Removed plugin from ntopng and migrated all of them

2026-04-30 07:59:35 +00:00 · 2022-02-03 17:20:42 +01:00 · 2022-02-03 17:20:42 +01:00 · 59754483c9
commit 59754483c9
parent 2d186582b2
115 changed files with 535 additions and 2013 deletions
--- a/scripts/lua/modules/check_definitions/system/dropped_alerts.lua
+++ b/scripts/lua/modules/check_definitions/system/dropped_alerts.lua
@ -0,0 +1,58 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+local checks = require("checks")
+local alerts_api = require("alerts_api")
+local alert_consts = require("alert_consts")
+
+local script = {
+  -- Script category
+  category = checks.check_categories.internals,
+
+
+  -- See below
+  hooks = {},
+
+  gui = {
+    i18n_title = "internals.alert_drops",
+    i18n_description = "internals.system_alert_drops_descr",
+  },
+}
+
+-- #################################################################
+
+local function dropped_alerts_check(params)
+   -- Fetch system host stats
+   local system_host_stats =  ntop.systemHostStat()
+
+   -- Fetch the number of dropped alerts out of system host stats
+   -- The number fetched is the number of drops occured in the internal queue, that is,
+   -- in the queue currently used to generate alerts from C
+   local dropped_alerts = system_host_stats["alerts_stats"]["alert_queues"]["internal_alerts_queue"]["num_not_enqueued"]
+
+   -- Compute the delta with the previous value for drops
+   local delta_drops = alerts_api.interface_delta_val(script.key, params.granularity, dropped_alerts, true --[[ skip first --]])
+   
+   local alert = alert_consts.alert_types.alert_dropped_alerts.new(
+      interface.getId(),
+      delta_drops
+      )
+
+   alert:set_score_error()
+   alert:set_granularity(params.granularity)
+
+   if(delta_drops > 0) then
+      alert:trigger(params.alert_entity, nil, params.cur_alerts)
+   else
+      alert:release(params.alert_entity, nil, params.cur_alerts)
+   end
+end
+
+-- #################################################################
+
+script.hooks.min = dropped_alerts_check
+
+-- #################################################################
+
+return script
--- a/scripts/lua/modules/check_definitions/system/ids_ips_log.lua
+++ b/scripts/lua/modules/check_definitions/system/ids_ips_log.lua
@ -0,0 +1,88 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+local dirs = ntop.getDirs()
+package.path = dirs.installdir .. "/scripts/lua/modules/pools/?.lua;" .. package.path
+
+local alerts_api = require("alerts_api")
+local checks = require("checks")
+local alert_consts = require("alert_consts")
+
+local script
+
+-- #################################################################
+
+local function check_ids_ips_log(params)
+   local alert_consts = require "alert_consts"
+   local info = params.entity_info
+   local drop_host_pool_utils = require "drop_host_pool_utils"
+
+   -- Emit an alert for each host added to the jailed hosts pool
+   local num_pending = ntop.llenCache(drop_host_pool_utils.ids_ips_jail_add_key)
+   for i = 1, num_pending do
+      local added_host = ntop.lpopCache(drop_host_pool_utils.ids_ips_jail_add_key)
+
+      if not added_host then
+	 goto continue
+       end
+
+      local alert = alert_consts.alert_types.alert_ids_ips_jail_add.new(
+	 added_host,
+	 os.time()
+      )
+
+      alert:set_score_notice()
+      alert:set_subtype(added_host)
+      alert:set_granularity(params.granularity)
+
+      alert:store(params.alert_entity, nil, params.cur_alerts)
+
+      ::continue::
+   end
+
+   -- Emit an alert for each host added to the jailed hosts pool
+   local num_pending = ntop.llenCache(drop_host_pool_utils.ids_ips_jail_remove_key)
+   for i = 1, num_pending do
+      local removed_host = ntop.lpopCache(drop_host_pool_utils.ids_ips_jail_remove_key)
+
+      if not removed_host then
+	 goto continue
+      end
+
+      local alert = alert_consts.alert_types.alert_ids_ips_jail_remove.new(
+	 removed_host,
+	 os.time()
+      )
+
+      alert:set_score_notice()
+      alert:set_subtype(removed_host)
+      alert:set_granularity(params.granularity)
+
+      alert:store(params.alert_entity, nil, params.cur_alerts)
+
+      ::continue::
+   end
+end
+
+-- #################################################################
+
+script = {
+   -- Script category
+   category = checks.check_categories.ids_ips,
+
+   default_enabled = false,
+
+   hooks = {
+      min = check_ids_ips_log,
+   },
+
+   gui = {
+      i18n_title = "show_alerts.ids_ips_log",
+      i18n_description = "show_alerts.ids_ips_log_descr",
+   }
+}
+
+-- #################################################################
+
+return script
--- a/scripts/lua/modules/check_definitions/system/no_if_activity.lua
+++ b/scripts/lua/modules/check_definitions/system/no_if_activity.lua
@ -0,0 +1,70 @@
+--
+-- (C) 2020 - ntop.org
+--
+
+local alerts_api = require("alerts_api")
+local alert_consts = require "alert_consts"
+local checks = require("checks")
+
+local script
+
+-- #################################################################
+
+local function check_interface_activity(params)
+   -- Get total number of packets, flows and interface id
+   local num_packets = params.entity_info.eth.packets
+   local num_flows = params.entity_info.stats.new_flows -- .new_flows keep the cumulative total, .flows is just a gauge
+   local num_logs = 0
+   if params.entity_info.syslog then
+      num_logs = params.entity_info.syslog.tot_events
+   end
+
+   local no_if_activity_type = alert_consts.alert_types.alert_no_if_activity.new()
+
+   no_if_activity_type:set_score_error()
+   no_if_activity_type:set_subtype(getInterfaceName(interface.getId()))
+   no_if_activity_type:set_granularity(params.granularity)
+
+   local delta_packets = alerts_api.interface_delta_val(params.check.key..".pkts" --[[ metric name --]], params.granularity, num_packets or 0)
+   local delta_flows = alerts_api.interface_delta_val(params.check.key..".flows" --[[ metric name --]], params.granularity, num_flows or 0)
+   local delta_logs = alerts_api.interface_delta_val(params.check.key..".logs" --[[ metric name --]], params.granularity, num_logs or 0)
+
+   -- tprint(">>> selected: "..interface.getId() .. " name: "..getInterfaceName(interface.getId()))
+   -- tprint(params.alert_entity)
+   -- tprint("delta_packets: "..delta_packets.. " delta_flows: "..delta_flows.. " delta_logs: "..delta_logs)
+   -- tprint("num_packets: "..num_packets.. " num_flows: "..num_flows.. " num_logs: "..num_logs)
+   -- tprint("<<<")
+
+   -- Check if the previous number it's equal to the actual number of both, packets and flows
+   -- this distinction is done due to the fact that exist packet based interfaces
+   -- and flow based interfaces
+   if delta_packets == 0 and delta_flows == 0 and delta_logs == 0 then
+      no_if_activity_type:trigger(params.alert_entity, nil, params.cur_alerts)
+   else -- One of the two or both stats were different, so the interface is still active
+      no_if_activity_type:release(params.alert_entity, nil, params.cur_alerts)
+   end
+end
+
+-- #################################################################
+
+script = {
+   -- Script category
+   category = checks.check_categories.internals,
+
+   default_enabled = true,
+   hooks = {
+      -- Time past between one call and an other
+      --["5mins"] = check_interface_activity,
+      min = check_interface_activity,
+   },
+
+
+   gui = {
+      i18n_title        = "checks.no_if_activity_title",
+      i18n_description  = "checks.no_if_activity_description",
+   }
+}
+
+-- #################################################################
+
+return script
--- a/scripts/lua/modules/check_definitions/system/periodic_activity_not_executed.lua
+++ b/scripts/lua/modules/check_definitions/system/periodic_activity_not_executed.lua
@ -0,0 +1,55 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+local alert_consts = require("alert_consts")
+local alerts_api = require("alerts_api")
+local checks = require("checks")
+
+local script
+
+-- #################################################################
+
+local function check_periodic_activity_not_executed(params)
+   local scripts_stats = interface.getPeriodicActivitiesStats()
+
+   for ps_name, ps_stats in pairs(scripts_stats) do
+      local delta = alerts_api.interface_delta_val(script.key..ps_name --[[ metric name --]], params.granularity, ps_stats["num_not_executed"] or 0)
+
+      local alert = alert_consts.alert_types.alert_periodic_activity_not_executed.new(
+         ps_stats["last_queued_time"] or 0
+      )
+
+      alert:set_score_warning()
+      alert:set_granularity(params.granularity)
+      alert:set_subtype(ps_name)
+      if delta > 0 then
+	 -- tprint({ps_name = ps_name, s = ">>>>>>>>>>>>>>>>>>>>>> TRIGGER"})
+         alert:trigger(params.alert_entity, nil, params.cur_alerts)
+      else
+	 -- tprint({ps_name = ps_name, s = "---------------------- RELEASE"})
+         alert:release(params.alert_entity, nil, params.cur_alerts)
+      end
+   end
+end
+
+-- #################################################################
+
+script = {
+  -- Script category
+  category = checks.check_categories.internals,
+
+
+  hooks = {
+    min = check_periodic_activity_not_executed,
+  },
+
+  gui = {
+    i18n_title = "alerts_dashboard.periodic_activity_not_executed",
+    i18n_description = "alerts_dashboard.periodic_activity_not_executed_descr",
+  }
+}
+
+-- #################################################################
+
+return script
--- a/scripts/lua/modules/check_definitions/system/slow_periodic_activity.lua
+++ b/scripts/lua/modules/check_definitions/system/slow_periodic_activity.lua
@ -0,0 +1,59 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+local alert_consts = require("alert_consts")
+local alerts_api = require("alerts_api")
+local checks = require("checks")
+
+local script
+
+-- ##############################################
+
+-- #################################################################
+
+local function check_slow_periodic_activity(params)
+   local scripts_stats = interface.getPeriodicActivitiesStats()
+
+   for ps_name, ps_stats in pairs(scripts_stats) do
+      local delta = alerts_api.interface_delta_val(script.key..ps_name --[[ metric name --]], params.granularity, ps_stats["num_is_slow"] or 0)
+
+      local alert = alert_consts.alert_types.alert_slow_periodic_activity.new(
+         ps_name,
+         ps_stats["max_duration_secs"] * 1000
+      )
+   
+      alert:set_score_error()
+      alert:set_granularity(params.granularity)
+      alert:set_subtype(ps_name)
+
+      if delta > 0 then
+	 -- tprint({ps_name = ps_name, s = ">>>>>>>>>>>>>>>>>>>>>> TRIGGER"})
+         alert:trigger(params.alert_entity, nil, params.cur_alerts)      
+      else
+	 -- tprint({ps_name = ps_name, s = "---------------------- RELEASE"})
+         alert:release(params.alert_entity, nil, params.cur_alerts)
+      end
+   end
+end
+
+-- #################################################################
+
+script = {
+   -- Script category
+   category = checks.check_categories.internals,
+
+
+   hooks = {
+      min = check_slow_periodic_activity,
+   },
+
+   gui = {
+      i18n_title = "alerts_dashboard.slow_periodic_activity",
+      i18n_description = "alerts_dashboard.slow_periodic_activity_descr",
+   }
+}
+
+-- #################################################################
+
+return script