checks.unexpected_new_device_description",
input_builder = "items_list",
item_list_type = "mac_address",
input_title = i18n("checks.unexpected_new_device_exclusion_title"),
input_description = i18n("checks.unexpected_new_device_exclusion_description"),
input_action_i18n = "Reset Learned Devices",
input_action_url = "lua/rest/v2/delete/host/new_devices.lua",
input_action_confirm = true,
input_action_i18n_confirm = "Are you sure to reset the learned devices?",
},
}
-- #################################################################
return script